Görev Yöneticisi ve Kayıt Defteri Yöneticiniz Tarafından Devre Dışı Bırakıldı

ComboFix 14-08-02.02 - USER 02.08.2014  17:06:10.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1254.90.1055.18.4078.2595 [GMT 3:00]
Running from: c:\users\USER\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\aqbhi.pif
C:\autorun.inf
C:\evhqm.pif
C:\gviw.pif
C:\hqam.pif
C:\kmfiuv.pif
C:\ktkhpt.pif
c:\programdata\AMMYY
c:\programdata\AMMYY\settings3.bin
C:\qfwe.pif
C:\smgbhx.pif
C:\tpvyt.pif
C:\uhssn.pif
c:\users\USER\AppData\Roaming\Adobe\ndsm.exe
c:\users\USER\AppData\Roaming\Identities\ndsm.exe
C:\usqxrc.pif
C:\vitoug.pif
C:\xybu.pif
D:\autorun.inf
.
----- File Replicators -----
.
c:\users\USER\AppData\Roaming\MusaLLaT.exe
c:\users\USER\Desktop\Pro Evolution Soccer 2013\Pro Evolution Soccer 2013.exe
c:\users\USER\Desktop\Pro Evolution Soccer 2013\save\save.exe
c:\users\USER\Documents\AutomaticSolution Software\GSAutoClicker\conf\conf.exe
c:\users\USER\Documents\Belgelerim.exe
c:\users\USER\Documents\Ghost Games\Need for Speed(TM) Rivals\settings\settings.exe
c:\users\USER\Documents\KONAMI\Pro Evolution Soccer 2013\Pro Evolution Soccer 2013.exe
c:\users\USER\Documents\KONAMI\Pro Evolution Soccer 2013\save\save.exe
c:\users\USER\Documents\KONAMI\Pro Evolution Soccer 2013\save1\save.exe
c:\users\USER\Documents\KONAMI\Pro Evolution Soccer 2013\save1\save1.exe
c:\users\USER\Documents\My Downloaded Video\My Downloaded Video.exe
c:\users\USER\Documents\My Games\Far Cry 3\Far Cry 3.exe
c:\users\USER\Documents\My Games\Skyrim\Saves\Saves.exe
c:\users\USER\Documents\My Games\Skyrim\Skyrim.exe
c:\users\USER\Documents\My Games\Watch_Dogs\RLD!\RLD!.exe
c:\users\USER\Pictures\Resimlerim.exe
d:\pes13\Pro.Evolution.Soccer.2013.Proper-RELOADED\Pro.Evolution.Soccer.2013.Proper-RELOADED.exe
d:\watch.dogs-reloaded\DVD1\DVD1.exe
d:\watch.dogs-reloaded\DVD2\DVD2.exe
d:\watch.dogs-reloaded\DVD3\DVD3.exe
d:\watch.dogs-reloaded\Watch.Dogs-RELOADED.exe
d:\watch_dogs\bin\bin.exe
d:\watch_dogs\data_win64\data_win64.exe
d:\watch_dogs\data_win64\worlds\windy_city\windy_city.exe
d:\watch_dogs\Support\DirectX\DirectX.exe
d:\watch_dogs\Support\dotNetFramework\dotNetFramework.exe
d:\watch_dogs\Support\dotNetFramework\dotNetFX35\ia64\ia64.exe
d:\watch_dogs\Support\dotNetFramework\dotNetFX35\x64\x64.exe
d:\watch_dogs\Support\dotNetFramework\dotNetFX35\x86\x86.exe
d:\watch_dogs\Support\dotNetFramework\dotNetMSP\dotNetMSP.exe
d:\watch_dogs\Support\dotNetFramework\dotNetMSP\ia64\ia64.exe
d:\watch_dogs\Support\dotNetFramework\dotNetMSP\x64\x64.exe
d:\watch_dogs\Support\dotNetFramework\dotNetMSP\x86\x86.exe
d:\watch_dogs\Support\dotNetFramework\Tools\Tools.exe
d:\watch_dogs\Support\GameLauncher\GameLauncher.exe
d:\watch_dogs\Support\Icons\Icons.exe
d:\watch_dogs\Support\KB971512\KB971512.exe
d:\watch_dogs\Support\License\Chinese\Chinese.exe
d:\watch_dogs\Support\License\Czech\Czech.exe
d:\watch_dogs\Support\License\Danish\Danish.exe
d:\watch_dogs\Support\License\Dutch\Dutch.exe
d:\watch_dogs\Support\License\English (Canada)\English (Canada).exe
d:\watch_dogs\Support\License\English (UK)\English (UK).exe
d:\watch_dogs\Support\License\English (US)\English (US).exe
d:\watch_dogs\Support\License\English\English.exe
d:\watch_dogs\Support\License\Finnish\Finnish.exe
d:\watch_dogs\Support\License\French (Canada)\French (Canada).exe
d:\watch_dogs\Support\License\French\French.exe
d:\watch_dogs\Support\License\German\German.exe
d:\watch_dogs\Support\License\Hungarian\Hungarian.exe
d:\watch_dogs\Support\License\Italian\Italian.exe
d:\watch_dogs\Support\License\Japanese\Japanese.exe
d:\watch_dogs\Support\License\Korean\Korean.exe
d:\watch_dogs\Support\License\Norwegian\Norwegian.exe
d:\watch_dogs\Support\License\Polish\Polish.exe
d:\watch_dogs\Support\License\Portuguese (Brazil)\Portuguese (Brazil).exe
d:\watch_dogs\Support\License\Portuguese\Portuguese.exe
d:\watch_dogs\Support\License\Russian\Russian.exe
d:\watch_dogs\Support\License\Spanish\Spanish.exe
d:\watch_dogs\Support\License\Swedish\Swedish.exe
d:\watch_dogs\Support\Manual\Chinese\Chinese.exe
d:\watch_dogs\Support\Manual\Czech\Czech.exe
d:\watch_dogs\Support\Manual\Danish\Danish.exe
d:\watch_dogs\Support\Manual\Dutch\Dutch.exe
d:\watch_dogs\Support\Manual\English\English.exe
d:\watch_dogs\Support\Manual\Finnish\Finnish.exe
d:\watch_dogs\Support\Manual\French\French.exe
d:\watch_dogs\Support\Manual\German\German.exe
d:\watch_dogs\Support\Manual\Hungarian\Hungarian.exe
d:\watch_dogs\Support\Manual\Italian\Italian.exe
d:\watch_dogs\Support\Manual\Japanese\Japanese.exe
d:\watch_dogs\Support\Manual\Korean\Korean.exe
d:\watch_dogs\Support\Manual\Norwegian\Norwegian.exe
d:\watch_dogs\Support\Manual\Polish\Polish.exe
d:\watch_dogs\Support\Manual\Portuguese (Brazil)\Portuguese (Brazil).exe
d:\watch_dogs\Support\Manual\Portuguese\Portuguese.exe
d:\watch_dogs\Support\Manual\Russian\Russian.exe
d:\watch_dogs\Support\Manual\Spanish\Spanish.exe
d:\watch_dogs\Support\Manual\Swedish\Swedish.exe
d:\watch_dogs\Support\Readme\Chinese\Chinese.exe
d:\watch_dogs\Support\Readme\Czech\Czech.exe
d:\watch_dogs\Support\Readme\Danish\Danish.exe
d:\watch_dogs\Support\Readme\Dutch\Dutch.exe
d:\watch_dogs\Support\Readme\English\English.exe
d:\watch_dogs\Support\Readme\Finnish\Finnish.exe
d:\watch_dogs\Support\Readme\French\French.exe
d:\watch_dogs\Support\Readme\German\German.exe
d:\watch_dogs\Support\Readme\Hungarian\Hungarian.exe
d:\watch_dogs\Support\Readme\Italian\Italian.exe
d:\watch_dogs\Support\Readme\Japanese\Japanese.exe
d:\watch_dogs\Support\Readme\Korean\Korean.exe
d:\watch_dogs\Support\Readme\Norwegian\Norwegian.exe
d:\watch_dogs\Support\Readme\Polish\Polish.exe
d:\watch_dogs\Support\Readme\Portuguese (Brazil)\Portuguese (Brazil).exe
d:\watch_dogs\Support\Readme\Portuguese\Portuguese.exe
d:\watch_dogs\Support\Readme\Russian\Russian.exe
d:\watch_dogs\Support\Readme\Spanish\Spanish.exe
d:\watch_dogs\Support\Readme\Swedish\Swedish.exe
d:\watch_dogs\Support\VCRedist\VCRedist.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-02 to 2014-08-02  )))))))))))))))))))))))))))))))
.
.
2014-08-02 14:10 . 2014-08-02 14:10    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-08-02 14:10 . 2014-08-02 14:10    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-02 14:10 . 2014-08-02 14:10    --------    d-----w-    c:\users\AppData\AppData\Local\temp
2014-08-02 13:18 . 2014-08-02 13:19    --------    d-----w-    c:\program files\CCleaner
2014-07-30 15:05 . 2014-07-30 15:05    --------    d-----w-    c:\users\USER\AppData\Roaming\Unity
2014-07-30 15:03 . 2014-07-30 15:03    --------    d-----w-    c:\users\USER\AppData\Local\Unity
2014-07-14 16:37 . 2014-07-14 16:54    --------    d-----w-    c:\users\USER\AppData\Local\dof
2014-07-11 19:17 . 2014-07-11 19:17    --------    d-----w-    c:\windows\Sun
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-11 13:17 . 2014-06-10 08:28    281688    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2014-07-09 08:44 . 2014-05-13 10:12    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 08:44 . 2014-01-24 09:04    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-07 13:17 . 2014-06-10 08:28    281688    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2014-05-16 19:02 . 2014-05-16 19:02    7680    ----a-w-    c:\windows\SysWow64\engine.dll
2014-05-13 17:26 . 2014-05-13 17:26    103140    --sh--r-    C:\mvaja.exe
2014-05-13 17:26 . 2014-05-13 17:26    7876    ----a-w-    c:\windows\zmbr.vbs
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-04-11 02:05    513648    ----a-w-    c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvUpdater"="c:\users\USER\AppData\Roaming\DRPSu\DrvUpdater.exe" [2012-03-07 195256]
"Keyboard Inf."="c:\users\USER\AppData\Roaming\Media Center Programs\ndsm.exe" [2014-07-14 3812298]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IePluginService;IePlugin Service;c:\programdata\IePluginService\PluginService.exe;c:\programdata\IePluginService\PluginService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys;c:\windows\SYSNATIVE\DRIVERS\zghsmdm.sys [x]
R5 ekrn;ESET Service2   ;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C60x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 17:56    1104200    ----a-w-    c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13 08:44]
.
2014-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2480348906-3920511546-3670573113-1000Core.job
- c:\users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-26 15:39]
.
2014-08-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2480348906-3920511546-3670573113-1000UA.job
- c:\users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-26 15:39]
.
2014-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-16 16:44]
.
2014-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-16 16:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-10-26 13213840]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5618456]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com.tr
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1399976280&from=amt&uid=ST250DM001XHD253GJ_S24JJX0D801826&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1399976280&from=amt&uid=ST250DM001XHD253GJ_S24JJX0D801826
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1399976280&from=amt&uid=ST250DM001XHD253GJ_S24JJX0D801826
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1399976280&from=amt&uid=ST250DM001XHD253GJ_S24JJX0D801826&q={searchTerms}
IE: Microsoft Excel'e Gö&nder - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F214218F-DE59-4DE1-A9B2-4A30796E901F}: NameServer = 198.153.192.1,198.153.194.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{b475cfd8-45d8-4905-b319-ad995327abeb} - (no file)
Toolbar-{b475cfd8-45d8-4905-b319-ad995327abeb} - (no file)
Toolbar-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
Wow6432Node-HKCU-Run-MusaLLaT - c:\users\USER\AppData\Roaming\MusaLLaT.exe
AddRemove-Uplay - c:\program files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
AddRemove-Uplay Install 274 - c:\program files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\users\USER\AppData\Local\Temp\kryxblvmtcmu\ofbxozgfziel.exe
.
**************************************************************************
.
Completion time: 2014-08-02  17:14:41 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-02 14:14
ComboFix2.txt  2014-05-02 12:55
ComboFix3.txt  2014-04-24 15:09
.
Pre-Run: 84.112.875.520 bayt boş
Post-Run: 83.809.832.960 bayt boş
.
- - End Of File - - 6E13ACB907F5C6E998DC22BE9D470D0E
A36C5E4F47E84449FF07ED3517B43A31

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 15:44:41, on 04.08.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)


Boot mode: Normal

Running processes:
C:\Users\USER\AppData\Roaming\DRPSu\DrvUpdater.exe
C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Users\USER\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.com.tr/?win=135&clid=1979776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {b475cfd8-45d8-4905-b319-ad995327abeb} - (no file)
O2 - BHO: Görsel favoriler - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {b475cfd8-45d8-4905-b319-ad995327abeb} - (no file)
O3 - Toolbar: Yandex Elements - {91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DrvUpdater] C:\Users\USER\AppData\Roaming\DRPSu\DrvUpdater.exe /hide
O4 - HKCU\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
O4 - HKCU\..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
O4 - HKCU\..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user')
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{F214218F-DE59-4DE1-A9B2-4A30796E901F}: NameServer = 198.153.192.1,198.153.194.1
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Güncelleme Hizmeti (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Güncelleme Hizmeti (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: IePlugin Service (IePluginService) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginService\PluginService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8157 bytes

C:\Users\USER\AppData\Roaming\DRPSu\DrvUpdater.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
O2 - BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {b475cfd8-45d8-4905-b319-ad995327abeb} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {b475cfd8-45d8-4905-b319-ad995327abeb} - (no file)
O3 - Toolbar: Yandex Elements - {91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DrvUpdater] C:\Users\USER\AppData\Roaming\DRPSu\DrvUpdater.exe /hide
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: IePlugin Service (IePluginService) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginService\PluginService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)