FIRST Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-11-2014 01
Ran by BABO (administrator) on EV-BE509B0CD512 on 14-11-2014 19:47:52
Running from D:\Documents and Settings\BABO\Desktop
Loaded Profile: BABO (Available profiles: BABO & HERKES & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Türkçe
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) D:\Program Files\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) D:\Program Files\SUPERAntiSpyware\SASCore.exe
(Avira Operations GmbH & Co. KG) D:\Program Files\Avira\AntiVir Desktop\avguard.exe
() D:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Oracle Corporation) D:\Program Files\Java\jre7\bin\jqs.exe
(Lavasoft Limited) D:\Program Files\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
(Avira Operations GmbH & Co. KG) D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(ELAN Microelectronics Corp.) D:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) D:\Program Files\Elantech\ETDCtrlHelper.exe
(Emsi Software GmbH) D:\Program Files\a-squared Free\a2service.exe
(Comodo Security Solutions, Inc.) D:\Program Files\Common Files\COMODO\launcher_service.exe
(Comodo Security Solutions, Inc.) D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Comodo Security Solutions, Inc.) D:\Program Files\Comodo\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) D:\Program Files\Comodo\GeekBuddy\unit.exe
() D:\Program Files\Comodo\Dragon\dragon_updater.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [avgnt] => D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ETDWare] => D:\Program Files\Elantech\ETDCtrl.exe [1822600 2010-03-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => D:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
HKLM\...\Run: [tvncontrol] => D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-02-27] (Comodo Security Solutions, Inc.)
HKLM\...\Run: [COMODO Internet Security] => D:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1225944 2014-03-25] (COMODO)
HKLM\...\RunOnce: [*CA] => [X]
Startup: D:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> D:\Program Files\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => D:\WINDOWS\system32\AcSignIcon.dll (Autodesk, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.com.trURLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {0351MK91-C431-623h-CHPF-M19917C3G4P3M} URL =
www.homepage.com.tr/s/?aff=1&q={searchTerms}SearchScopes: HKLM - {0351MK91-C431-623h-CHPF-M19917C3G4P3M} URL =
www.homepage.com.tr/s/?aff=1&q={searchTerms}SearchScopes: HKCU - 19D19745189D06C7311101C01FAA0DCE URL =
haber.yandex.com.tr/yandsearch?rpt=nnews2&grhow=clutop&win=118&clid=1989274&text={searchTerms}SearchScopes: HKCU - 66DD33F05E5E33CF13EA63BF613A7D89 URL =
video.yandex.com.tr/#search?win=118&clid=1989274&text={searchTerms}SearchScopes: HKCU - 95B7ABAA88745E7A7631B366408A17DC URL =
gorsel.yandex.com.tr/yandsearch?win=118&clid=1989274&text={searchTerms}SearchScopes: HKCU - {0351MK91-C431-623h-CHPF-M19917C3G4P3M} URL =
www.homepage.com.tr/s/?aff=1&q={searchTerms}BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Görsel Favoriler -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {10921475-03CE-4E04-90CE-E2E7EF20C814} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Winsock: Catalog9 01 D:\WINDOWS\system32\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 02 D:\WINDOWS\system32\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 18 D:\WINDOWS\system32\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 46.196.235.115 62.248.80.162
Tcpip\..\Interfaces\{B72E0B02-A610-4AB4-9BA8-6C2933531847}: [NameServer] 156.154.70.25,156.154.71.25
Tcpip\..\Interfaces\{DBA5F11F-1C61-4A47-AB7F-3D9348513871}: [NameServer] 156.154.70.25,156.154.71.25
FireFox:
========
FF ProfilePath: D:\Documents and Settings\BABO\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default
FF DefaultSearchEngine: Yandex
FF Plugin: @adobe.com/FlashPlayer -> D:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF user.js: detected! => D:\Documents and Settings\BABO\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js
FF SearchPlugin: D:\Documents and Settings\BABO\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\gorsel.yandex.com.tr-105434.xml
FF SearchPlugin: D:\Documents and Settings\BABO\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\haber.yandex.com.tr-105434.xml
FF SearchPlugin: D:\Documents and Settings\BABO\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\video.yandex.com.tr-105434.xml
FF SearchPlugin: D:\Documents and Settings\BABO\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.com.tr-105434.xml
Chrome:
=======
CHR Profile: D:\Documents and Settings\BABO\Local Settings\Application Data\Google\Chrome\User Data\Default
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; D:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
R2 a2free; D:\Program Files\a-squared Free\a2service.exe [226936 2007-07-17] (Emsi Software GmbH) [File not signed]
R2 AntiVirSchedulerService; D:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; D:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 Autodesk Content Service; D:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 CLPSLauncher; D:\Program Files\Common Files\COMODO\launcher_service.exe [70352 2014-02-27] (Comodo Security Solutions, Inc.)
S2 CmdAgent; D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-16] (COMODO)
S3 cmdvirth; D:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-25] (COMODO)
R2 DragonUpdater; D:\Program Files\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
S3 FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2014-11-06] (Flexera Software, Inc.)
R2 GeekBuddyRSP; D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-02-27] (Comodo Security Solutions, Inc.)
R2 JavaQuickStarterService; D:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
R2 LavasoftTcpService; D:\Program Files\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [1351512 2014-11-07] (Lavasoft Limited)
S2 LiveUpdateSvc; D:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
S2 MBAMScheduler; D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S2 SearchProtectionService; D:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-11-07] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; D:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2014-07-19] (Creative)
R2 avgntflt; D:\WINDOWS\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; D:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; D:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2014-02-26] (Avira Operations GmbH & Co. KG)
R3 BCM43XX; D:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2696448 2010-02-05] (Broadcom Corporation)
S3 CCDECODE; D:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S1 CFRMD; D:\WINDOWS\System32\DRIVERS\CFRMD.sys [36112 2014-06-26] (Windows (R) Win 7 DDK provider)
U1 cmderd; D:\WINDOWS\System32\DRIVERS\cmderd.sys [15704 2014-04-16] (COMODO)
U1 cmdGuard; D:\WINDOWS\System32\DRIVERS\cmdguard.sys [607448 2014-04-16] (COMODO)
U1 cmdHlp; D:\WINDOWS\System32\DRIVERS\cmdhlp.sys [29912 2014-04-16] (COMODO)
R1 dtsoftbus01; D:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-09-26] (Disc Soft Ltd)
R3 ETD; D:\WINDOWS\System32\DRIVERS\ETD.sys [131072 2010-03-26] (ELAN Microelectronics Corp.)
S1 HMD; D:\WINDOWS\System32\DRIVERS\hmd.sys [14272 2014-06-26] ()
U0 Inspect; D:\WINDOWS\System32\DRIVERS\inspect.sys [104920 2014-04-16] (COMODO)
S3 L1c; D:\WINDOWS\System32\DRIVERS\l1c51x86.sys [58920 2010-02-22] (Atheros Communications, Inc.)
S3 MBAMProtector; D:\WINDOWS\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
S3 Monfilt; D:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2014-07-19] (Creative Technology Ltd.)
S3 NdisIP; D:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 SASDIFSV; D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; D:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [28656 2014-07-19] (Synaptics Incorporated)
R1 ssmdrv; D:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2014-02-26] (Avira GmbH)
R1 StarOpen; D:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-14 19:47 - 2014-11-14 19:48 - 00013023 _____ () D:\Documents and Settings\BABO\Desktop\FRST.txt
2014-11-14 19:47 - 2014-11-14 19:47 - 00000000 ____D () D:\FRST
2014-11-14 18:27 - 2014-11-14 18:27 - 01108480 _____ (Farbar) D:\Documents and Settings\BABO\Desktop\FRST.exe
2014-11-14 14:04 - 2014-11-14 14:04 - 00000000 ____D () D:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
2014-11-14 14:03 - 2014-11-14 14:03 - 01700352 _____ (Microsoft Corporation) D:\WINDOWS\system32\gdiplus.dll
2014-11-14 14:03 - 2014-11-14 14:03 - 01060864 _____ (Microsoft Corporation) D:\WINDOWS\system32\mfc71.dll
2014-11-14 14:01 - 2014-11-14 14:01 - 00065536 _____ () D:\WINDOWS\system32\config\COMODO I.evt
2014-11-14 14:01 - 2014-11-14 14:01 - 00001695 _____ () D:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
2014-11-14 14:01 - 2014-11-14 14:01 - 00000000 ___SD () D:\Documents and Settings\All Users\Application Data\Shared Space
2014-11-14 14:00 - 2014-11-14 14:02 - 00000000 ____D () D:\WINDOWS\LastGood
2014-11-14 13:58 - 2014-11-14 14:01 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programlar\Comodo
2014-11-14 13:58 - 2014-11-14 13:58 - 00001780 _____ () D:\Documents and Settings\All Users\Desktop\GeekBuddy.lnk
2014-11-14 13:58 - 2014-11-14 13:58 - 00000769 _____ () D:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
2014-11-14 13:58 - 2014-11-14 13:58 - 00000000 ____D () D:\Program Files\Common Files\COMODO
2014-11-14 13:57 - 2014-11-14 14:09 - 00000000 ____D () D:\Documents and Settings\BABO\Local Settings\Application Data\COMODO
2014-11-14 13:57 - 2014-11-14 14:03 - 00048392 _____ (COMODO CA Limited) D:\WINDOWS\system32\certsentry.dll
2014-11-14 13:57 - 2014-11-14 14:03 - 00000000 ____D () D:\Program Files\Comodo
2014-11-14 13:57 - 2014-11-14 13:57 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\Comodo Downloader
2014-11-14 13:55 - 2014-11-14 14:00 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\Comodo
2014-11-14 13:49 - 2014-11-14 19:42 - 00000000 ____D () D:\Program Files\a-squared Free
2014-11-14 13:49 - 2014-11-14 19:42 - 00000000 ____D () D:\Documents and Settings\BABO\Belgelerim\a-squared
2014-11-14 13:49 - 2014-11-14 13:49 - 00000648 _____ () D:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
2014-11-14 13:49 - 2014-11-14 13:49 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programlar\a-squared Free
2014-11-14 00:37 - 2014-11-14 17:50 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-14 00:37 - 2014-11-14 00:37 - 00000000 ____D () D:\Program Files\Malwarebytes Anti-Malware
2014-11-14 00:37 - 2014-11-14 00:37 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programlar\Malwarebytes Anti-Malware
2014-11-14 00:37 - 2014-10-01 11:11 - 00054360 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-14 00:37 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbam.sys
2014-11-13 22:06 - 2014-11-14 00:37 - 00000777 _____ () D:\Documents and Settings\BABO\Belgelerim\Malwarebytes Anti-Malware.lnk
2014-11-13 00:33 - 2014-11-13 00:33 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\Norton
2014-11-13 00:20 - 2014-11-13 00:20 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\F-Secure
2014-11-12 22:48 - 2014-11-12 22:48 - 00004072 _____ () D:\WINDOWS\system32\LavasoftTcpService.ini
2014-11-12 22:48 - 2014-11-12 22:48 - 00002088 _____ () D:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2014-11-12 22:48 - 2014-11-12 22:48 - 00000000 ____D () D:\Documents and Settings\BABO\Application Data\LavasoftStatistics
2014-11-12 22:48 - 2014-11-07 12:30 - 00312424 _____ (Lavasoft Limited) D:\WINDOWS\system32\LavasoftTcpService.dll
2014-11-12 22:40 - 2014-11-13 00:23 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programlar\Lavasoft
2014-11-12 22:34 - 2014-11-13 00:23 - 00000000 ____D () D:\Documents and Settings\BABO\Application Data\Lavasoft
2014-11-12 22:31 - 2014-11-14 14:02 - 00002867 _____ () D:\WINDOWS\setupapi.log
2014-11-12 22:30 - 2014-11-13 00:23 - 00000000 ____D () D:\Program Files\Lavasoft
2014-11-12 22:23 - 2014-11-13 00:23 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\Lavasoft
2014-11-12 16:12 - 2014-11-12 16:12 - 00000000 _____ () D:\autoexec.bat
2014-11-12 00:53 - 2014-11-14 00:30 - 00000000 __SHD () D:\WINDOWS\CSC
2014-11-12 00:53 - 2014-11-12 16:22 - 00001599 _____ () D:\Documents and Settings\Administrator\Start Menu\Programlar\Uzaktan Yardım.lnk
2014-11-12 00:53 - 2014-11-12 00:53 - 00000020 ___SH () D:\Documents and Settings\Administrator\ntuser.ini
2014-11-12 00:53 - 2014-11-12 00:53 - 00000000 ____D () D:\Documents and Settings\Administrator
2014-11-12 00:53 - 2014-03-29 14:05 - 00000788 _____ () D:\Documents and Settings\Administrator\Start Menu\Programlar\Windows Media Player.lnk
2014-11-12 00:53 - 2014-03-29 14:05 - 00000000 ___RD () D:\Documents and Settings\Administrator\Start Menu\Programlar
2014-11-12 00:53 - 2014-03-29 14:05 - 00000000 ____D () D:\Documents and Settings\Administrator\IXP000.TMP
2014-11-12 00:53 - 2014-03-29 14:02 - 00000000 ___RD () D:\Documents and Settings\Administrator\Start Menu\Programlar\Donatılar
2014-11-12 00:53 - 2014-03-29 01:50 - 00000000 ___RD () D:\Documents and Settings\Administrator\Start Menu\Programlar\Başlangıç
2014-11-12 00:53 - 2014-03-29 01:50 - 00000000 ____D () D:\Documents and Settings\Administrator\Sık Kullanılanlar
2014-11-12 00:53 - 2014-03-29 01:50 - 00000000 ____D () D:\Documents and Settings\Administrator\Local Settings\Temp
2014-11-12 00:53 - 2014-03-29 01:50 - 00000000 ____D () D:\Documents and Settings\Administrator\Belgelerim
2014-11-06 15:40 - 2014-11-06 15:40 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\FLEXnet
2014-11-06 15:33 - 2014-11-06 15:33 - 00001836 _____ () D:\Documents and Settings\BABO\Belgelerim\Inventor Fusion 2012.lnk
2014-11-06 15:31 - 2014-11-06 15:31 - 00000000 ____D () D:\Documents and Settings\BABO\Belgelerim\Inventor Server x86 AutoCAD 2012 Language Pack - English
2014-11-06 15:24 - 2014-11-06 15:24 - 00000147 _____ () D:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
2014-11-06 15:24 - 2014-11-06 15:24 - 00000000 ____D () D:\Program Files\Common Files\Macrovision Shared
2014-11-06 15:23 - 2014-11-06 15:23 - 00001869 _____ () D:\Documents and Settings\BABO\Belgelerim\AutoCAD 2012 - English.lnk
2014-11-06 15:23 - 2014-11-06 15:23 - 00000000 ____D () D:\Documents and Settings\All Users\Start Menu\Programlar\Autodesk
2014-11-06 15:19 - 2014-11-06 15:19 - 00000000 ____D () D:\Documents and Settings\BABO\Local Settings\Application Data\Autodesk
2014-11-06 15:18 - 2014-11-06 15:31 - 00000000 ____D () D:\Program Files\Autodesk
2014-11-06 15:16 - 2014-11-06 15:33 - 00000000 ____D () D:\Program Files\Common Files\Autodesk Shared
2014-11-06 15:16 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) D:\WINDOWS\system32\D3DCompiler_42.dll
2014-11-06 15:16 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) D:\WINDOWS\system32\D3DX9_42.dll
2014-11-06 15:16 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) D:\WINDOWS\system32\d3dx10_42.dll
2014-11-06 15:16 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) D:\WINDOWS\system32\d3dx11_42.dll
2014-11-06 15:15 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) D:\WINDOWS\system32\d3dx9_30.dll
2014-11-06 14:54 - 2014-11-06 16:03 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\Autodesk
2014-11-06 14:54 - 2014-11-06 15:19 - 00000000 ____D () D:\Documents and Settings\BABO\Application Data\Autodesk
2014-11-06 14:52 - 2014-11-06 14:52 - 00000000 __HDC () D:\WINDOWS\$NtUninstallKB942288-v3$
2014-10-18 11:45 - 2014-10-18 11:48 - 00000000 ____D () D:\Documents and Settings\BABO\Local Settings\Application Data\Adobe
2014-10-16 08:14 - 2014-10-16 08:14 - 00000000 ____D () D:\Documents and Settings\HERKES\Local Settings\Application Data\Opera Software
2014-10-16 08:14 - 2014-10-16 08:14 - 00000000 ____D () D:\Documents and Settings\HERKES\Application Data\Opera Software
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-14 19:48 - 2014-03-29 14:10 - 00000000 ____D () D:\Documents and Settings\BABO\Local Settings\Temp
2014-11-14 19:24 - 2014-04-27 13:36 - 00000814 _____ () D:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-14 19:10 - 2014-03-28 14:49 - 00000000 ____D () D:\Documents and Settings\BABO\Application Data\uTorrent
2014-11-14 19:06 - 2014-03-28 15:53 - 00032768 _____ () D:\Documents and Settings\BABO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-14 18:40 - 2014-09-26 17:40 - 00001364 _____ () D:\WINDOWS\Tasks\KLI.job
2014-11-14 16:27 - 2014-09-28 22:14 - 00000406 _____ () D:\WINDOWS\Tasks\Opera scheduled Autoupdate 1411935274.job
2014-11-14 13:58 - 2014-03-29 01:50 - 00000000 ___RD () D:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç
2014-11-14 13:58 - 2014-03-29 01:50 - 00000000 ___RD () D:\Documents and Settings\All Users\Start Menu\Programlar
2014-11-14 13:49 - 2014-03-29 14:10 - 00000000 ___RD () D:\Documents and Settings\BABO\Belgelerim
2014-11-14 13:10 - 2014-03-29 14:00 - 00460605 _____ () D:\WINDOWS\WindowsUpdate.log
2014-11-14 13:04 - 2014-09-26 19:15 - 00000159 _____ () D:\WINDOWS\wiadebug.log
2014-11-14 13:04 - 2014-09-26 19:15 - 00000050 _____ () D:\WINDOWS\wiaservc.log
2014-11-14 13:03 - 2014-03-29 14:08 - 00000006 ____H () D:\WINDOWS\Tasks\SA.DAT
2014-11-14 12:20 - 2014-03-30 10:23 - 00000178 ___SH () D:\Documents and Settings\HERKES\ntuser.ini
2014-11-14 12:20 - 2014-03-30 10:23 - 00000000 ____D () D:\Documents and Settings\HERKES
2014-11-14 12:20 - 2014-03-29 14:08 - 00032656 _____ () D:\WINDOWS\SchedLgU.Txt
2014-11-14 12:19 - 2014-03-30 10:23 - 00000000 ____D () D:\Documents and Settings\HERKES\Local Settings\Temp
2014-11-14 02:32 - 2014-03-29 14:10 - 00000178 ___SH () D:\Documents and Settings\BABO\ntuser.ini
2014-11-14 02:31 - 2014-03-29 14:10 - 00000000 ____D () D:\Documents and Settings\BABO
2014-11-14 02:31 - 2014-03-28 15:58 - 00000000 ____D () D:\Documents and Settings\BABO\Application Data\Skype
2014-11-14 01:01 - 2014-03-29 01:50 - 01081604 _____ () D:\WINDOWS\system32\PerfStringBackup.INI
2014-11-14 01:01 - 2008-04-15 14:00 - 00445472 _____ () D:\WINDOWS\system32\perfh01F.dat
2014-11-14 01:01 - 2008-04-15 14:00 - 00087414 _____ () D:\WINDOWS\system32\perfc01F.dat
2014-11-12 22:10 - 2014-10-01 21:30 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2014-11-12 19:14 - 2014-03-28 15:54 - 00000000 ____D () D:\Program Files\Winamp
2014-11-12 18:10 - 2014-10-05 19:41 - 00000000 ____D () D:\FILMLER
2014-11-12 17:44 - 2014-03-30 10:23 - 00001599 _____ () D:\Documents and Settings\HERKES\Start Menu\Programlar\Uzaktan Yardım.lnk
2014-11-12 17:35 - 2014-03-29 14:10 - 00001599 _____ () D:\Documents and Settings\BABO\Start Menu\Programlar\Uzaktan Yardım.lnk
2014-11-12 17:35 - 2014-03-29 14:02 - 00001599 _____ () D:\Documents and Settings\Default User\Start Menu\Programlar\Uzaktan Yardım.lnk
2014-11-12 17:26 - 2014-03-29 14:10 - 00000000 ___RD () D:\Documents and Settings\BABO\Start Menu\Programlar
2014-11-12 17:26 - 2014-03-29 14:02 - 00001607 _____ () D:\Documents and Settings\All Users\Start Menu\Program Erişim ve Varsayılanlarını Ayarla.lnk
2014-11-12 17:26 - 2014-03-29 14:02 - 00001507 _____ () D:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2014-11-11 23:24 - 2014-04-27 13:36 - 00701104 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-11 23:24 - 2014-04-27 13:36 - 00071344 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-11 00:01 - 2014-04-23 23:14 - 00000000 ____D () D:\WINDOWS\system32\NtmsData
2014-11-10 19:59 - 2014-10-01 22:42 - 00000000 ____D () D:\Program Files\SUPERAntiSpyware
2014-11-10 19:36 - 2014-03-29 13:57 - 00000000 ____D () D:\WINDOWS\Registration
2014-11-09 21:58 - 2014-03-28 15:07 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\ProductData
2014-11-09 19:14 - 2008-04-15 14:00 - 00000582 _____ () D:\WINDOWS\win.ini
2014-11-09 19:14 - 2008-04-15 14:00 - 00000227 _____ () D:\WINDOWS\system.ini
2014-11-06 22:52 - 2014-07-10 13:43 - 00000000 ____D () D:\WINDOWS\Microsoft.NET
2014-11-06 21:45 - 2014-03-29 01:42 - 00345808 _____ () D:\WINDOWS\system32\FNTCACHE.DAT
2014-11-06 17:42 - 2014-07-10 14:04 - 00785482 _____ () D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1409082233-1482476501-1801674531-1003-0.dat
2014-11-06 17:42 - 2014-07-10 14:04 - 00320642 _____ () D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-11-06 15:40 - 2014-03-29 14:11 - 00100472 _____ () D:\Documents and Settings\BABO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-11-06 15:16 - 2014-03-29 14:00 - 00000000 ____D () D:\WINDOWS\system32\DirectX
2014-11-06 14:53 - 2014-03-29 01:33 - 00000000 ____D () D:\WINDOWS\system32\mui
2014-10-30 14:18 - 2014-03-28 15:13 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-10-29 23:22 - 2008-04-15 14:00 - 00002206 _____ () D:\WINDOWS\system32\wpa.dbl
2014-10-27 20:52 - 2014-06-22 23:05 - 00002369 _____ () D:\Documents and Settings\BABO\Desktop\Yandex.lnk
2014-10-18 17:14 - 2014-04-23 21:17 - 00000000 ____D () D:\Documents and Settings\HERKES\Application Data\Skype
2014-10-16 17:08 - 2014-08-11 11:06 - 00000000 ____D () D:\Documents and Settings\HERKES\Application Data\vlc
2014-10-16 17:06 - 2014-03-30 10:23 - 00000000 ___RD () D:\Documents and Settings\HERKES\Belgelerim
Some content of TEMP:
====================
D:\Documents and Settings\BABO\Local Settings\Temp\23d697ee-0226-4623-9883-fd4922f02221.exe
D:\Documents and Settings\BABO\Local Settings\Temp\AcDeltree.exe
D:\Documents and Settings\BABO\Local Settings\Temp\avgnt.exe
D:\Documents and Settings\BABO\Local Settings\Temp\Setup-yabrowser.exe
D:\Documents and Settings\BABO\Local Settings\Temp\SpOrder.dll
D:\Documents and Settings\BABO\Local Settings\Temp\yupdate-exec-yabrowser.exe
D:\Documents and Settings\HERKES\Local Settings\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
D:\WINDOWS\explorer.exe => File is digitally signed
D:\WINDOWS\system32\winlogon.exe => File is digitally signed
D:\WINDOWS\system32\svchost.exe => File is digitally signed
D:\WINDOWS\system32\services.exe => File is digitally signed
D:\WINDOWS\system32\User32.dll => File is digitally signed
D:\WINDOWS\system32\userinit.exe => File is digitally signed
D:\WINDOWS\system32\rpcss.dll => File is digitally signed
D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================