Post by cem67 on May 28, 2016 16:13:34 GMT
Junkware Removal Tool raporu ektedir.iyi çalışmalar.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Microsoft Windows XP x86
Ran by Administrator (Administrator) on 28.05.2016 at 19:08:39,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 83
Successfully deleted: C:\Documents and Settings\Administrator\Application Data\5370 (Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Application Data\flvplayer (Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Application Data\isafe (Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uo0n34cj.default\user.js (File)
Successfully deleted: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uo0n34cj.default\yasearch-xb\packages\{d934b647-333a-46ad-adf7-447402413b7f}\altsearch.xml (File)
Successfully deleted: C:\Documents and Settings\Administrator\Application Data\productdata (Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Application Data\systweak (Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Application Data\tencent (Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Local Settings\Application Data\chromatic browser (Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Local Settings\Application Data\csdi_monetize_120160520 (Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Local Settings\Application Data\fst_tr_53 (Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Local Settings\Application Data\fst_tr_65 (Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Local Settings\Application Data\globalupdate (Folder)
Successfully deleted: C:\Documents and Settings\All Users\txqmpc (Folder)
Successfully deleted: C:\awh1C8.tmp (File)
Successfully deleted: C:\awh1CD.tmp (File)
Successfully deleted: C:\awh1D6.tmp (File)
Successfully deleted: C:\awh1DF.tmp (File)
Successfully deleted: C:\awh1E0.tmp (File)
Successfully deleted: C:\awh1E8.tmp (File)
Successfully deleted: C:\awh1F1.tmp (File)
Successfully deleted: C:\awh212.tmp (File)
Successfully deleted: C:\awh228.tmp (File)
Successfully deleted: C:\awh22D.tmp (File)
Successfully deleted: C:\awh232.tmp (File)
Successfully deleted: C:\awh236.tmp (File)
Successfully deleted: C:\awh242.tmp (File)
Successfully deleted: C:\awh244.tmp (File)
Successfully deleted: C:\awh253.tmp (File)
Successfully deleted: C:\awh254.tmp (File)
Successfully deleted: C:\awh25A.tmp (File)
Successfully deleted: C:\awh25E.tmp (File)
Successfully deleted: C:\awh263.tmp (File)
Successfully deleted: C:\awh264.tmp (File)
Successfully deleted: C:\awh269.tmp (File)
Successfully deleted: C:\awh26C.tmp (File)
Successfully deleted: C:\awh279.tmp (File)
Successfully deleted: C:\awh27A.tmp (File)
Successfully deleted: C:\awh27D.tmp (File)
Successfully deleted: C:\awh27F.tmp (File)
Successfully deleted: C:\awh284.tmp (File)
Successfully deleted: C:\awh287.tmp (File)
Successfully deleted: C:\awh28A.tmp (File)
Successfully deleted: C:\awh28E.tmp (File)
Successfully deleted: C:\awh290.tmp (File)
Successfully deleted: C:\awh296.tmp (File)
Successfully deleted: C:\awh298.tmp (File)
Successfully deleted: C:\awh29E.tmp (File)
Successfully deleted: C:\awh2A3.tmp (File)
Successfully deleted: C:\awh2AE.tmp (File)
Successfully deleted: C:\awh2B4.tmp (File)
Successfully deleted: C:\awh2B7.tmp (File)
Successfully deleted: C:\awh2BA.tmp (File)
Successfully deleted: C:\awh2BF.tmp (File)
Successfully deleted: C:\awh2C0.tmp (File)
Successfully deleted: C:\awh2C7.tmp (File)
Successfully deleted: C:\awh2C8.tmp (File)
Successfully deleted: C:\awh2C9.tmp (File)
Successfully deleted: C:\awh2CA.tmp (File)
Successfully deleted: C:\awh2CB.tmp (File)
Successfully deleted: C:\awh2F1.tmp (File)
Successfully deleted: C:\awh305.tmp (File)
Successfully deleted: C:\awh320.tmp (File)
Successfully deleted: C:\awh333.tmp (File)
Successfully deleted: C:\awh33B.tmp (File)
Successfully deleted: C:\awh42E.tmp (File)
Successfully deleted: C:\awh482.tmp (File)
Successfully deleted: C:\awh4A7.tmp (File)
Successfully deleted: C:\awh522.tmp (File)
Successfully deleted: C:\awh539.tmp (File)
Successfully deleted: C:\awh544.tmp (File)
Successfully deleted: C:\awh606.tmp (File)
Successfully deleted: C:\awh611.tmp (File)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8D8PDPTC (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BYURRRZC (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SX0ANQBN (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WOBUYWVA (Temporary Internet Files Folder)
Successfully deleted: C:\Program Files\004 (Folder)
Successfully deleted: C:\Program Files\GUT174.tmp (File)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8D8PDPTC (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BYURRRZC (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SX0ANQBN (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WOBUYWVA (Temporary Internet Files Folder)
Deleted the following from C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uo0n34cj.default\prefs.js
user_pref(browser.newtabpage.pinned, [{\url\:\hxxp://www.yandex.com.tr/?win=106&clid=1989285\,\title\:\Yandex\},{\url\:\hxxp://harita.yandex.com.tr/?from=dist_vz
user_pref(browser.safebrowsing.gethashURL, hxxp://sba.yandex.net/gethash?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2);
user_pref(browser.safebrowsing.keyURL, hxxps://sba.yandex.net/newkey?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2);
user_pref(browser.safebrowsing.malware.reportURL, hxxp://yandex.com.tr/infected?l10n=%LOCALE%&url=);
user_pref(browser.safebrowsing.provider.0.gethashURL, hxxp://sba.yandex.net/gethash?client={moz:client}&appver={moz:version}&pver=2.2);
user_pref(browser.safebrowsing.provider.0.keyURL, hxxps://sba.yandex.net/newkey?client={moz:client}&appver={moz:version}&pver=2.2);
user_pref(browser.safebrowsing.provider.0.lookupURL, hxxp://sba.yandex.net/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&pve
user_pref(browser.safebrowsing.provider.0.name, Yandex);
user_pref(browser.safebrowsing.provider.0.reportPhishURL, hxxp://webmaster.yandex.com.tr/delspam.xml?l10n=tr&request=Page%20looks%20like%20phishing&);
user_pref(browser.safebrowsing.provider.0.reportURL, hxxp://sba.yandex.net/report?);
user_pref(browser.safebrowsing.provider.0.updateURL, hxxp://sba.yandex.net/downloads?client={moz:client}&appver={moz:version}&pver=2.2);
user_pref(browser.safebrowsing.reportErrorURL, hxxp://webmaster.yandex.com.tr/delspam.xml?l10n=%LOCALE%&request=Page%20looks%20like%20not%20malware&);
user_pref(browser.safebrowsing.reportGenericURL, hxxp://webmaster.yandex.com.tr/delspam.xml?l10n=%LOCALE%&request=Page%20looks%20like%20malicious&);
user_pref(browser.safebrowsing.reportMalwareErrorURL, hxxp://webmaster.yandex.com.tr/delspam.xml?l10n=%LOCALE%&request=Page%20looks%20like%20not%20malware&);
user_pref(browser.safebrowsing.reportMalwareURL, hxxp://yandex.com.tr/infected?l10n=%LOCALE%&url=);
user_pref(browser.safebrowsing.reportPhishURL, hxxp://webmaster.yandex.com.tr/delspam.xml?l10n=tr&request=Page%20looks%20like%20phishing&);
user_pref(browser.safebrowsing.reportURL, hxxp://sba.yandex.net/report?);
user_pref(browser.safebrowsing.updateURL, hxxp://sba.yandex.net/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2);
user_pref(browser.uiCustomization.state, {\placements\:{\PanelUI-contents\:[\edit-controls\,\zoom-controls\,\new-window-button\,\privatebrowsing-button\,\save-
user_pref(extensions.vb@yandex.ru.alienAddonRecords, {\hxxp://www.nationzoom.com/newtab/?type=nt&ts=1388788117&from=amt&uid=SAMSUNGXHD502HJ_S2DFJ9FZ800931\:10});
user_pref(extensions.vb@yandex.ru.backgroundImages.lastModified, Mon, 23 Jun 2014 11:02:10 GMT);
user_pref(extensions.vb@yandex.ru.backgroundImages.lastRequestTime, 1404327549);
user_pref(extensions.vb@yandex.ru.backgroundImages.lastVersion, 6);
user_pref(extensions.vb@yandex.ru.backup.lastTime, 1404327545);
user_pref(extensions.vb@yandex.ru.blacklist.lastModified, Wed, 02 Oct 2013 12:25:36 GMT);
user_pref(extensions.vb@yandex.ru.blacklist.lastSyncTime, 1404327547);
user_pref(extensions.vb@yandex.ru.branding.lastupdate, 1400056234);
user_pref(extensions.vb@yandex.ru.browser.alien.newtab.url, hxxp://www.nationzoom.com/newtab/?type=nt&ts=1388788117&from=amt&uid=SAMSUNGXHD502HJ_S2DFJ9FZ800931);
user_pref(extensions.vb@yandex.ru.clids.creationDate, 1989270:{7cf13d28-11b8-4ac0-afcc-5250006e6dbd}:vbff:2014.01.04);
user_pref(extensions.vb@yandex.ru.creator, Yandex);
user_pref(extensions.vb@yandex.ru.daylyaddonstat.collect, 1404327604);
user_pref(extensions.vb@yandex.ru.daylyaddonstat.send, 1404327606);
user_pref(extensions.vb@yandex.ru.description, Görsel Favoriler'de en sevdiğiniz siteleri bir araya getirin. Siteler arasında kolay geçiş için tek yapmanız gereken k
user_pref(extensions.vb@yandex.ru.ftabs.backgroundImage, wp_almost_white_small.jpeg);
user_pref(extensions.vb@yandex.ru.ftabs.emptyLastThumb, true);
user_pref(extensions.vb@yandex.ru.ftabs.lastPickupTime, 1404329763);
user_pref(extensions.vb@yandex.ru.ftabs.lastRefreshBackgroundsTime, 1403991436);
user_pref(extensions.vb@yandex.ru.ftabs.lastRefreshThumbsTime, 1404327545);
user_pref(extensions.vb@yandex.ru.ftabs.layoutX, 4);
user_pref(extensions.vb@yandex.ru.ftabs.layoutY, 3);
user_pref(extensions.vb@yandex.ru.ftabs.oldThumbsLayout, 4x3);
user_pref(extensions.vb@yandex.ru.general.install.time, 1388854640);
user_pref(extensions.vb@yandex.ru.getAddons.cache.enabled, false);
user_pref(extensions.vb@yandex.ru.guid.value, {7cf13d28-11b8-4ac0-afcc-5250006e6dbd});
user_pref(extensions.vb@yandex.ru.homepageURL, hxxp://visual.yandex.com.tr);
user_pref(extensions.vb@yandex.ru.license.accepted, true);
user_pref(extensions.vb@yandex.ru.name, Görsel Favoriler);
user_pref(extensions.vb@yandex.ru.search.example, {\examples\:[\küçük ev aletleri\,\televizyonlar\,\beyaz eşyalar\,\fırınlar\,\çamaşır makinesi\,\bula
user_pref(extensions.vb@yandex.ru.search.example.lastRequestTime, 1404327546);
user_pref(extensions.vb@yandex.ru.search.example.lastUpdateTime, 1404327545);
user_pref(extensions.vb@yandex.ru.stat.usage.lastsent, 1403991436);
user_pref(extensions.vb@yandex.ru.stat.usage.send, false);
user_pref(extensions.vb@yandex.ru.versions.lastAddon, 2.12.0);
user_pref(extensions.vb@yandex.ru.versions.lastBuild, 49053_74);
user_pref(extensions.vb@yandex.ru.welcomepage.version.introduced, 2.10.0);
user_pref(extensions.vb@yandex.ru.yabar.migrated, false);
user_pref(extensions.xpiState, {\app-profile\:{\4jffxtbr@RadioRage_4j.com\:{\d\:\C:\\\\Documents and Settings\\\\Administrator\\\\Application Data\\\\Mozilla\\\\Fire
user_pref(extensions.yasearch@yandex.ru.blacklist.etag, \825485de56aadc2eb1434820df564a25\);
user_pref(extensions.yasearch@yandex.ru.branding.lastupdate, 1400050522);
user_pref(extensions.yasearch@yandex.ru.chevronInstallTime, 1388854647);
user_pref(extensions.yasearch@yandex.ru.chevronState, 2);
user_pref(extensions.yasearch@yandex.ru.clids.creationDate, 1989270:{7cf13d28-11b8-4ac0-afcc-5250006e6dbd}:barff:2014.01.04);
user_pref(extensions.yasearch@yandex.ru.creator, Yandex);
user_pref(extensions.yasearch@yandex.ru.daylyaddonstat.collect, 1404327602);
user_pref(extensions.yasearch@yandex.ru.daylyaddonstat.send, 1404327603);
user_pref(extensions.yasearch@yandex.ru.daylystat.sent, 1404327550);
user_pref(extensions.yasearch@yandex.ru.defender.homepage.changes, 0|0|0);
user_pref(extensions.yasearch@yandex.ru.defender.homepage.enabled, false);
user_pref(extensions.yasearch@yandex.ru.defender.homepage.protected, hxxp://www.yandex.com.tr/?win=106&clid=1989273);
user_pref(extensions.yasearch@yandex.ru.description, Yandex arama ve diğer popüler hizmetlere hızlı ve kolay erişim);
user_pref(extensions.yasearch@yandex.ru.distr.statChosen, true);
user_pref(extensions.yasearch@yandex.ru.general.install.time, 1388854584);
user_pref(extensions.yasearch@yandex.ru.getAddons.cache.enabled, false);
user_pref(extensions.yasearch@yandex.ru.guid.value, {7cf13d28-11b8-4ac0-afcc-5250006e6dbd});
user_pref(extensions.yasearch@yandex.ru.homepageURL, hxxp://element.yandex.com.tr);
user_pref(extensions.yasearch@yandex.ru.mailruStat.gversion, 0);
user_pref(extensions.yasearch@yandex.ru.mailruStat.sversion, 0);
user_pref(extensions.yasearch@yandex.ru.migrated.australis, true);
user_pref(extensions.yasearch@yandex.ru.name, Yandex Elements);
user_pref(extensions.yasearch@yandex.ru.safebrowsing.installed.version, 3);
user_pref(extensions.yasearch@yandex.ru.stat.usage.send, false);
user_pref(keyword.URL, hxxp://www.default-search.net/search?sid=492&aid=121&itype=a&ver=12692&tm=338&src=ds&p=);
user_pref(urlclassifier.keyupdatetime.hxxps://sba.yandex.net/newkey, 1401139068);
user_pref(yasearch.default.preset.url, hxxps://download.yandex.ru/bar/wwt/presets/tb.xml);
user_pref(yasearch.defence.homepage.protected, hxxp://www.yandex.com.tr/?win=106&clid=1989273);
user_pref(yasearch.native_comps.hxxp://bar-widgets.yandex.ru/packages/approved/143/manifest.xml#typosquatting.all.settings.jsonLastModified, Wed, 10 Jul 2013 17:36:53 GMT)
user_pref(yasearch.native_comps.hxxp://bar-widgets.yandex.ru/packages/approved/143/manifest.xml#typosquatting.all.settings.lastUpdate, 1404329765444);
user_pref(yasearch.native_comps.hxxp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox.all.settings.nativeqs.removed, true);
user_pref(yasearch.native_comps.hxxp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox.all.settings.searchName, Yandex);
user_pref(yasearch.native_comps.hxxp://bar.yandex.ru/packages/yandexbar#geolocation.all.settings.ip, 192.168.1.2);
user_pref(yasearch.native_comps.hxxp://bar.yandex.ru/packages/yandexbar#geolocation.all.settings.position, {\latitude\:\41.4515419\,\longitude\:\31.7973709\,\preci
user_pref(yasearch.native_comps.hxxp://bar.yandex.ru/packages/yandexbar#pagetranslator.all.settings.show-tooltip, 5);
user_pref(yasearch.native_comps.hxxp://bar.yandex.ru/packages/yandexbar#pagetranslator.all.settings.tlang, tr);
user_pref(yasearch.native_comps.hxxp://bar.yandex.ru/packages/yandexbar#town.13888546474542.settings.old-balls, );
user_pref(yasearch.native_comps.hxxp://bar.yandex.ru/packages/yandexbar#town.13888546474542.settings.show-name, false);
user_pref(yasearch.native_comps.hxxp://bar.yandex.ru/packages/yandexbar#translator.all.settings.last_update, 1403991435138);
user_pref(yasearch.native_comps.hxxp://bar.yandex.ru/packages/yandexbar.settings.yauth.passport.config, {\rootPassportURL\:\hxxps://pass.yandex.com.tr/\,\mainDomain\:
user_pref(yasearch.static.hxxp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox.all.settings.clid, 1989274);
user_pref(yasearch.static.hxxp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox.all.settings.enginename, default-search.net);
user_pref(yasearch.static.hxxp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox.all.settings.firststart, true);
user_pref(yasearch.static.hxxp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox.all.settings.tutor.installTime, 1388854644);
Registry: 16
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\TSCPM (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91397D20-1446-11D4-8AF4-0040CA1127B6} (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Search Bar (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{91397D20-1446-11D4-8AF4-0040CA1127B6} (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.05.2016 at 19:09:27,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Microsoft Windows XP x86
Ran by Administrator (Administrator) on 28.05.2016 at 19:08:39,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 83
Successfully deleted: C:\Documents and Settings\Administrator\Application Data\5370 (Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Application Data\flvplayer (Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Application Data\isafe (Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uo0n34cj.default\user.js (File)
Successfully deleted: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uo0n34cj.default\yasearch-xb\packages\{d934b647-333a-46ad-adf7-447402413b7f}\altsearch.xml (File)
Successfully deleted: C:\Documents and Settings\Administrator\Application Data\productdata (Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Application Data\systweak (Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Application Data\tencent (Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Local Settings\Application Data\chromatic browser (Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Local Settings\Application Data\csdi_monetize_120160520 (Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Local Settings\Application Data\fst_tr_53 (Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Local Settings\Application Data\fst_tr_65 (Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Local Settings\Application Data\globalupdate (Folder)
Successfully deleted: C:\Documents and Settings\All Users\txqmpc (Folder)
Successfully deleted: C:\awh1C8.tmp (File)
Successfully deleted: C:\awh1CD.tmp (File)
Successfully deleted: C:\awh1D6.tmp (File)
Successfully deleted: C:\awh1DF.tmp (File)
Successfully deleted: C:\awh1E0.tmp (File)
Successfully deleted: C:\awh1E8.tmp (File)
Successfully deleted: C:\awh1F1.tmp (File)
Successfully deleted: C:\awh212.tmp (File)
Successfully deleted: C:\awh228.tmp (File)
Successfully deleted: C:\awh22D.tmp (File)
Successfully deleted: C:\awh232.tmp (File)
Successfully deleted: C:\awh236.tmp (File)
Successfully deleted: C:\awh242.tmp (File)
Successfully deleted: C:\awh244.tmp (File)
Successfully deleted: C:\awh253.tmp (File)
Successfully deleted: C:\awh254.tmp (File)
Successfully deleted: C:\awh25A.tmp (File)
Successfully deleted: C:\awh25E.tmp (File)
Successfully deleted: C:\awh263.tmp (File)
Successfully deleted: C:\awh264.tmp (File)
Successfully deleted: C:\awh269.tmp (File)
Successfully deleted: C:\awh26C.tmp (File)
Successfully deleted: C:\awh279.tmp (File)
Successfully deleted: C:\awh27A.tmp (File)
Successfully deleted: C:\awh27D.tmp (File)
Successfully deleted: C:\awh27F.tmp (File)
Successfully deleted: C:\awh284.tmp (File)
Successfully deleted: C:\awh287.tmp (File)
Successfully deleted: C:\awh28A.tmp (File)
Successfully deleted: C:\awh28E.tmp (File)
Successfully deleted: C:\awh290.tmp (File)
Successfully deleted: C:\awh296.tmp (File)
Successfully deleted: C:\awh298.tmp (File)
Successfully deleted: C:\awh29E.tmp (File)
Successfully deleted: C:\awh2A3.tmp (File)
Successfully deleted: C:\awh2AE.tmp (File)
Successfully deleted: C:\awh2B4.tmp (File)
Successfully deleted: C:\awh2B7.tmp (File)
Successfully deleted: C:\awh2BA.tmp (File)
Successfully deleted: C:\awh2BF.tmp (File)
Successfully deleted: C:\awh2C0.tmp (File)
Successfully deleted: C:\awh2C7.tmp (File)
Successfully deleted: C:\awh2C8.tmp (File)
Successfully deleted: C:\awh2C9.tmp (File)
Successfully deleted: C:\awh2CA.tmp (File)
Successfully deleted: C:\awh2CB.tmp (File)
Successfully deleted: C:\awh2F1.tmp (File)
Successfully deleted: C:\awh305.tmp (File)
Successfully deleted: C:\awh320.tmp (File)
Successfully deleted: C:\awh333.tmp (File)
Successfully deleted: C:\awh33B.tmp (File)
Successfully deleted: C:\awh42E.tmp (File)
Successfully deleted: C:\awh482.tmp (File)
Successfully deleted: C:\awh4A7.tmp (File)
Successfully deleted: C:\awh522.tmp (File)
Successfully deleted: C:\awh539.tmp (File)
Successfully deleted: C:\awh544.tmp (File)
Successfully deleted: C:\awh606.tmp (File)
Successfully deleted: C:\awh611.tmp (File)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8D8PDPTC (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BYURRRZC (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SX0ANQBN (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WOBUYWVA (Temporary Internet Files Folder)
Successfully deleted: C:\Program Files\004 (Folder)
Successfully deleted: C:\Program Files\GUT174.tmp (File)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8D8PDPTC (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BYURRRZC (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SX0ANQBN (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WOBUYWVA (Temporary Internet Files Folder)
Deleted the following from C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uo0n34cj.default\prefs.js
user_pref(browser.newtabpage.pinned, [{\url\:\hxxp://www.yandex.com.tr/?win=106&clid=1989285\,\title\:\Yandex\},{\url\:\hxxp://harita.yandex.com.tr/?from=dist_vz
user_pref(browser.safebrowsing.gethashURL, hxxp://sba.yandex.net/gethash?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2);
user_pref(browser.safebrowsing.keyURL, hxxps://sba.yandex.net/newkey?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2);
user_pref(browser.safebrowsing.malware.reportURL, hxxp://yandex.com.tr/infected?l10n=%LOCALE%&url=);
user_pref(browser.safebrowsing.provider.0.gethashURL, hxxp://sba.yandex.net/gethash?client={moz:client}&appver={moz:version}&pver=2.2);
user_pref(browser.safebrowsing.provider.0.keyURL, hxxps://sba.yandex.net/newkey?client={moz:client}&appver={moz:version}&pver=2.2);
user_pref(browser.safebrowsing.provider.0.lookupURL, hxxp://sba.yandex.net/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&pve
user_pref(browser.safebrowsing.provider.0.name, Yandex);
user_pref(browser.safebrowsing.provider.0.reportPhishURL, hxxp://webmaster.yandex.com.tr/delspam.xml?l10n=tr&request=Page%20looks%20like%20phishing&);
user_pref(browser.safebrowsing.provider.0.reportURL, hxxp://sba.yandex.net/report?);
user_pref(browser.safebrowsing.provider.0.updateURL, hxxp://sba.yandex.net/downloads?client={moz:client}&appver={moz:version}&pver=2.2);
user_pref(browser.safebrowsing.reportErrorURL, hxxp://webmaster.yandex.com.tr/delspam.xml?l10n=%LOCALE%&request=Page%20looks%20like%20not%20malware&);
user_pref(browser.safebrowsing.reportGenericURL, hxxp://webmaster.yandex.com.tr/delspam.xml?l10n=%LOCALE%&request=Page%20looks%20like%20malicious&);
user_pref(browser.safebrowsing.reportMalwareErrorURL, hxxp://webmaster.yandex.com.tr/delspam.xml?l10n=%LOCALE%&request=Page%20looks%20like%20not%20malware&);
user_pref(browser.safebrowsing.reportMalwareURL, hxxp://yandex.com.tr/infected?l10n=%LOCALE%&url=);
user_pref(browser.safebrowsing.reportPhishURL, hxxp://webmaster.yandex.com.tr/delspam.xml?l10n=tr&request=Page%20looks%20like%20phishing&);
user_pref(browser.safebrowsing.reportURL, hxxp://sba.yandex.net/report?);
user_pref(browser.safebrowsing.updateURL, hxxp://sba.yandex.net/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2);
user_pref(browser.uiCustomization.state, {\placements\:{\PanelUI-contents\:[\edit-controls\,\zoom-controls\,\new-window-button\,\privatebrowsing-button\,\save-
user_pref(extensions.vb@yandex.ru.alienAddonRecords, {\hxxp://www.nationzoom.com/newtab/?type=nt&ts=1388788117&from=amt&uid=SAMSUNGXHD502HJ_S2DFJ9FZ800931\:10});
user_pref(extensions.vb@yandex.ru.backgroundImages.lastModified, Mon, 23 Jun 2014 11:02:10 GMT);
user_pref(extensions.vb@yandex.ru.backgroundImages.lastRequestTime, 1404327549);
user_pref(extensions.vb@yandex.ru.backgroundImages.lastVersion, 6);
user_pref(extensions.vb@yandex.ru.backup.lastTime, 1404327545);
user_pref(extensions.vb@yandex.ru.blacklist.lastModified, Wed, 02 Oct 2013 12:25:36 GMT);
user_pref(extensions.vb@yandex.ru.blacklist.lastSyncTime, 1404327547);
user_pref(extensions.vb@yandex.ru.branding.lastupdate, 1400056234);
user_pref(extensions.vb@yandex.ru.browser.alien.newtab.url, hxxp://www.nationzoom.com/newtab/?type=nt&ts=1388788117&from=amt&uid=SAMSUNGXHD502HJ_S2DFJ9FZ800931);
user_pref(extensions.vb@yandex.ru.clids.creationDate, 1989270:{7cf13d28-11b8-4ac0-afcc-5250006e6dbd}:vbff:2014.01.04);
user_pref(extensions.vb@yandex.ru.creator, Yandex);
user_pref(extensions.vb@yandex.ru.daylyaddonstat.collect, 1404327604);
user_pref(extensions.vb@yandex.ru.daylyaddonstat.send, 1404327606);
user_pref(extensions.vb@yandex.ru.description, Görsel Favoriler'de en sevdiğiniz siteleri bir araya getirin. Siteler arasında kolay geçiş için tek yapmanız gereken k
user_pref(extensions.vb@yandex.ru.ftabs.backgroundImage, wp_almost_white_small.jpeg);
user_pref(extensions.vb@yandex.ru.ftabs.emptyLastThumb, true);
user_pref(extensions.vb@yandex.ru.ftabs.lastPickupTime, 1404329763);
user_pref(extensions.vb@yandex.ru.ftabs.lastRefreshBackgroundsTime, 1403991436);
user_pref(extensions.vb@yandex.ru.ftabs.lastRefreshThumbsTime, 1404327545);
user_pref(extensions.vb@yandex.ru.ftabs.layoutX, 4);
user_pref(extensions.vb@yandex.ru.ftabs.layoutY, 3);
user_pref(extensions.vb@yandex.ru.ftabs.oldThumbsLayout, 4x3);
user_pref(extensions.vb@yandex.ru.general.install.time, 1388854640);
user_pref(extensions.vb@yandex.ru.getAddons.cache.enabled, false);
user_pref(extensions.vb@yandex.ru.guid.value, {7cf13d28-11b8-4ac0-afcc-5250006e6dbd});
user_pref(extensions.vb@yandex.ru.homepageURL, hxxp://visual.yandex.com.tr);
user_pref(extensions.vb@yandex.ru.license.accepted, true);
user_pref(extensions.vb@yandex.ru.name, Görsel Favoriler);
user_pref(extensions.vb@yandex.ru.search.example, {\examples\:[\küçük ev aletleri\,\televizyonlar\,\beyaz eşyalar\,\fırınlar\,\çamaşır makinesi\,\bula
user_pref(extensions.vb@yandex.ru.search.example.lastRequestTime, 1404327546);
user_pref(extensions.vb@yandex.ru.search.example.lastUpdateTime, 1404327545);
user_pref(extensions.vb@yandex.ru.stat.usage.lastsent, 1403991436);
user_pref(extensions.vb@yandex.ru.stat.usage.send, false);
user_pref(extensions.vb@yandex.ru.versions.lastAddon, 2.12.0);
user_pref(extensions.vb@yandex.ru.versions.lastBuild, 49053_74);
user_pref(extensions.vb@yandex.ru.welcomepage.version.introduced, 2.10.0);
user_pref(extensions.vb@yandex.ru.yabar.migrated, false);
user_pref(extensions.xpiState, {\app-profile\:{\4jffxtbr@RadioRage_4j.com\:{\d\:\C:\\\\Documents and Settings\\\\Administrator\\\\Application Data\\\\Mozilla\\\\Fire
user_pref(extensions.yasearch@yandex.ru.blacklist.etag, \825485de56aadc2eb1434820df564a25\);
user_pref(extensions.yasearch@yandex.ru.branding.lastupdate, 1400050522);
user_pref(extensions.yasearch@yandex.ru.chevronInstallTime, 1388854647);
user_pref(extensions.yasearch@yandex.ru.chevronState, 2);
user_pref(extensions.yasearch@yandex.ru.clids.creationDate, 1989270:{7cf13d28-11b8-4ac0-afcc-5250006e6dbd}:barff:2014.01.04);
user_pref(extensions.yasearch@yandex.ru.creator, Yandex);
user_pref(extensions.yasearch@yandex.ru.daylyaddonstat.collect, 1404327602);
user_pref(extensions.yasearch@yandex.ru.daylyaddonstat.send, 1404327603);
user_pref(extensions.yasearch@yandex.ru.daylystat.sent, 1404327550);
user_pref(extensions.yasearch@yandex.ru.defender.homepage.changes, 0|0|0);
user_pref(extensions.yasearch@yandex.ru.defender.homepage.enabled, false);
user_pref(extensions.yasearch@yandex.ru.defender.homepage.protected, hxxp://www.yandex.com.tr/?win=106&clid=1989273);
user_pref(extensions.yasearch@yandex.ru.description, Yandex arama ve diğer popüler hizmetlere hızlı ve kolay erişim);
user_pref(extensions.yasearch@yandex.ru.distr.statChosen, true);
user_pref(extensions.yasearch@yandex.ru.general.install.time, 1388854584);
user_pref(extensions.yasearch@yandex.ru.getAddons.cache.enabled, false);
user_pref(extensions.yasearch@yandex.ru.guid.value, {7cf13d28-11b8-4ac0-afcc-5250006e6dbd});
user_pref(extensions.yasearch@yandex.ru.homepageURL, hxxp://element.yandex.com.tr);
user_pref(extensions.yasearch@yandex.ru.mailruStat.gversion, 0);
user_pref(extensions.yasearch@yandex.ru.mailruStat.sversion, 0);
user_pref(extensions.yasearch@yandex.ru.migrated.australis, true);
user_pref(extensions.yasearch@yandex.ru.name, Yandex Elements);
user_pref(extensions.yasearch@yandex.ru.safebrowsing.installed.version, 3);
user_pref(extensions.yasearch@yandex.ru.stat.usage.send, false);
user_pref(keyword.URL, hxxp://www.default-search.net/search?sid=492&aid=121&itype=a&ver=12692&tm=338&src=ds&p=);
user_pref(urlclassifier.keyupdatetime.hxxps://sba.yandex.net/newkey, 1401139068);
user_pref(yasearch.default.preset.url, hxxps://download.yandex.ru/bar/wwt/presets/tb.xml);
user_pref(yasearch.defence.homepage.protected, hxxp://www.yandex.com.tr/?win=106&clid=1989273);
user_pref(yasearch.native_comps.hxxp://bar-widgets.yandex.ru/packages/approved/143/manifest.xml#typosquatting.all.settings.jsonLastModified, Wed, 10 Jul 2013 17:36:53 GMT)
user_pref(yasearch.native_comps.hxxp://bar-widgets.yandex.ru/packages/approved/143/manifest.xml#typosquatting.all.settings.lastUpdate, 1404329765444);
user_pref(yasearch.native_comps.hxxp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox.all.settings.nativeqs.removed, true);
user_pref(yasearch.native_comps.hxxp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox.all.settings.searchName, Yandex);
user_pref(yasearch.native_comps.hxxp://bar.yandex.ru/packages/yandexbar#geolocation.all.settings.ip, 192.168.1.2);
user_pref(yasearch.native_comps.hxxp://bar.yandex.ru/packages/yandexbar#geolocation.all.settings.position, {\latitude\:\41.4515419\,\longitude\:\31.7973709\,\preci
user_pref(yasearch.native_comps.hxxp://bar.yandex.ru/packages/yandexbar#pagetranslator.all.settings.show-tooltip, 5);
user_pref(yasearch.native_comps.hxxp://bar.yandex.ru/packages/yandexbar#pagetranslator.all.settings.tlang, tr);
user_pref(yasearch.native_comps.hxxp://bar.yandex.ru/packages/yandexbar#town.13888546474542.settings.old-balls, );
user_pref(yasearch.native_comps.hxxp://bar.yandex.ru/packages/yandexbar#town.13888546474542.settings.show-name, false);
user_pref(yasearch.native_comps.hxxp://bar.yandex.ru/packages/yandexbar#translator.all.settings.last_update, 1403991435138);
user_pref(yasearch.native_comps.hxxp://bar.yandex.ru/packages/yandexbar.settings.yauth.passport.config, {\rootPassportURL\:\hxxps://pass.yandex.com.tr/\,\mainDomain\:
user_pref(yasearch.static.hxxp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox.all.settings.clid, 1989274);
user_pref(yasearch.static.hxxp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox.all.settings.enginename, default-search.net);
user_pref(yasearch.static.hxxp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox.all.settings.firststart, true);
user_pref(yasearch.static.hxxp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox.all.settings.tutor.installTime, 1388854644);
Registry: 16
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\TSCPM (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91397D20-1446-11D4-8AF4-0040CA1127B6} (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Search Bar (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{91397D20-1446-11D4-8AF4-0040CA1127B6} (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.05.2016 at 19:09:27,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
