ComboFix 12-05-28.05 - Administrator 29.05.2012 0:19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.2047.1410 [GMT 3:00]
Running from: c:\********s and settings\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\********s and settings\Administrator\Application Data\Administratorlog.dat
c:\********s and settings\Administrator\Application Data\chrtmp
c:\********s and settings\Administrator\Application Data\Desktopicon
c:\********s and settings\Administrator\Application Data\edxLabs
c:\********s and settings\Administrator\Application Data\edxLabs\edxSilkroadLoader5\edxSilkroadLoader5.ini
c:\********s and settings\Administrator\Application Data\Local
c:\********s and settings\Administrator\Application Data\Microsoft\Windows Firewall
c:\********s and settings\Administrator\Local Settings\Application Data\.#
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@105C@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1128@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1128@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1128@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1128@3E3C58.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@124@3E3BC8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@124@3E3BD8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@124@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@124@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@128C@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@134C@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@134C@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@134C@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@134C@3E3C58.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@148@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@14F4@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@14F4@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@14F4@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@14F4@3E3C58.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@158@3C3738.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1660@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1660@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1660@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1660@3E3C58.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@17C@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@17C@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@17C@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@17C@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1B0@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1B0@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1B0@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1B0@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1B8@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1B8@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1B8@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1B8@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1C8@3E3B78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1C8@3E3B88.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1C8@3E3BC8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1C8@3E3BD8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1CC@3E3790.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1CC@3E37A0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1CC@3E37E0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1F8@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@204@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@204@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@204@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@208@3E3700.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@208@3E3710.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@208@3E3750.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@208@3E3760.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@20C@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@20C@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@20C@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@20C@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@21C@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@230@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@238@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@238@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@238@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@238@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@264@3D36D8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@27C@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@348@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@348@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@348@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@348@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@368@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@43C@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@474@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@474@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@474@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@4B8@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@4B8@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@4B8@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@4B8@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@4B8@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@4B8@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@4FC@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@4FC@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@4FC@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@4FC@3E3C58.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@504@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@504@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@504@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@504@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@534@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@544@3E3BD8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@544@3E3BE8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@544@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@544@3E3C38.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@564@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@564@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@564@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@564@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@568@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@598@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@5A8@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@5A8@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@5A8@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@5A8@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@5CC@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@5CC@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@5CC@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@5CC@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@604@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@604@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@604@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@604@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@69C@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@69C@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@69C@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@69C@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@6B0@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@6B0@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@6B0@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@6B0@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@6B4@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@6B4@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@6B4@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@6B4@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@72C@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@72C@3E3C88.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@72C@3E3CC8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@730@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@730@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@730@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@730@3E3C58.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@78C@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@898@3E3BE8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@898@3E3C38.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8A0@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8A0@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8A0@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8A0@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8AC@3E3740.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8AC@3E3750.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8AC@3E3790.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8AC@3E37A0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8D0@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8D0@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8D0@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8D0@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8D8@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8D8@3E3C88.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8D8@3E3CC8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8D8@3E3CD8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8F8@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8F8@3E3C88.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8F8@3E3CC8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@94C@3E3BD8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@94C@3E3BE8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@94C@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@94C@3E3C38.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@958@3D36D8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@958@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@A44@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@A44@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@A44@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@A90@3D3728.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AA8@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AAC@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AC8@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AC8@3E3790.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AC8@3E37D0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AC8@3E37E0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AD0@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AD0@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AD0@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AF4@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AF4@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AF4@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AF4@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B28@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B28@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B28@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B28@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B4@3E3B78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B4@3E3B88.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B4@3E3BC8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B4@3E3BD8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B5C@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B5C@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B5C@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B5C@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B60@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B60@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B60@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B60@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B84@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B84@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B84@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B84@3E3C58.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@BC0@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@BC0@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@BC0@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@BC0@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@BC8@3E3790.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@BC8@3E37A0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@BC8@3E37E0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@BC8@3E37F0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@C50@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@C50@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@C50@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@C50@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@C54@3D3728.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@C74@3E3BD8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@C74@3E3BE8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@C74@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@C74@3E3C38.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CB8@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CB8@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CB8@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CB8@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CCC@3E3700.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CCC@3E3710.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CCC@3E3750.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CCC@3E3760.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CEC@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CEC@3E3790.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CEC@3E37D0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CEC@3E37E0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CF4@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CF4@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CF4@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D2C@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D44@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D44@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D44@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D44@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D50@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D50@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D50@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D50@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D7C@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D7C@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D7C@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D7C@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D84@3C3738.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D94@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D94@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D94@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D94@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@DD0@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@DD0@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@DD0@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@DD0@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@DEC@3D3728.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@DF0@3E3700.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@DF0@3E3710.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@DF0@3E3750.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@DF0@3E3760.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@E34@3D3728.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@E70@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@E70@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@E70@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@E70@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@E70@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@E70@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@EBC@3E3700.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@EBC@3E3710.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@EBC@3E3750.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@F14@3E3BC8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@F14@3E3BD8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@F14@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@F14@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@FBC@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@FBC@3E3790.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@FBC@3E37D0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@FBC@3E37E0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@FC8@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@FD4@3E3BA8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@FD4@3E3BB8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@FD4@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@FD4@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\rundll.exe
c:\********s and settings\All Users\Application Data\TEMP
c:\program files\DaemonTools_WhenUSave_Installer
c:\program files\DaemonTools_WhenUSave_Installer\vvsn.cfg
c:\windows\system\Isass.exe
c:\windows\system\lsass.exe
c:\windows\system\rundll32.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\windir
c:\windows\UA000079.DLL
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-28 21:36 . 2012-05-28 21:36 10752 ----a-w- c:\windows\system\lsass.exe
2012-05-28 18:38 . 2012-05-28 18:38 -------- d-----r- c:\********s and settings\LocalService\Sık Kullanılanlar
2012-05-21 21:49 . 2008-11-19 10:51 460720 ----a-w- c:\windows\system32\Codejock.ShortcutBar.v12.1.0.ocx
2012-05-21 21:49 . 1998-06-23 22:00 140096 ----a-w- c:\windows\system32\Comdlg32.ocx
2012-05-21 21:49 . 1998-06-23 22:00 115016 ----a-w- c:\windows\system32\msinet.ocx
2012-05-21 21:49 . 2010-06-28 06:26 1898416 ----a-w- c:\windows\system32\Codejock.Controls.v13.4.0.Demo.ocx
2012-05-21 16:58 . 2012-05-21 16:58 -------- d-----w- C:\Mgame
2012-05-21 16:54 . 2012-05-26 22:52 -------- d-----w- c:\program files\CSJ
2012-05-21 02:03 . 2012-05-21 02:03 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-05-19 21:33 . 2012-05-19 21:33 -------- d-----w- c:\program files\Arcane Gaming
2012-05-19 21:20 . 2012-05-19 21:41 -------- dc-h--w- c:\********s and settings\All Users\Application Data\{9BDDA8B3-B054-4E17-A11B-AE0D14FA640D}
2012-05-19 00:37 . 2012-05-19 00:38 -------- d-----w- c:\********s and settings\Administrator\Local Settings\Application Data\GamersFirst LIVE!
2012-05-19 00:37 . 2012-05-21 23:40 -------- d-----w- c:\********s and settings\Administrator\Local Settings\Application Data\PMB Files
2012-05-19 00:37 . 2012-05-21 16:38 -------- d-----w- c:\********s and settings\All Users\Application Data\PMB Files
2012-05-15 17:04 . 2012-05-15 17:04 -------- d-----w- C:\NTTGame
2012-05-13 12:46 . 2012-05-13 12:46 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-07 15:09 . 2012-05-07 15:14 -------- d-----w- c:\program files\Mount&Blade Warband
2012-05-03 02:54 . 2012-05-03 02:54 42392 ----a-w- c:\windows\system32\xfcodec.dll
2012-05-01 11:57 . 2012-05-01 11:57 -------- d-----w- c:\********s and settings\All Users\Application Data\ATI
2012-05-01 11:57 . 2012-05-01 11:57 -------- d-----w- c:\********s and settings\Administrator\Local Settings\Application Data\ATI
2012-05-01 11:57 . 2012-05-01 11:57 -------- d-----w- c:\********s and settings\Administrator\Application Data\ATI
2012-05-01 11:54 . 2012-05-01 11:54 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-05-01 11:54 . 2003-11-10 15:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-05-01 11:54 . 2003-11-10 15:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-05-01 11:54 . 2003-11-10 15:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-05-01 11:54 . 2003-11-10 15:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-05-01 11:54 . 2003-11-10 15:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-05-01 11:54 . 2003-11-10 15:10 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-05-01 11:54 . 2012-05-01 11:54 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-05-01 11:54 . 2010-02-10 18:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2012-05-01 11:51 . 2012-05-01 11:51 -------- d-----w- C:\ATI
2012-05-01 11:43 . 2009-04-01 15:00 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2012-04-30 21:05 . 2012-04-30 21:05 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Xfire
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-28 21:20 . 2012-01-23 19:29 139448 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-05-28 21:20 . 2012-01-24 19:22 282472 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-05-28 21:20 . 2012-01-23 19:29 282472 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-05-28 21:05 . 2012-01-23 19:29 282472 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-05-15 10:38 . 2012-01-23 19:29 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-05-13 12:46 . 2011-12-16 20:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 09:39 . 2012-02-26 20:21 93696 ----a-w- c:\windows\system\Logon.dll
2012-04-23 11:26 . 2012-04-25 05:24 108448 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2012-04-12 00:28 . 2012-04-12 00:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-12 00:28 . 2012-04-12 00:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-08 08:58 . 2012-04-08 08:58 20480 ----a-w- c:\windows\system\cek.exe
2012-04-08 07:58 . 2012-04-08 07:58 20480 ----a-w- c:\windows\system\get.exe
2012-04-04 01:54 . 2012-04-04 01:54 20480 ----a-w- c:\windows\system\h2.exe
2012-04-03 19:49 . 2012-04-03 19:49 20480 ----a-w- c:\windows\system\h1.exe
2012-04-02 11:20 . 2012-04-02 11:20 864256 ----a-w- c:\windows\system\md.exe
2012-03-19 21:49 . 2012-03-19 21:49 109440 ----a-w- c:\windows\system32\drivers\KbdCap.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-01 . E0593C5746742DFB99A45B9D1234EBFB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2009-04-02 15:06 . 63ED15F264BCB9474A83D3061E061F17 . 1436160 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2009-04-02 . 106267D1B1188EBD7FA9A95B6ABCAEBA . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2009-04-02 . 48F9080F67B88418ACDB7FAF1EE36F74 . 690176 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2009-04-01 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-15 . 4A06B20542848FF905E6490159C9B07A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[-] 2009-04-02 . 884B79FFA3CBCD047BAA9B8A0DA85C80 . 639488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2009-04-02 . D89FD57CAD1CDD28F494C23605384D1C . 1766912 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-15 . 53A37D146EC56A4AD44E51CD10334202 . 272896 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-10-17 . 2547D2CF090AC7636898F16957EBCEDC . 502272 . . [1.0626.6002.16497] . . c:\windows\system32\usp10.dll
.
[-] 2009-04-02 . E914EB6F510C90B8EA2B8607966E81D9 . 66560 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2009-04-02 . 8B50C48D9E3F4D1FDD43012F2832DEE1 . 2308096 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
2011-12-27 10:07 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll" [2011-12-27 87480]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\********s and settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-07 3331872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Facebook Update"="c:\********s and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-01-09 137536]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-03-22 452880]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-16 39408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-05-03 3487128]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-23 740216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-04-02 66560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-05-14 344064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-04-02 66560]
.
c:\********s and settings\Administrator\Start Menu\Programlar\Başlangıç\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2012-5-3 3553176]
.
c:\********s and settings\All Users\Start Menu\Programlar\Başlangıç\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2012-2-2 1843000]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^********s and Settings^All Users^Start Menu^Programlar^Başlangıç^GamersFirst LIVE!.lnk]
path=c:\********s and settings\All Users\Start Menu\Programlar\Başlangıç\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExpressFiles]
2012-04-16 00:09 455800 ----a-w- c:\program files\ExpressFiles\ExpressFiles.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet 3]
2010-12-16 06:12 2840112 ----a-w- c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-02-23 20:20 740216 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\SoftnyxGame\\WolfTeamTS\\Wolfteam.bin"=
"c:\\********s and Settings\\Administrator\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\AeriaGames\\WolfTeam-RU\\Wolfteam.bin"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\AeriaGames\\WolfTeam-IT\\Wolfteam.bin"=
"c:\\********s and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\BearShare Applications\\MediaBar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\Activision\\Call Of Duty 4\\iw3mp.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57807:TCP"= 57807:TCP
ando Media Booster
"57807:UDP"= 57807:UDPando Media Booster
"56847:TCP"= 56847:TCPando Media Booster
"56847:UDP"= 56847:UDPando Media Booster
"56538:TCP"= 56538:TCPando Media Booster
"56538:UDP"= 56538:UDPando Media Booster
"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11.07.2011 02:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.09.2011 07:30 32592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.02.2012 02:52 646392]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07.10.2011 07:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.07.2011 02:14 295248]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [25.04.2012 08:24 108448]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [15.04.2008 15:00 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12.10.2011 07:25 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02.08.2011 07:09 192776]
R2 WindowsLiveScan;Windows Live Scan Service;c:\windows\system\httpd.exe [26.02.2012 23:21 456192]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11.07.2011 02:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11.07.2011 02:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04.10.2011 07:21 16720]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [20.03.2012 00:49 109440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S2 gupdate;Google Güncelleme Hizmeti (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16.12.2011 23:09 136176]
S2 WindowsLiveModule;Windows Live Module;c:\windows\security\svchost.exe --> c:\windows\security\svchost.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [13.05.2012 15:46 257696]
S3 apf001;apf001;c:\program files\SoftnyxGame\WolfTeamTS\apf001.sys [24.02.2012 23:51 10872]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Güncelleme Hizmeti (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16.12.2011 23:09 136176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NTHRNN;NTHRNN;\??\c:\********s and settings\Administrator\Desktop\US_Heroinn_V_1_1_6\NTHRNN.sys --> c:\********s and settings\Administrator\Desktop\US_Heroinn_V_1_1_6\NTHRNN.sys [?]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\********s and settings\Administrator\Desktop\Sro Bot\NtProcDrv.sys --> c:\********s and settings\Administrator\Desktop\Sro Bot\NtProcDrv.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 12:46]
.
2012-05-28 c:\windows\Tasks\Express Files Updater.job
- c:\program files\ExpressFiles\EFupdater.exe [2012-04-16 00:09]
.
2012-05-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-602609370-1801674531-500Core.job
- c:\********s and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-09 19:49]
.
2012-05-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-602609370-1801674531-500UA.job
- c:\********s and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-09 19:49]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-16 20:09]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-16 20:09]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-602609370-1801674531-500Core.job
- c:\********s and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-17 20:09]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-602609370-1801674531-500UA.job
- c:\********s and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-17 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.com.tr/?clid=1863612
mStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with AktivDownloadManager! - c:\program files\Aktiv Download Manager\aktivdownloadmanager.htm
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: ????3??
IE: ????3??????
IE: Bütün linkleri IDM ile indir - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: IDM ile indir - c:\program files\Internet Download Manager\IEExt.htm
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: ????3?? - c:\********s and settings\Administrator\Application Data\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\********s and settings\Administrator\Application Data\FlashGetBHO\GetAllUrl.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CD11A980-A84A-44D7-BB44-6A005680CF00}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\********s and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lmy5lqmq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG2012\Firefox
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Ğ¡Ğ¿ÑÑник @Mail.Ru: {37964A3C-4EE8-47b1-8321-34DE2C39BA4D} - %profile%\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
FF - Ext: WincoreMediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - %profile%\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
HKLM-Run-UPDT - c:\********s and settings\Administrator\Templates\UPDT.exe
AddRemove-Repulse - c:\aeriagames\Repulse\Uninst.exe
AddRemove-Silkroad - c:\program files\Silkroad\Remove.Exe
AddRemove-WinRAR archiver - c:\********s and settings\Administrator\Desktop\uninstall.exe
AddRemove-{4AF6927A-CF46-4491-A7A6-EAE04A0152DE}_is1 - c:\kanuninet\unins000.exe
AddRemove-{6E9357BD-C74C-48EC-8667-F7DC1D51D17C}_is1 - c:\kanuni online\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-05-29 00:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-299502267-602609370-1801674531-500\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3* N}]
@="c:\\********s and Settings\\Administrator\\Application Data\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-299502267-602609370-1801674531-500\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3* N}hQèş¥c]
@="c:\\********s and Settings\\Administrator\\Application Data\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-299502267-602609370-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4d,0c,c1,9c,21,51,58,43,ae,86,32,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4d,0c,c1,9c,21,51,58,43,ae,86,32,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):82,18,81,80,49,66,c7,38,7b,2f,75,93,47,31,71,47,a4,36,0d,4a,b9,
4d,dd,2c,3f,9d,a1,5b,45,be,14,6f,9f,0a,4b,56,06,d6,6a,99,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6cd3ab6d-ce6c-4007-a2d6-b840d85264fb}]
@Denied: (Full) (Everyone)
"Model"=dword:0000008f
"Therad"=dword:00000002
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):4a,4c,63,f8,ce,88,6d,c6,82,94,33,4a,01,f1,72,63,96,f6,ed,d0,e6,
2b,6d,d0,5c,ea,1b,b2,f1,6a,0a,3d,da,c8,6e,ab,f7,3e,b7,6c,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d8836456-44ea-4af2-888a-ca8ce22df2bb}]
@Denied: (Full) (Everyone)
"Model"=dword:0000000e
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,88,79,0d,22,8e,33,17,75,a0,87,e2,b3,13,d2,54,90,48,f3,83,84,e7,07,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1004)
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'lsass.exe'(3252)
c:\windows\system32\COMRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\ImgUtil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_tr_b77a5c561934e089\System.resources.dll
.
- - - - - - - > 'explorer.exe'(3684)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\System32\msvcp60.dll
c:\windows\system32\credui.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\program files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
c:\program files\ATI Technologies\ATI.ACE\Core-Static\atiamtrk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\windows\system\lsass.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-05-29 00:41:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-28 21:41
.
Pre-Run: 24.339.337.216 bayt boş
Post-Run: 26.496.258.048 bayt boş
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FFF4E6018435DB4509AFB173871EDEEB
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.2047.1410 [GMT 3:00]
Running from: c:\********s and settings\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\********s and settings\Administrator\Application Data\Administratorlog.dat
c:\********s and settings\Administrator\Application Data\chrtmp
c:\********s and settings\Administrator\Application Data\Desktopicon
c:\********s and settings\Administrator\Application Data\edxLabs
c:\********s and settings\Administrator\Application Data\edxLabs\edxSilkroadLoader5\edxSilkroadLoader5.ini
c:\********s and settings\Administrator\Application Data\Local
c:\********s and settings\Administrator\Application Data\Microsoft\Windows Firewall
c:\********s and settings\Administrator\Local Settings\Application Data\.#
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@105C@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1128@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1128@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1128@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1128@3E3C58.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@124@3E3BC8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@124@3E3BD8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@124@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@124@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@128C@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@134C@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@134C@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@134C@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@134C@3E3C58.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@148@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@14F4@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@14F4@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@14F4@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@14F4@3E3C58.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@158@3C3738.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1660@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1660@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1660@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1660@3E3C58.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@17C@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@17C@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@17C@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@17C@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1B0@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1B0@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1B0@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1B0@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1B8@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1B8@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1B8@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1B8@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1C8@3E3B78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1C8@3E3B88.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1C8@3E3BC8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1C8@3E3BD8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1CC@3E3790.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1CC@3E37A0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1CC@3E37E0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@1F8@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@204@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@204@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@204@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@208@3E3700.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@208@3E3710.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@208@3E3750.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@208@3E3760.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@20C@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@20C@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@20C@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@20C@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@21C@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@230@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@238@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@238@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@238@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@238@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@264@3D36D8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@27C@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@348@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@348@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@348@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@348@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@368@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@43C@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@474@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@474@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@474@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@4B8@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@4B8@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@4B8@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@4B8@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@4B8@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@4B8@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@4FC@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@4FC@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@4FC@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@4FC@3E3C58.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@504@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@504@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@504@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@504@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@534@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@544@3E3BD8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@544@3E3BE8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@544@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@544@3E3C38.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@564@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@564@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@564@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@564@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@568@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@598@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@5A8@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@5A8@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@5A8@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@5A8@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@5CC@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@5CC@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@5CC@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@5CC@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@604@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@604@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@604@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@604@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@69C@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@69C@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@69C@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@69C@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@6B0@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@6B0@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@6B0@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@6B0@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@6B4@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@6B4@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@6B4@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@6B4@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@72C@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@72C@3E3C88.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@72C@3E3CC8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@730@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@730@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@730@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@730@3E3C58.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@78C@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@898@3E3BE8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@898@3E3C38.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8A0@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8A0@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8A0@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8A0@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8AC@3E3740.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8AC@3E3750.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8AC@3E3790.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8AC@3E37A0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8D0@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8D0@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8D0@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8D0@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8D8@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8D8@3E3C88.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8D8@3E3CC8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8D8@3E3CD8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8F8@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8F8@3E3C88.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@8F8@3E3CC8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@94C@3E3BD8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@94C@3E3BE8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@94C@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@94C@3E3C38.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@958@3D36D8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@958@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@A44@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@A44@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@A44@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@A90@3D3728.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AA8@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AAC@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AC8@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AC8@3E3790.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AC8@3E37D0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AC8@3E37E0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AD0@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AD0@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AD0@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AF4@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AF4@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AF4@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@AF4@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B28@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B28@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B28@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B28@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B4@3E3B78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B4@3E3B88.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B4@3E3BC8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B4@3E3BD8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B5C@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B5C@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B5C@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B5C@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B60@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B60@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B60@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B60@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B84@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B84@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B84@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@B84@3E3C58.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@BC0@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@BC0@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@BC0@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@BC0@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@BC8@3E3790.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@BC8@3E37A0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@BC8@3E37E0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@BC8@3E37F0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@C50@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@C50@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@C50@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@C50@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@C54@3D3728.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@C74@3E3BD8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@C74@3E3BE8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@C74@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@C74@3E3C38.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CB8@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CB8@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CB8@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CB8@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CCC@3E3700.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CCC@3E3710.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CCC@3E3750.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CCC@3E3760.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CEC@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CEC@3E3790.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CEC@3E37D0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CEC@3E37E0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CF4@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CF4@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@CF4@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D2C@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D44@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D44@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D44@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D44@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D50@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D50@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D50@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D50@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D7C@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D7C@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D7C@3E3C68.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D7C@3E3C78.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D84@3C3738.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D94@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D94@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D94@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@D94@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@DD0@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@DD0@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@DD0@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@DD0@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@DEC@3D3728.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@DF0@3E3700.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@DF0@3E3710.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@DF0@3E3750.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@DF0@3E3760.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@E34@3D3728.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@E70@3E3720.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@E70@3E3730.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@E70@3E3770.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@E70@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@E70@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@E70@3E3C48.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@EBC@3E3700.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@EBC@3E3710.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@EBC@3E3750.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@F14@3E3BC8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@F14@3E3BD8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@F14@3E3C18.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@F14@3E3C28.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@FBC@3E3780.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@FBC@3E3790.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@FBC@3E37D0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@FBC@3E37E0.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@FC8@3D3758.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@FD4@3E3BA8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@FD4@3E3BB8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@FD4@3E3BF8.###
c:\********s and settings\Administrator\Local Settings\Application Data\.#\MBX@FD4@3E3C08.###
c:\********s and settings\Administrator\Local Settings\Application Data\rundll.exe
c:\********s and settings\All Users\Application Data\TEMP
c:\program files\DaemonTools_WhenUSave_Installer
c:\program files\DaemonTools_WhenUSave_Installer\vvsn.cfg
c:\windows\system\Isass.exe
c:\windows\system\lsass.exe
c:\windows\system\rundll32.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\windir
c:\windows\UA000079.DLL
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-28 21:36 . 2012-05-28 21:36 10752 ----a-w- c:\windows\system\lsass.exe
2012-05-28 18:38 . 2012-05-28 18:38 -------- d-----r- c:\********s and settings\LocalService\Sık Kullanılanlar
2012-05-21 21:49 . 2008-11-19 10:51 460720 ----a-w- c:\windows\system32\Codejock.ShortcutBar.v12.1.0.ocx
2012-05-21 21:49 . 1998-06-23 22:00 140096 ----a-w- c:\windows\system32\Comdlg32.ocx
2012-05-21 21:49 . 1998-06-23 22:00 115016 ----a-w- c:\windows\system32\msinet.ocx
2012-05-21 21:49 . 2010-06-28 06:26 1898416 ----a-w- c:\windows\system32\Codejock.Controls.v13.4.0.Demo.ocx
2012-05-21 16:58 . 2012-05-21 16:58 -------- d-----w- C:\Mgame
2012-05-21 16:54 . 2012-05-26 22:52 -------- d-----w- c:\program files\CSJ
2012-05-21 02:03 . 2012-05-21 02:03 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-05-19 21:33 . 2012-05-19 21:33 -------- d-----w- c:\program files\Arcane Gaming
2012-05-19 21:20 . 2012-05-19 21:41 -------- dc-h--w- c:\********s and settings\All Users\Application Data\{9BDDA8B3-B054-4E17-A11B-AE0D14FA640D}
2012-05-19 00:37 . 2012-05-19 00:38 -------- d-----w- c:\********s and settings\Administrator\Local Settings\Application Data\GamersFirst LIVE!
2012-05-19 00:37 . 2012-05-21 23:40 -------- d-----w- c:\********s and settings\Administrator\Local Settings\Application Data\PMB Files
2012-05-19 00:37 . 2012-05-21 16:38 -------- d-----w- c:\********s and settings\All Users\Application Data\PMB Files
2012-05-15 17:04 . 2012-05-15 17:04 -------- d-----w- C:\NTTGame
2012-05-13 12:46 . 2012-05-13 12:46 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-07 15:09 . 2012-05-07 15:14 -------- d-----w- c:\program files\Mount&Blade Warband
2012-05-03 02:54 . 2012-05-03 02:54 42392 ----a-w- c:\windows\system32\xfcodec.dll
2012-05-01 11:57 . 2012-05-01 11:57 -------- d-----w- c:\********s and settings\All Users\Application Data\ATI
2012-05-01 11:57 . 2012-05-01 11:57 -------- d-----w- c:\********s and settings\Administrator\Local Settings\Application Data\ATI
2012-05-01 11:57 . 2012-05-01 11:57 -------- d-----w- c:\********s and settings\Administrator\Application Data\ATI
2012-05-01 11:54 . 2012-05-01 11:54 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-05-01 11:54 . 2003-11-10 15:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-05-01 11:54 . 2003-11-10 15:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-05-01 11:54 . 2003-11-10 15:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-05-01 11:54 . 2003-11-10 15:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-05-01 11:54 . 2003-11-10 15:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-05-01 11:54 . 2003-11-10 15:10 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-05-01 11:54 . 2012-05-01 11:54 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-05-01 11:54 . 2010-02-10 18:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2012-05-01 11:51 . 2012-05-01 11:51 -------- d-----w- C:\ATI
2012-05-01 11:43 . 2009-04-01 15:00 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2012-04-30 21:05 . 2012-04-30 21:05 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Xfire
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-28 21:20 . 2012-01-23 19:29 139448 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-05-28 21:20 . 2012-01-24 19:22 282472 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-05-28 21:20 . 2012-01-23 19:29 282472 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-05-28 21:05 . 2012-01-23 19:29 282472 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-05-15 10:38 . 2012-01-23 19:29 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-05-13 12:46 . 2011-12-16 20:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 09:39 . 2012-02-26 20:21 93696 ----a-w- c:\windows\system\Logon.dll
2012-04-23 11:26 . 2012-04-25 05:24 108448 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2012-04-12 00:28 . 2012-04-12 00:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-12 00:28 . 2012-04-12 00:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-08 08:58 . 2012-04-08 08:58 20480 ----a-w- c:\windows\system\cek.exe
2012-04-08 07:58 . 2012-04-08 07:58 20480 ----a-w- c:\windows\system\get.exe
2012-04-04 01:54 . 2012-04-04 01:54 20480 ----a-w- c:\windows\system\h2.exe
2012-04-03 19:49 . 2012-04-03 19:49 20480 ----a-w- c:\windows\system\h1.exe
2012-04-02 11:20 . 2012-04-02 11:20 864256 ----a-w- c:\windows\system\md.exe
2012-03-19 21:49 . 2012-03-19 21:49 109440 ----a-w- c:\windows\system32\drivers\KbdCap.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-01 . E0593C5746742DFB99A45B9D1234EBFB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2009-04-02 15:06 . 63ED15F264BCB9474A83D3061E061F17 . 1436160 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2009-04-02 . 106267D1B1188EBD7FA9A95B6ABCAEBA . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2009-04-02 . 48F9080F67B88418ACDB7FAF1EE36F74 . 690176 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2009-04-01 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-15 . 4A06B20542848FF905E6490159C9B07A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[-] 2009-04-02 . 884B79FFA3CBCD047BAA9B8A0DA85C80 . 639488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2009-04-02 . D89FD57CAD1CDD28F494C23605384D1C . 1766912 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-15 . 53A37D146EC56A4AD44E51CD10334202 . 272896 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-10-17 . 2547D2CF090AC7636898F16957EBCEDC . 502272 . . [1.0626.6002.16497] . . c:\windows\system32\usp10.dll
.
[-] 2009-04-02 . E914EB6F510C90B8EA2B8607966E81D9 . 66560 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2009-04-02 . 8B50C48D9E3F4D1FDD43012F2832DEE1 . 2308096 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
2011-12-27 10:07 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll" [2011-12-27 87480]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\********s and settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-07 3331872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Facebook Update"="c:\********s and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-01-09 137536]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-03-22 452880]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-16 39408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-05-03 3487128]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-23 740216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-04-02 66560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-05-14 344064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-04-02 66560]
.
c:\********s and settings\Administrator\Start Menu\Programlar\Başlangıç\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2012-5-3 3553176]
.
c:\********s and settings\All Users\Start Menu\Programlar\Başlangıç\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2012-2-2 1843000]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^********s and Settings^All Users^Start Menu^Programlar^Başlangıç^GamersFirst LIVE!.lnk]
path=c:\********s and settings\All Users\Start Menu\Programlar\Başlangıç\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExpressFiles]
2012-04-16 00:09 455800 ----a-w- c:\program files\ExpressFiles\ExpressFiles.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet 3]
2010-12-16 06:12 2840112 ----a-w- c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-02-23 20:20 740216 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\SoftnyxGame\\WolfTeamTS\\Wolfteam.bin"=
"c:\\********s and Settings\\Administrator\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\AeriaGames\\WolfTeam-RU\\Wolfteam.bin"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\AeriaGames\\WolfTeam-IT\\Wolfteam.bin"=
"c:\\********s and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\BearShare Applications\\MediaBar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\Activision\\Call Of Duty 4\\iw3mp.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57807:TCP"= 57807:TCP
ando Media Booster"57807:UDP"= 57807:UDP
ando Media Booster"56847:TCP"= 56847:TCP
ando Media Booster"56847:UDP"= 56847:UDP
ando Media Booster"56538:TCP"= 56538:TCP
ando Media Booster"56538:UDP"= 56538:UDP
ando Media Booster"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11.07.2011 02:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.09.2011 07:30 32592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.02.2012 02:52 646392]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07.10.2011 07:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.07.2011 02:14 295248]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [25.04.2012 08:24 108448]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [15.04.2008 15:00 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12.10.2011 07:25 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02.08.2011 07:09 192776]
R2 WindowsLiveScan;Windows Live Scan Service;c:\windows\system\httpd.exe [26.02.2012 23:21 456192]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11.07.2011 02:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11.07.2011 02:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04.10.2011 07:21 16720]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [20.03.2012 00:49 109440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S2 gupdate;Google Güncelleme Hizmeti (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16.12.2011 23:09 136176]
S2 WindowsLiveModule;Windows Live Module;c:\windows\security\svchost.exe --> c:\windows\security\svchost.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [13.05.2012 15:46 257696]
S3 apf001;apf001;c:\program files\SoftnyxGame\WolfTeamTS\apf001.sys [24.02.2012 23:51 10872]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Güncelleme Hizmeti (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16.12.2011 23:09 136176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NTHRNN;NTHRNN;\??\c:\********s and settings\Administrator\Desktop\US_Heroinn_V_1_1_6\NTHRNN.sys --> c:\********s and settings\Administrator\Desktop\US_Heroinn_V_1_1_6\NTHRNN.sys [?]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\********s and settings\Administrator\Desktop\Sro Bot\NtProcDrv.sys --> c:\********s and settings\Administrator\Desktop\Sro Bot\NtProcDrv.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 12:46]
.
2012-05-28 c:\windows\Tasks\Express Files Updater.job
- c:\program files\ExpressFiles\EFupdater.exe [2012-04-16 00:09]
.
2012-05-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-602609370-1801674531-500Core.job
- c:\********s and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-09 19:49]
.
2012-05-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-602609370-1801674531-500UA.job
- c:\********s and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-09 19:49]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-16 20:09]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-16 20:09]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-602609370-1801674531-500Core.job
- c:\********s and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-17 20:09]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-602609370-1801674531-500UA.job
- c:\********s and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-17 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.com.tr/?clid=1863612
mStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with AktivDownloadManager! - c:\program files\Aktiv Download Manager\aktivdownloadmanager.htm
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: ????3??
IE: ????3??????
IE: Bütün linkleri IDM ile indir - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: IDM ile indir - c:\program files\Internet Download Manager\IEExt.htm
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: ????3?? - c:\********s and settings\Administrator\Application Data\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\********s and settings\Administrator\Application Data\FlashGetBHO\GetAllUrl.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CD11A980-A84A-44D7-BB44-6A005680CF00}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\********s and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lmy5lqmq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG2012\Firefox
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Ğ¡Ğ¿ÑÑник @Mail.Ru: {37964A3C-4EE8-47b1-8321-34DE2C39BA4D} - %profile%\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
FF - Ext: WincoreMediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - %profile%\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
HKLM-Run-UPDT - c:\********s and settings\Administrator\Templates\UPDT.exe
AddRemove-Repulse - c:\aeriagames\Repulse\Uninst.exe
AddRemove-Silkroad - c:\program files\Silkroad\Remove.Exe
AddRemove-WinRAR archiver - c:\********s and settings\Administrator\Desktop\uninstall.exe
AddRemove-{4AF6927A-CF46-4491-A7A6-EAE04A0152DE}_is1 - c:\kanuninet\unins000.exe
AddRemove-{6E9357BD-C74C-48EC-8667-F7DC1D51D17C}_is1 - c:\kanuni online\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-05-29 00:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-299502267-602609370-1801674531-500\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3* N}]
@="c:\\********s and Settings\\Administrator\\Application Data\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-299502267-602609370-1801674531-500\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3* N}hQèş¥c]
@="c:\\********s and Settings\\Administrator\\Application Data\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-299502267-602609370-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4d,0c,c1,9c,21,51,58,43,ae,86,32,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4d,0c,c1,9c,21,51,58,43,ae,86,32,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):82,18,81,80,49,66,c7,38,7b,2f,75,93,47,31,71,47,a4,36,0d,4a,b9,
4d,dd,2c,3f,9d,a1,5b,45,be,14,6f,9f,0a,4b,56,06,d6,6a,99,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6cd3ab6d-ce6c-4007-a2d6-b840d85264fb}]
@Denied: (Full) (Everyone)
"Model"=dword:0000008f
"Therad"=dword:00000002
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):4a,4c,63,f8,ce,88,6d,c6,82,94,33,4a,01,f1,72,63,96,f6,ed,d0,e6,
2b,6d,d0,5c,ea,1b,b2,f1,6a,0a,3d,da,c8,6e,ab,f7,3e,b7,6c,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d8836456-44ea-4af2-888a-ca8ce22df2bb}]
@Denied: (Full) (Everyone)
"Model"=dword:0000000e
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,88,79,0d,22,8e,33,17,75,a0,87,e2,b3,13,d2,54,90,48,f3,83,84,e7,07,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1004)
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'lsass.exe'(3252)
c:\windows\system32\COMRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\ImgUtil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_tr_b77a5c561934e089\System.resources.dll
.
- - - - - - - > 'explorer.exe'(3684)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\System32\msvcp60.dll
c:\windows\system32\credui.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\program files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
c:\program files\ATI Technologies\ATI.ACE\Core-Static\atiamtrk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\windows\system\lsass.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-05-29 00:41:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-28 21:41
.
Pre-Run: 24.339.337.216 bayt boş
Post-Run: 26.496.258.048 bayt boş
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FFF4E6018435DB4509AFB173871EDEEB
