Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Brontok virus -lsass exe


  • Please log in to reply

#1
evrani

evrani

    New Member

  • Member
  • Pip
  • 1 posts
İ am trying to delete this virus - worm (i dont know what it is exactly).İ can not use a lot of programs which have ".exe" extension because of "lsass.exe" . Also my computer working %100 CPU always.Please help me about this issue and i am sorry about my poor english.İ am sending logfiles for ur support.

OTL logfile created on: 10.09.2013 03:52:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Evrani\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041f | Country: Türkiye | Language: TRK | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 50,27% Memory free
18,64 Gb Paging File | 16,34 Gb Available in Paging File | 87,65% Paging File free
Paging file location(s): c:\pagefile.sys 15000 20000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 540,79 Gb Total Space | 194,64 Gb Free Space | 35,99% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 62,71 Gb Free Space | 16,05% Space Free | Partition Type: NTFS

Computer Name: EVRANI-PC | User Name: Evrani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.09.10 03:34:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Evrani\Desktop\OTL.exe
PRC - [2013.09.10 02:40:30 | 006,427,008 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2013.09.02 23:35:59 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.07.17 16:03:52 | 000,770,432 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2013.07.09 06:40:15 | 003,612,240 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2013.02.09 09:22:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.12.18 17:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.12 16:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2012.04.06 10:24:31 | 000,624,856 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
PRC - [2012.03.19 14:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.18 09:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2010.11.18 06:07:04 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010.04.27 05:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.03.16 19:22:40 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2009.03.30 09:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe


========== Modules (No Company Name) ==========

MOD - [2013.09.02 23:35:56 | 000,410,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppgooglenaclpluginchrome.dll
MOD - [2013.09.02 23:35:54 | 004,053,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
MOD - [2013.09.02 23:35:04 | 000,709,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
MOD - [2013.09.02 23:35:03 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll
MOD - [2013.09.02 23:35:01 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
MOD - [2010.01.21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010.01.09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.01.08 18:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll
MOD - [2010.01.08 18:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
MOD - [2009.09.30 06:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.04.22 21:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsusService.dll
MOD - [2009.03.30 09:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013.03.29 04:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013.03.28 22:30:42 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.02.19 10:12:32 | 000,565,928 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbkcoms.exe -- (lxbk_device)
SRV - [2013.08.22 12:40:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.07.17 16:03:52 | 000,770,432 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2013.06.21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.04.20 00:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.09 09:22:22 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.01.18 17:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (Blackberry Device Manager)
SRV - [2012.12.18 17:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.14 03:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.04.06 10:24:31 | 000,624,856 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2012.03.19 14:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.18 09:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.02.19 10:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbkcoms.exe -- (lxbk_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.06.27 12:57:42 | 000,172,920 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2013.03.29 05:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.03.29 04:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.02.14 14:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013.01.03 13:50:48 | 000,078,336 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2012.12.10 15:48:02 | 000,044,544 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2012.06.11 11:33:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.05.24 14:03:23 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012.04.06 21:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012.03.15 18:19:46 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.03.01 09:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.09 17:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.01.09 17:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.12.07 20:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011.08.30 01:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010.07.01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010.05.31 06:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.05.15 01:02:14 | 006,465,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2010.05.15 01:00:52 | 000,329,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010.05.15 01:00:28 | 000,271,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010.04.27 04:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 04:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.03.02 14:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.12.22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.07.16 06:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 04:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 04:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 04:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 03:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.07.14 03:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.07.09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.05 04:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2012.06.22 12:01:32 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\EsgScanner.sys -- (EsgScanner)
DRV - [2009.07.14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.03.09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/...7&ts=1377457087
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.c...7&ts=1377457087
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}
IE - HKLM\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.co...utputEncoding?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-969899708-634147422-4128253439-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-969899708-634147422-4128253439-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = tr
IE - HKU\S-1-5-21-969899708-634147422-4128253439-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 F9 48 64 33 02 CD 01 [binary data]
IE - HKU\S-1-5-21-969899708-634147422-4128253439-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-969899708-634147422-4128253439-1000\..\SearchScopes,DefaultScope = {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}
IE - HKU\S-1-5-21-969899708-634147422-4128253439-1000\..\SearchScopes\67C334C0-408D-4E6D-B5A7-0ADD6AFFA252: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-969899708-634147422-4128253439-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js - File not found


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [2013.04.04 23:30:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.08 00:45:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Evrani\AppData\Roaming\IDM\idmmzcc5 [2013.09.09 23:45:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [2013.04.04 23:30:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Evrani\AppData\Roaming\IDM\idmmzcc5 [2013.09.09 23:45:05 | 000,000,000 | ---D | M]

[2012.08.08 00:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evrani\AppData\Roaming\Mozilla\Extensions
[2013.09.10 06:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evrani\AppData\Roaming\Mozilla\Firefox\Profiles\cvt1d4jq.default\extensions
[2013.09.10 06:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evrani\AppData\Roaming\Mozilla\Firefox\Profiles\cvt1d4jq.default\extensions\{4cf23ae3-2b7c-4d43-b7d2-2dd1158d7af4}
[2013.09.10 06:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evrani\AppData\Roaming\Mozilla\Firefox\Profiles\cvt1d4jq.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
[2013.09.10 06:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evrani\AppData\Roaming\Mozilla\Firefox\Profiles\cvt1d4jq.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2013.09.10 02:29:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evrani\AppData\Roaming\Mozilla\Firefox\Profiles\cvt1d4jq.default\extensions\staged
[2013.09.10 02:29:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evrani\AppData\Roaming\Mozilla\Firefox\Profilescvt1d4jq.default\extensions
[2013.09.10 02:29:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evrani\AppData\Roaming\Mozilla\Firefox\Profilescvt1d4jq.default\extensions\staged
[2013.06.13 02:42:02 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Evrani\AppData\Roaming\Mozilla\Firefox\Profiles\cvt1d4jq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.07.03 21:43:44 | 000,045,558 | ---- | M] () -- C:\Users\Evrani\AppData\Roaming\Mozilla\Firefox\Profiles\cvt1d4jq.default\searchplugins\searchplugins.exe
[2013.03.16 20:09:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.06.23 18:34:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.06.23 18:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.06.23 18:34:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\USERS\EVRANI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CVT1D4JQ.DEFAULT\EXTENSIONS\[email protected]
[2012.07.14 03:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.24 17:30:16 | 000,000,594 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Arama.xml
[2012.07.14 05:01:33 | 000,001,182 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-tr.xml
[2012.07.14 05:01:33 | 000,002,489 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yandex-tr.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Docs = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Drive = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Search = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: No name found = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.17.1_0\
CHR - Extension: No name found = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.17.1_1\
CHR - Extension: No name found = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.17.1_2\
CHR - Extension: No name found = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.17.1_36\
CHR - Extension: Skype Click to Call = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Skype Click to Call = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_1\
CHR - Extension: Aimersoft Video Converter Ultimate = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapcejffhcbidcjmomhalabpcbaeimcb\5.0.0_0\
CHR - Extension: Aimersoft Video Converter Ultimate = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapcejffhcbidcjmomhalabpcbaeimcb\5.0.0_0\.svn\text-base\.svn-base
CHR - Extension: Aimersoft Video Converter Ultimate = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapcejffhcbidcjmomhalabpcbaeimcb\5.0.0_1\
CHR - Extension: Aimersoft Video Converter Ultimate = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapcejffhcbidcjmomhalabpcbaeimcb\5.0.0_1\.svn\text-base\.svn-base
CHR - Extension: Chrome In-App Payments service = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_1\
CHR - Extension: No name found = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj\1.7_0\
CHR - Extension: Gmail = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Gmail = C:\Users\Evrani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2013.09.08 21:39:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Aimersoft Video Converter Ultimate) - {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll (Aimersoft Software Co., Ltd.)
O2 - BHO: (no name) - {5D7FF420-B686-407A-F1DD-AB74805E8478} - No CLSID value found.
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-969899708-634147422-4128253439-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-969899708-634147422-4128253439-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-969899708-634147422-4128253439-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-969899708-634147422-4128253439-1000..\Run: [Tok-Cirrhatus] File not found
O4 - HKU\S-1-5-21-969899708-634147422-4128253439-1000..\Run: [Tok-Cirrhatus-2289] C:\Users\Evrani\AppData\Local\br5601on.exe ()
O4 - Startup: C:\Users\Evrani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif ()
O4 - Startup: C:\Users\Evrani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Startup.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-969899708-634147422-4128253439-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-969899708-634147422-4128253439-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O8:64bit: - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: MiPony ile indir - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: MiPony ile indir - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.248.80.164 62.248.80.163
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A13DF573-9760-494F-980E-38F66A5258BA}: DhcpNameServer = 62.248.80.164 62.248.80.163
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Windows\Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O31 - SafeBoot: AlternateShell - cmd-brontok.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.09.10 03:14:08 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.09.10 03:51:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Evrani\Desktop\OTL.exe
[2013.09.10 02:38:46 | 000,000,000 | ---D | C] -- C:\Users\Evrani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.09.10 02:38:45 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.09.10 02:38:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2013.09.10 02:37:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.09.10 02:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.09.10 02:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.09.10 02:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brontok Removal Tool
[2013.09.10 02:29:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brontok Removal Tool
[2013.09.10 02:29:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SimilarSites
[2013.09.10 02:29:38 | 000,000,000 | ---D | C] -- C:\Users\Evrani\AppData\Roaming\SimilarSites
[2013.09.10 02:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AutoKMS
[2013.09.10 01:17:44 | 000,000,000 | ---D | C] -- C:\Users\Evrani\Pictures
[2013.09.10 00:00:06 | 000,000,000 | ---D | C] -- C:\Users\Evrani\AppData\Local\Bron.tok-17-10
[2013.09.09 23:42:12 | 000,000,000 | ---D | C] -- C:\Users\Evrani\AppData\Local\Ok-SendMail-Bron-tok
[2013.09.09 23:39:22 | 000,000,000 | ---D | C] -- C:\Users\Evrani\AppData\Local\Loc.Mail.Bron.Tok
[2013.09.09 23:34:21 | 000,000,000 | ---D | C] -- C:\Users\Evrani\AppData\Local\Bron.tok-17-9
[2013.09.08 22:35:34 | 000,018,816 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013.09.08 22:35:33 | 000,000,000 | ---D | C] -- C:\Users\Evrani\AppData\Roaming\systweak
[2013.09.08 22:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2013.09.08 22:35:24 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2013.09.08 22:35:24 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013.09.08 22:35:24 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2013.09.08 22:35:24 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013.09.08 22:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BRONTOKRemoval Tool
[2013.09.08 22:35:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRONTOKRemoval Tool
[2013.09.08 21:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013.09.08 21:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2013.09.08 21:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2013.09.08 21:40:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.09.08 21:40:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.09.08 21:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2013.09.08 20:41:35 | 000,000,000 | ---D | C] -- C:\Users\Evrani\AppData\Roaming\Total War Rome 2
[2013.09.08 20:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
[2013.09.08 20:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013.09.08 19:30:57 | 000,000,000 | ---D | C] -- C:\Users\Evrani\AppData\Roaming\KillProcess
[2013.09.08 19:27:24 | 000,000,000 | ---D | C] -- C:\Users\Evrani\Documents\KillProcess Kill Lists
[2013.09.08 19:27:24 | 000,000,000 | ---D | C] -- C:\Users\Evrani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KillProcess
[2013.09.08 19:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KillProcess
[2013.09.08 19:27:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KillProcess
[2013.09.08 19:11:29 | 000,000,000 | ---D | C] -- C:\Users\Evrani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Task Killer
[2013.09.08 19:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Task Killer
[2013.09.08 19:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\R.G. Mechanics
[2013.09.08 18:30:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.09.07 20:18:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outlast
[2013.09.06 13:54:17 | 000,000,000 | ---D | C] -- C:\Users\Evrani\AppData\Roaming\HandBrake
[2013.08.25 21:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZipper
[2013.08.25 21:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLVPlayer
[2013.08.20 16:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.08.15 14:11:59 | 000,000,000 | ---D | C] -- C:\Users\Evrani\AppData\Roaming\My Games
[2013.08.15 14:08:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firaxis Games
[2012.11.26 03:22:08 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Evrani\AppData\Roaming\pcouffin.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.09.10 03:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.09.10 03:38:38 | 000,001,064 | ---- | M] () -- C:\Users\Evrani\AppData\Local\NetMailTmp.bin
[2013.09.10 03:34:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Evrani\Desktop\OTL.exe
[2013.09.10 03:29:55 | 000,001,016 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.09.10 03:29:54 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\Vqoawrj.job
[2013.09.10 03:29:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.09.10 03:29:44 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2013.09.10 03:29:08 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.09.10 03:29:08 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.09.10 03:22:00 | 000,001,020 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.09.10 03:14:23 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.09.10 03:14:23 | 000,001,437 | ---- | M] () -- C:\Users\Evrani\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013.09.10 03:14:08 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.09.10 02:40:37 | 000,008,192 | ---- | M] () -- C:\shldr.mbr
[2013.09.10 02:38:46 | 000,002,286 | ---- | M] () -- C:\Users\Evrani\Desktop\SpyHunter.lnk
[2013.09.10 02:29:48 | 000,001,269 | ---- | M] () -- C:\Users\Evrani\Desktop\Brontok Removal Tool.lnk
[2013.09.10 02:27:10 | 496,776,067 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.09.10 01:59:57 | 000,005,515 | ---- | M] () -- C:\Windows\schost.exe
[2013.09.09 15:02:10 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013.09.09 13:25:49 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013.09.08 23:19:18 | 000,002,037 | ---- | M] () -- C:\Users\Evrani\Desktop\Scan Report 08-09-13.lnk
[2013.09.08 23:19:18 | 000,001,280 | ---- | M] () -- C:\Users\Evrani\Desktop\BRONTOKRemoval Tool.lnk
[2013.09.08 22:25:21 | 000,001,107 | ---- | M] () -- C:\Users\Evrani\Desktop\Total War Rome 2.lnk
[2013.09.08 21:39:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.09.08 19:27:24 | 000,001,043 | ---- | M] () -- C:\Users\Evrani\Desktop\KillProcess.lnk
[2013.09.08 19:11:29 | 000,001,048 | ---- | M] () -- C:\Users\Evrani\Desktop\Task Killer.lnk
[2013.09.07 23:32:14 | 000,001,668 | ---- | M] () -- C:\Users\Evrani\Desktop\Outlast.lnk
[2013.09.07 18:50:26 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.09.07 18:50:26 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.09.07 18:50:26 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.09.06 14:29:35 | 001,512,299 | ---- | M] () -- C:\Users\Evrani\Desktop\Evrim Tepe VP.prproj
[2013.09.04 12:24:15 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.09.02 19:59:41 | 092,423,142 | ---- | M] () -- C:\Users\Evrani\Desktop\Kardan Adam (Gülşen) - YouTube.MP4
[2013.08.30 00:04:49 | 000,002,496 | ---- | M] () -- C:\Users\Evrani\Documents\Register Sound Forge Pro.htm
[2013.08.29 20:29:28 | 000,001,146 | ---- | M] () -- C:\Users\Evrani\Desktop\Sound Forge Pro 11.0.lnk
[2013.08.27 10:47:13 | 000,001,076 | ---- | M] () -- C:\Users\Evrani\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013.08.25 22:06:56 | 000,001,172 | ---- | M] () -- C:\Users\Evrani\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013.08.25 22:06:56 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.08.25 22:06:56 | 000,000,789 | ---- | M] () -- C:\Users\Evrani\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2013.08.25 22:06:56 | 000,000,765 | ---- | M] () -- C:\Users\Public\Desktop\Internet Explorer.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.09.10 03:14:08 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.09.10 03:09:28 | 000,285,747 | ---- | C] () -- C:\shldr
[2013.09.10 03:09:28 | 000,008,192 | ---- | C] () -- C:\shldr.mbr
[2013.09.10 02:38:46 | 000,002,286 | ---- | C] () -- C:\Users\Evrani\Desktop\SpyHunter.lnk
[2013.09.10 02:29:48 | 000,001,269 | ---- | C] () -- C:\Users\Evrani\Desktop\Brontok Removal Tool.lnk
[2013.09.10 02:09:14 | 496,776,067 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.09.10 01:59:57 | 000,005,515 | ---- | C] () -- C:\Windows\schost.exe
[2013.09.10 01:17:44 | 000,001,064 | ---- | C] () -- C:\Users\Evrani\AppData\Local\NetMailTmp.bin
[2013.09.08 23:19:18 | 000,002,037 | ---- | C] () -- C:\Users\Evrani\Desktop\Scan Report 08-09-13.lnk
[2013.09.08 23:05:48 | 000,000,278 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013.09.08 23:05:47 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013.09.08 22:35:24 | 000,001,280 | ---- | C] () -- C:\Users\Evrani\Desktop\BRONTOKRemoval Tool.lnk
[2013.09.08 20:41:35 | 000,001,107 | ---- | C] () -- C:\Users\Evrani\Desktop\Total War Rome 2.lnk
[2013.09.08 19:27:24 | 000,001,043 | ---- | C] () -- C:\Users\Evrani\Desktop\KillProcess.lnk
[2013.09.08 19:11:29 | 000,001,048 | ---- | C] () -- C:\Users\Evrani\Desktop\Task Killer.lnk
[2013.09.07 23:32:14 | 000,001,668 | ---- | C] () -- C:\Users\Evrani\Desktop\Outlast.lnk
[2013.09.07 20:21:48 | 000,001,006 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlast.lnk
[2013.09.06 00:02:36 | 001,512,299 | ---- | C] () -- C:\Users\Evrani\Desktop\Evrim Tepe VP.prproj
[2013.09.02 20:03:54 | 092,423,142 | ---- | C] () -- C:\Users\Evrani\Desktop\Kardan Adam (Gülşen) - YouTube.MP4
[2013.08.30 00:04:49 | 000,002,496 | ---- | C] () -- C:\Users\Evrani\Documents\Register Sound Forge Pro.htm
[2013.08.29 20:29:28 | 000,001,146 | ---- | C] () -- C:\Users\Evrani\Desktop\Sound Forge Pro 11.0.lnk
[2013.08.14 00:55:56 | 000,001,048 | ---- | C] () -- C:\Users\Evrani\Desktop\Dishonored.lnk
[2013.07.24 00:15:03 | 000,000,511 | ---- | C] () -- C:\Windows\eReg.dat
[2013.06.27 06:22:16 | 000,000,600 | ---- | C] () -- C:\Users\Evrani\PUTTY.RND
[2013.05.26 20:57:17 | 000,763,706 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.04 23:30:19 | 000,721,917 | ---- | C] () -- C:\Windows\SysWow64\AiCM64.dll
[2013.04.04 23:30:19 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\AiCM32.dll
[2013.03.29 05:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.03.29 05:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.03.09 23:31:09 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2013.02.09 07:50:00 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.02.09 07:49:59 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.02.09 07:49:58 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.01.09 18:06:07 | 000,000,093 | ---- | C] () -- C:\Windows\Lexstat.ini
[2013.01.09 17:30:45 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll
[2013.01.09 17:30:45 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll
[2013.01.09 17:30:45 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll
[2013.01.09 17:30:45 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll
[2013.01.09 17:30:45 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll
[2013.01.09 17:30:45 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll
[2013.01.09 17:30:45 | 000,537,256 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcoms.exe
[2013.01.09 17:30:45 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll
[2013.01.09 17:30:45 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll
[2013.01.09 17:30:45 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll
[2013.01.09 17:30:45 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll
[2013.01.09 17:30:45 | 000,385,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkih.exe
[2013.01.09 17:30:45 | 000,381,608 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcfg.exe
[2013.01.09 17:30:45 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll
[2013.01.09 17:30:45 | 000,180,904 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkppls.exe
[2013.01.09 17:30:45 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll
[2013.01.09 17:30:45 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll
[2012.12.25 12:04:08 | 000,131,072 | RHS- | C] () -- C:\Windows\SysWow64\sysprepz.dll
[2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.11.26 03:22:08 | 000,007,859 | ---- | C] () -- C:\Users\Evrani\AppData\Roaming\pcouffin.cat
[2012.11.26 03:22:08 | 000,001,167 | ---- | C] () -- C:\Users\Evrani\AppData\Roaming\pcouffin.inf
[2012.11.26 02:39:30 | 000,727,952 | ---- | C] () -- C:\Windows\SysWow64\WSCM64.dll
[2012.08.18 00:23:46 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012.06.30 01:25:15 | 000,000,132 | ---- | C] () -- C:\Users\Evrani\AppData\Roaming\Adobe PNG Formatı CS5 Tercihleri
[2012.06.30 01:16:24 | 000,000,132 | ---- | C] () -- C:\Users\Evrani\AppData\Roaming\Adobe GIF Formatı CS5 Tercihleri
[2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\SysWow64\ESGScanner.sys
[2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\SysWow64\drivers\EsgScanner.sys
[2012.04.03 16:46:00 | 008,676,883 | ---- | C] () -- C:\Windows\SysWow64\mp3Media2.dll
[2012.03.16 20:31:55 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.03.15 01:36:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.15 00:48:25 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.03.15 00:48:25 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.03.15 00:48:22 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.03.15 00:48:22 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.03.15 00:41:53 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.03.15 00:41:48 | 000,029,196 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.02.15 05:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 05:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\AppData\Local\winlogon.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\AppData\Local\svchost.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\AppData\Local\smss.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\AppData\Local\services.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\AppData\Roaming\Roaming.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\AppData\Local\lsass.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\AppData\Local\Local.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\AppData\Local\inetinfo.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\Evrani.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\AppData\Local\csrss.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Windows\SysWow64\cmd-brontok.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\AppData\Local\br5601on.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009.07.14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.07.27 17:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.07.27 17:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 04:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.04.04 23:30:42 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Aimersoft Video Converter Ultimate
[2013.09.09 23:44:57 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\AIMP3
[2013.09.09 23:44:57 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Azureus
[2013.09.09 23:44:58 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Bioshock2
[2013.09.09 23:44:58 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\BitTorrent
[2012.04.09 00:36:18 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Canon
[2013.09.09 23:44:58 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\DAEMON Tools Lite
[2013.09.10 03:29:03 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\DMCache
[2013.09.09 23:44:59 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\DVDVideoSoft
[2012.11.25 22:24:30 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\EasiestSoft
[2013.09.09 23:45:03 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\foobar2000
[2013.09.09 23:45:03 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\FreeFLVConverter
[2013.09.09 23:45:03 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\fretsonfire
[2013.09.06 13:54:17 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\HandBrake
[2013.09.09 23:45:03 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\IDM
[2013.09.09 23:45:05 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\KillProcess
[2012.03.15 01:01:35 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Leadertech
[2012.11.25 22:42:15 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Leawo
[2012.04.23 04:15:35 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Lionhead Studios
[2013.03.28 02:20:55 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Lite
[2012.03.15 19:42:48 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\LolClient
[2012.05.24 16:12:09 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\LolClient2
[2013.09.09 23:45:09 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Mipony
[2013.03.10 01:08:00 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\MotioninJoy
[2013.09.09 23:45:22 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\MusicNet
[2013.09.06 20:36:40 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\My Games
[2013.05.26 23:08:38 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\NCdownloader
[2012.11.26 00:49:40 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Nokia
[2013.04.27 00:19:28 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Octoshape
[2012.03.15 14:31:52 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Opera
[2013.09.09 23:45:23 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Origin
[2012.11.28 00:07:29 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\PACE Anti-Piracy
[2012.08.29 20:24:27 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\PC Suite
[2012.05.24 14:18:00 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\PowerISO
[2012.04.11 20:32:45 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Publish Providers
[2013.04.05 18:13:27 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Research In Motion
[2012.11.27 23:51:36 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2013.09.09 23:45:23 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Screaming Bee
[2013.09.10 02:29:38 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\SimilarSites
[2013.09.09 23:45:44 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Sony
[2012.11.28 00:08:31 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.09.08 22:35:33 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\systweak
[2013.09.08 20:45:01 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\The Creative Assembly
[2012.08.17 01:08:35 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Three Rings Design
[2013.09.09 23:46:23 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\tiger-k
[2013.09.08 20:41:35 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Total War Rome 2
[2013.09.09 23:46:23 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\uTorrent
[2012.11.27 14:38:36 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Vso
[2013.06.27 06:27:50 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\WNR
[2012.11.26 02:40:01 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Wondershare Video Converter Ultimate
[2013.02.19 12:02:10 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\Xilisoft
[2013.04.04 23:30:39 | 000,000,000 | ---D | M] -- C:\Users\Evrani\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:10D14739
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:FB6A21E3
@Alternate Data Stream - 1025 bytes -> C:\Users\Evrani\AppData\Local\iAm8dNK3R:VsFOgikjz2Os9ptElPIlI31k5wtqL3

< End of report >

Attached Files


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {5D7FF420-B686-407A-F1DD-AB74805E8478} - No CLSID value found.
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKU\S-1-5-21-969899708-634147422-4128253439-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-969899708-634147422-4128253439-1000..\Run: [Tok-Cirrhatus] File not found
O4 - HKU\S-1-5-21-969899708-634147422-4128253439-1000..\Run: [Tok-Cirrhatus-2289] C:\Users\Evrani\AppData\Local\br5601on.exe ()
O4 - Startup: C:\Users\Evrani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif ()
O4 - Startup: C:\Users\Evrani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Startup.exe ()
O7 - HKU\S-1-5-21-969899708-634147422-4128253439-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O8:64bit: - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: MiPony ile indir - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: MiPony ile indir - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found
O31 - SafeBoot: AlternateShell - cmd-brontok.exe
[2013.09.10 00:00:06 | 000,000,000 | ---D | C] -- C:\Users\Evrani\AppData\Local\Bron.tok-17-10
[2013.09.09 23:42:12 | 000,000,000 | ---D | C] -- C:\Users\Evrani\AppData\Local\Ok-SendMail-Bron-tok
[2013.09.09 23:39:22 | 000,000,000 | ---D | C] -- C:\Users\Evrani\AppData\Local\Loc.Mail.Bron.Tok
[2013.09.09 23:34:21 | 000,000,000 | ---D | C] -- C:\Users\Evrani\AppData\Local\Bron.tok-17-9
[2013.09.10 03:29:55 | 000,001,016 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.09.10 03:29:54 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\Vqoawrj.job
[2013.09.10 03:22:00 | 000,001,020 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.09.09 15:02:10 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013.09.09 13:25:49 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013.09.10 01:59:57 | 000,005,515 | ---- | C] () -- C:\Windows\schost.exe
[2013.09.10 01:17:44 | 000,001,064 | ---- | C] () -- C:\Users\Evrani\AppData\Local\NetMailTmp.bin
[2012.12.25 12:04:08 | 000,131,072 | RHS- | C] () -- C:\Windows\SysWow64\sysprepz.dll
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\AppData\Local\winlogon.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\AppData\Local\svchost.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\AppData\Local\smss.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\AppData\Local\services.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\AppData\Roaming\Roaming.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\AppData\Local\lsass.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\AppData\Local\Local.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\AppData\Local\inetinfo.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\Evrani.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\AppData\Local\csrss.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Windows\SysWow64\cmd-brontok.exe
[2012.01.21 20:46:20 | 000,045,558 | ---- | C] () -- C:\Users\Evrani\AppData\Local\br5601on.exe
@Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:10D14739
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:FB6A21E3
@Alternate Data Stream - 1025 bytes -> C:\Users\Evrani\AppData\Local\iAm8dNK3R:VsFOgikjz2Os9ptElPIlI31k5wtqL3

:Files
C:\Users\Evrani\AppData\Local\*.exe
C:\Users\Evrani\*.exe
C:\Users\Evrani\AppData\Roaming\*.exe

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\09102013-some number.log so look there if you don't see it.



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls. Change the Quickscan in the box to the right of the a-v Scan to C:\
Click the "Scan" button to start scan (Accept the Avast Engine) Scan will take several hours.
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post aswMBR.txt in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(Does this complain that it could not fix all of your files?)


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP