I don't know problem
Dear Lavasoft Authorized
Couple days ago a virus get in my computer. All my pictures and other files in my external disc was gone. Later I see a blue screen. The virus didn't let the ad aware works... I run my computer in safe mode an I erase ad aware and I re uploaded it. After tha I made a scan... Couple hours it was worked fine. During this time I uploaded couple 'revorcer programme' to save my gone pictures and I see another suprise that names is 'babylon search'... However I tried I couldn't erase it.... and finally another virus engaded my computer.... It did use my mouse whatever it wishes and sent me a message says 'Hello can you please test for me:? http://hostmyexe....' something like that... and I run my computer safe mode again and rescan /smile.png' class='bbc_emoticon' alt=':)' />)) now I'm sending this mail....
Please help me...
Couple days ago a virus get in my computer. All my pictures and other files in my external disc was gone. Later I see a blue screen. The virus didn't let the ad aware works... I run my computer in safe mode an I erase ad aware and I re uploaded it. After tha I made a scan... Couple hours it was worked fine. During this time I uploaded couple 'revorcer programme' to save my gone pictures and I see another suprise that names is 'babylon search'... However I tried I couldn't erase it.... and finally another virus engaded my computer.... It did use my mouse whatever it wishes and sent me a message says 'Hello can you please test for me:? http://hostmyexe....' something like that... and I run my computer safe mode again and rescan /smile.png' class='bbc_emoticon' alt=':)' />)) now I'm sending this mail....
Please help me...
0
-
Hi kenanorhan,
I start with pasting the content of DDS.txt here, since it then will be a lot easier for me to go trough it. I'll post again when I have gone through the log.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
Run by Kenan ve Deniz at 1:18:57 on 2012-07-30
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = Preserve
uStart Page = hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mWinlogon: Userinit=userinit.exe
uWindows: Load=C:\Users\Kenan ve Deniz\gpevfww.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Oturum Açma Yardým Aracý: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [OscarEditor] "C:\Program Files (x86)\G9 16-in-1\\G9_16-in-1.exe" Minimum
uRun: [Google Update] "C:\Users\Kenan ve Deniz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [HKCU] C:\Users\Kenan ve Deniz\AppData\Roaming\install\server.exe
uRun: [audiodg_TR.exe] C:\Users\Kenan ve Deniz\Documents\audiodg_TR.exe
uRun: [xllhol.exe] "C:\Users\Kenan ve Deniz\AppData\Roaming\xllhol.exe"
uRun: [gtcllxcfnibemqjscko] C:\Users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe
uRun: [Java Runtime] C:\Users\Kenan ve Deniz\AppData\Roaming\install\server.exe
uRun: [Startup Key] C:\Users\KENANV~1\AppData\Local\Temp\name.exe
uRun: [java.exe] C:\Users\KENANV~1\AppData\Local\Temp\java.exe
uRun: [Orrirw] C:\Users\Kenan ve Deniz\AppData\Roaming\Orrirw.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HomePage] C:\Windows\configs.exe
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NUYwRDIxNUNDRjQxNEE4RU] C:\Users\Kenan ve Deniz\certCredKB.exe
mRun: [NEI3N0NFMzYxQ0MxNUZEME] C:\Users\Kenan ve Deniz\unimfsm.exe
mRun: [HKLM] C:\Users\Kenan ve Deniz\AppData\Roaming\install\server.exe
mRun: [AdobeART] C:\Users\Kenan ve Deniz\AppData\Roaming\AdobeART.exe
mRun: [xllhol.exe] "C:\Users\Kenan ve Deniz\AppData\Roaming\xllhol.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
uExplorerRun: [Google] C:\Users\Kenan ve Deniz\AppData\Roaming\4DB1BA.exe
mExplorerRun: [63726] C:\PROGRA~3\LOCALS~1\Temp\mswartzai.cmd
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} - hxxps://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv29.CAB
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{66E038D8-3659-42FE-8B79-20B4A5026A87} : DhcpNameServer = 212.65.128.2 212.65.140.142
TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6E5B96E3-5364-4179-972A-90BA9B474A7F} : DhcpNameServer = 13.35.0.1 13.35.0.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs:
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {3GP75X5P-71DT-P72P-8LY7-4074O3MBN7BL} - C:\Users\Kenan ve Deniz\AppData\Roaming\install\server.exe
Hosts: 88.208.16.168 xhamster.com
Hosts: 88.208.16.168 www.xhamster.com
Hosts: 88.208.16.168 static.xhamster.com
Hosts: 88.208.16.168 premium.xhamster.com
Hosts: 88.208.16.169 xhamster.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\me9vxh6d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=KW_ss&mntrId=5611f8ee000000000000000000000030&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\me9vxh6d.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\components\dtTransparency.dll
FF - component: C:\Users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\me9vxh6d.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kenan ve Deniz\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112543&tt=3012_3
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 5611f8ee000000000000000000000030
FF - user.js: extensions.BabylonToolbar.instlDay - 15549
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.14:24:30
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-07-29 22:07:09 79360 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\Orrirw.exe
2012-07-29 19:33:29 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\{F7105408-CB7A-409A-BC9C-D049858133E1}
2012-07-29 19:33:17 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\{4A8F921E-5FFD-4BA1-BB73-6F0690923D9C}
2012-07-29 13:19:28 275968 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\pewpxq.exe
2012-07-29 12:57:47 245760 --sh--w- C:\Users\Kenan ve Deniz\AppData\Roaming\dkotyu.exe
2012-07-29 12:26:31 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\adaware
2012-07-29 12:26:19 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-07-29 12:26:06 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-07-29 12:26:05 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-07-29 12:25:21 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys
2012-07-29 12:25:21 45936 ----a-w- C:\Windows\System32\sbbd.exe
2012-07-29 11:54:04 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Downloaded Installations
2012-07-29 11:52:44 781824 --sh--w- C:\Users\Kenan ve Deniz\AppData\Roaming\allwnj.exe
2012-07-29 11:41:05 781824 --sh--w- C:\Users\Kenan ve Deniz\AppData\Roaming\xjeamo.exe
2012-07-29 00:31:31 32072 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe
2012-07-29 00:31:17 1098240 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\jvcldk.exe
2012-07-28 15:27:27 96256 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\wpjeqw.exe
2012-07-28 14:07:05 217600 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\brwcfj.exe
2012-07-28 06:47:45 94208 ---h--r- C:\Users\Kenan ve Deniz\AppData\Roaming\xllhol.exe
2012-07-28 06:21:29 874496 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\windowsand.zgy
2012-07-28 06:21:26 702976 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\proclean.zgy
2012-07-28 06:21:26 288768 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\vbccvbgfb.zgy
2012-07-28 05:10:13 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Roaming\install
2012-07-28 04:27:58 874496 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\rqxkrl.exe
2012-07-28 04:17:15 123904 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\Microsoft\pdt__wpr_ridwsymbxnopd_kcoc_bsa.exe
2012-07-28 04:13:49 24064 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\yfybln.exe
2012-07-28 04:03:31 702976 ------w- C:\Users\Kenan ve Deniz\AppData\Roaming\proclean.exe
2012-07-28 04:01:37 24064 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\smayfj.exe
2012-07-28 03:43:54 4879 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\tlyfga.exe
2012-07-28 03:36:10 4888 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\osbbpq.exe
2012-07-28 02:53:54 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Roaming\R-TT
2012-07-28 02:26:06 13330 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\trphnu.exe
2012-07-28 02:02:42 1132740 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\rnbkwi.exe
2012-07-28 01:24:44 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Roaming\eType
2012-07-28 01:14:00 1918320 ----a-w- C:\Windows\System32\drivers\tcpipreset
2012-07-28 01:13:40 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Opera
2012-07-28 01:13:40 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Comodo
2012-07-28 01:13:40 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Bromium
2012-07-28 01:13:39 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Chromium
2012-07-28 01:13:37 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Nichrome
2012-07-28 01:13:33 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Xpom
2012-07-28 01:04:50 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Roaming\dclogs
2012-07-28 00:59:39 -------- d-----w- C:\Windows\SysWow64\install
2012-07-28 00:59:32 573440 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\wxgzab.exe
2012-07-27 23:27:49 636416 ---h--w- C:\Users\Kenan ve Deniz\AppData\Roaming\sccdlc.exe
2012-07-27 23:13:24 217600 -c-h--w- C:\Rundll32.exe
2012-07-26 13:25:36 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-07-26 13:25:31 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-07-26 00:14:28 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-11 11:07:46 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-03 03:12:07 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Geekcorp
2012-07-01 12:09:26 -------- d-sh--w- C:\Windows\ftpcache
.
==================== Find3M ====================
.
2012-07-27 23:49:51 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 23:49:51 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-05 19:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-05 19:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 12:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
.
============= FINISH: 1:19:24,24 ===============0 -
Hi again,
It is really a severe infection. A lot of information is missing from the logs so we need to try some other programs. If a program can't run in normal mode, please restart the computer in safe mode and try again. If still not possible, skip that program and continue with the next one.
1.
Save TDSSKiller on the Desktop:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe
Turn off all programs.
Run the program TDSSKiller.
Click on [b]Start Scan[/b].
If any [u]malicious[/u] objects are found select [b]Cure [/b]and click [b]Continue[/b]. If [b]Cure [/b]isn't available select [b]Skip[/b]. If any [u]suspicious [/u] objects are found select [b]Skip [/b]Do NOT select Quarantine or Delete.
The computer might need a restart.
Paste the content of the TDSSKiller log, which is located in the folder C:\ with the name TDSSKiller followed by version and time, into your answer.
2.
Restart the computer.
Please, download aswMBR to your desktop. http://public.avast.com/~gmerek/aswMBR.exe
Double click it to start the program.
Allow it to download extra definitions.
Click the [b]Scan[/b] button to start the scan.
When the scan has finished click the [b]Save log[/b] button and save it to your desktop.
Paste that log too.
3.
Restart the computer.
Please, follow the instructions on http://www.bleepingcomputer.com/combofix/how-to-use-combofix for installing and running ComboFix.
Read carefully and note the "Disclaimer of warranty"!
Paste the content of the log into your answer.
If ComboFix displays a message, for example that a rootkit was found, write it down as detailed as possible.0 -
02:25:53.0079 2228 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
02:25:53.0307 2228 ============================================================
02:25:53.0307 2228 Current date / time: 2012/07/30 02:25:53.0307
02:25:53.0307 2228 SystemInfo:
02:25:53.0307 2228
02:25:53.0307 2228 OS Version: 6.1.7601 ServicePack: 1.0
02:25:53.0307 2228 Product type: Workstation
02:25:53.0307 2228 ComputerName: KENANVEDENIZ
02:25:53.0308 2228 UserName: Kenan ve Deniz
02:25:53.0308 2228 Windows directory: C:\Windows
02:25:53.0308 2228 System windows directory: C:\Windows
02:25:53.0308 2228 Running under WOW64
02:25:53.0308 2228 Processor architecture: Intel x64
02:25:53.0308 2228 Number of processors: 4
02:25:53.0308 2228 Page size: 0x1000
02:25:53.0308 2228 Boot type: Normal boot
02:25:53.0308 2228 ============================================================
02:25:54.0868 2228 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:25:54.0873 2228 ============================================================
02:25:54.0873 2228 \Device\Harddisk0\DR0:
02:25:54.0873 2228 MBR partitions:
02:25:54.0873 2228 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000
02:25:54.0873 2228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x7530000
02:25:54.0887 2228 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x88EB000, BlocksNum 0x31A9A800
02:25:54.0887 2228 ============================================================
02:25:55.0022 2228 C: <-> \Device\Harddisk0\DR0\Partition1
02:25:55.0192 2228 D: <-> \Device\Harddisk0\DR0\Partition2
02:25:55.0192 2228 ============================================================
02:25:55.0192 2228 Initialize success
02:25:55.0192 2228 ============================================================
02:25:57.0447 3976 ============================================================
02:25:57.0447 3976 Scan started
02:25:57.0447 3976 Mode: Manual;
02:25:57.0447 3976 ============================================================
02:26:00.0004 3976 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
02:26:00.0025 3976 1394ohci - ok
02:26:00.0096 3976 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
02:26:00.0124 3976 ACPI - ok
02:26:00.0170 3976 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
02:26:00.0215 3976 AcpiPmi - ok
02:26:00.0379 3976 Ad-Aware Service (09e61047b0cef21559cfcedf4f14d216) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
02:26:00.0389 3976 Ad-Aware Service - ok
02:26:00.0545 3976 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:26:00.0548 3976 AdobeFlashPlayerUpdateSvc - ok
02:26:00.0702 3976 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
02:26:00.0712 3976 adp94xx - ok
02:26:00.0754 3976 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
02:26:00.0780 3976 adpahci - ok
02:26:00.0842 3976 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
02:26:00.0849 3976 adpu320 - ok
02:26:00.0873 3976 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
02:26:00.0875 3976 AeLookupSvc - ok
02:26:00.0937 3976 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
02:26:00.0941 3976 AERTFilters - ok
02:26:01.0013 3976 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
02:26:01.0026 3976 AFD - ok
02:26:01.0081 3976 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
02:26:01.0085 3976 agp440 - ok
02:26:01.0126 3976 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
02:26:01.0131 3976 ALG - ok
02:26:01.0179 3976 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
02:26:01.0182 3976 aliide - ok
02:26:01.0228 3976 AMD External Events Utility (16d2883ea6296333435df0c8b7d164b8) C:\Windows\system32\atiesrxx.exe
02:26:01.0230 3976 AMD External Events Utility - ok
02:26:01.0235 3976 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
02:26:01.0238 3976 amdide - ok
02:26:01.0270 3976 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
02:26:01.0274 3976 AmdK8 - ok
02:26:01.0299 3976 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
02:26:01.0317 3976 AmdPPM - ok
02:26:01.0371 3976 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
02:26:01.0377 3976 amdsata - ok
02:26:01.0410 3976 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
02:26:01.0416 3976 amdsbs - ok
02:26:01.0442 3976 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
02:26:01.0463 3976 amdxata - ok
02:26:01.0515 3976 ApfiltrService (8b522286c8d6a20133d12225b7759596) C:\Windows\system32\DRIVERS\Apfiltr.sys
02:26:01.0523 3976 ApfiltrService - ok
02:26:01.0591 3976 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
02:26:01.0609 3976 AppID - ok
02:26:01.0648 3976 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
02:26:01.0651 3976 AppIDSvc - ok
02:26:01.0724 3976 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
02:26:01.0725 3976 Appinfo - ok
02:26:01.0829 3976 Apple Mobile Device - ok
02:26:01.0870 3976 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
02:26:01.0875 3976 arc - ok
02:26:01.0898 3976 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
02:26:01.0903 3976 arcsas - ok
02:26:01.0937 3976 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:26:01.0941 3976 AsyncMac - ok
02:26:01.0975 3976 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
02:26:01.0976 3976 atapi - ok
02:26:02.0024 3976 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
02:26:02.0028 3976 AtiHdmiService - ok
02:26:02.0357 3976 atikmdag (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atikmdag.sys
02:26:02.0516 3976 atikmdag - ok
02:26:02.0709 3976 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:26:02.0717 3976 AudioEndpointBuilder - ok
02:26:02.0727 3976 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:26:02.0733 3976 AudioSrv - ok
02:26:02.0798 3976 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
02:26:02.0816 3976 AxInstSV - ok
02:26:02.0901 3976 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
02:26:02.0912 3976 b06bdrv - ok
02:26:02.0967 3976 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:26:02.0986 3976 b57nd60a - ok
02:26:03.0134 3976 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
02:26:03.0162 3976 BBSvc - ok
02:26:03.0197 3976 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
02:26:03.0201 3976 BCM42RLY - ok
02:26:03.0399 3976 BCM43XX (f4cd5f52850bf2c978de178f256ba372) C:\Windows\system32\DRIVERS\bcmwl664.sys
02:26:03.0416 3976 BCM43XX - ok
02:26:03.0549 3976 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
02:26:03.0571 3976 BDESVC - ok
02:26:03.0636 3976 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:26:03.0639 3976 Beep - ok
02:26:03.0729 3976 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
02:26:03.0738 3976 BITS - ok
02:26:03.0767 3976 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
02:26:03.0770 3976 blbdrive - ok
02:26:03.0887 3976 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
02:26:03.0892 3976 Bonjour Service - ok
02:26:03.0938 3976 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
02:26:03.0946 3976 bowser - ok
02:26:03.0978 3976 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:26:03.0981 3976 BrFiltLo - ok
02:26:03.0995 3976 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:26:03.0998 3976 BrFiltUp - ok
02:26:04.0057 3976 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
02:26:04.0060 3976 Browser - ok
02:26:04.0100 3976 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:26:04.0107 3976 Brserid - ok
02:26:04.0123 3976 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:26:04.0139 3976 BrSerWdm - ok
02:26:04.0178 3976 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:26:04.0181 3976 BrUsbMdm - ok
02:26:04.0191 3976 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:26:04.0212 3976 BrUsbSer - ok
02:26:04.0276 3976 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
02:26:04.0295 3976 BthEnum - ok
02:26:04.0356 3976 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
02:26:04.0360 3976 BTHMODEM - ok
02:26:04.0400 3976 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
02:26:04.0406 3976 BthPan - ok
02:26:04.0473 3976 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
02:26:04.0485 3976 BTHPORT - ok
02:26:04.0519 3976 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
02:26:04.0524 3976 bthserv - ok
02:26:04.0566 3976 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
02:26:04.0570 3976 BTHUSB - ok
02:26:04.0638 3976 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
02:26:04.0643 3976 btwaudio - ok
02:26:04.0668 3976 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
02:26:04.0673 3976 btwavdt - ok
02:26:04.0798 3976 btwdins (d65aa164acd0f6706dbcfbbcc9731584) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
02:26:04.0807 3976 btwdins - ok
02:26:04.0856 3976 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
02:26:04.0860 3976 btwl2cap - ok
02:26:04.0885 3976 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
02:26:04.0888 3976 btwrchid - ok
02:26:04.0911 3976 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:26:04.0930 3976 cdfs - ok
02:26:04.0991 3976 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
02:26:05.0039 3976 cdrom - ok
02:26:05.0118 3976 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:26:05.0121 3976 CertPropSvc - ok
02:26:05.0173 3976 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
02:26:05.0177 3976 circlass - ok
02:26:05.0216 3976 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:26:05.0220 3976 CLFS - ok
02:26:05.0305 3976 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:26:05.0308 3976 clr_optimization_v2.0.50727_32 - ok
02:26:05.0352 3976 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:26:05.0355 3976 clr_optimization_v2.0.50727_64 - ok
02:26:05.0466 3976 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:26:05.0487 3976 clr_optimization_v4.0.30319_32 - ok
02:26:05.0577 3976 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:26:05.0582 3976 clr_optimization_v4.0.30319_64 - ok
02:26:05.0609 3976 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
02:26:05.0628 3976 CmBatt - ok
02:26:05.0657 3976 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
02:26:05.0660 3976 cmdide - ok
02:26:05.0719 3976 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
02:26:05.0724 3976 CNG - ok
02:26:05.0755 3976 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
02:26:05.0759 3976 Compbatt - ok
02:26:05.0797 3976 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
02:26:05.0801 3976 CompositeBus - ok
02:26:05.0819 3976 COMSysApp - ok
02:26:05.0852 3976 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
02:26:05.0872 3976 crcdisk - ok
02:26:05.0945 3976 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
02:26:05.0949 3976 CryptSvc - ok
02:26:06.0007 3976 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
02:26:06.0013 3976 CtClsFlt - ok
02:26:06.0103 3976 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:26:06.0111 3976 DcomLaunch - ok
02:26:06.0154 3976 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
02:26:06.0163 3976 defragsvc - ok
02:26:06.0223 3976 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
02:26:06.0228 3976 DfsC - ok
02:26:06.0295 3976 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
02:26:06.0298 3976 Dhcp - ok
02:26:06.0330 3976 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:26:06.0333 3976 discache - ok
02:26:06.0366 3976 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
02:26:06.0371 3976 Disk - ok
02:26:06.0424 3976 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
02:26:06.0428 3976 Dnscache - ok
02:26:06.0495 3976 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
02:26:06.0503 3976 dot3svc - ok
02:26:06.0567 3976 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
02:26:06.0573 3976 Dot4 - ok
02:26:06.0615 3976 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
02:26:06.0618 3976 Dot4Print - ok
02:26:06.0650 3976 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
02:26:06.0676 3976 dot4usb - ok
02:26:06.0706 3976 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
02:26:06.0708 3976 DPS - ok
02:26:06.0757 3976 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:26:06.0761 3976 drmkaud - ok
02:26:06.0893 3976 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
02:26:06.0915 3976 DXGKrnl - ok
02:26:06.0953 3976 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
02:26:06.0955 3976 EapHost - ok
02:26:07.0141 3976 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
02:26:07.0217 3976 ebdrv - ok
02:26:07.0325 3976 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
02:26:07.0327 3976 EFS - ok
02:26:07.0451 3976 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
02:26:07.0466 3976 ehRecvr - ok
02:26:07.0513 3976 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
02:26:07.0534 3976 ehSched - ok
02:26:07.0638 3976 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
02:26:07.0651 3976 elxstor - ok
02:26:07.0690 3976 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
02:26:07.0692 3976 ErrDev - ok
02:26:07.0747 3976 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
02:26:07.0750 3976 EventSystem - ok
02:26:07.0781 3976 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:26:07.0808 3976 exfat - ok
02:26:07.0833 3976 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:26:07.0851 3976 fastfat - ok
02:26:07.0946 3976 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
02:26:07.0953 3976 Fax - ok
02:26:07.0996 3976 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
02:26:07.0999 3976 fdc - ok
02:26:08.0030 3976 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
02:26:08.0032 3976 fdPHost - ok
02:26:08.0047 3976 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
02:26:08.0049 3976 FDResPub - ok
02:26:08.0070 3976 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:26:08.0074 3976 FileInfo - ok
02:26:08.0100 3976 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:26:08.0104 3976 Filetrace - ok
02:26:08.0113 3976 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
02:26:08.0135 3976 flpydisk - ok
02:26:08.0211 3976 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
02:26:08.0219 3976 FltMgr - ok
02:26:08.0310 3976 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
02:26:08.0325 3976 FontCache - ok
02:26:08.0405 3976 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:26:08.0408 3976 FontCache3.0.0.0 - ok
02:26:08.0451 3976 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:26:08.0455 3976 FsDepends - ok
02:26:08.0509 3976 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
02:26:08.0526 3976 fssfltr - ok
02:26:08.0703 3976 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
02:26:08.0757 3976 fsssvc - ok
02:26:08.0888 3976 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
02:26:08.0911 3976 Fs_Rec - ok
02:26:08.0992 3976 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
02:26:09.0000 3976 fvevol - ok
02:26:09.0041 3976 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:26:09.0045 3976 gagp30kx - ok
02:26:09.0099 3976 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:26:09.0103 3976 GEARAspiWDM - ok
02:26:09.0193 3976 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
02:26:09.0204 3976 gpsvc - ok
02:26:09.0282 3976 gupdate - ok
02:26:09.0313 3976 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:26:09.0317 3976 hcw85cir - ok
02:26:09.0370 3976 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
02:26:09.0374 3976 HDAudBus - ok
02:26:09.0428 3976 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
02:26:09.0432 3976 HECIx64 - ok
02:26:09.0458 3976 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
02:26:09.0461 3976 HidBatt - ok
02:26:09.0479 3976 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
02:26:09.0483 3976 HidBth - ok
02:26:09.0532 3976 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
02:26:09.0535 3976 HidIr - ok
02:26:09.0565 3976 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
02:26:09.0567 3976 hidserv - ok
02:26:09.0622 3976 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
02:26:09.0625 3976 HidUsb - ok
02:26:09.0674 3976 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
02:26:09.0677 3976 hkmsvc - ok
02:26:09.0739 3976 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
02:26:09.0741 3976 HomeGroupListener - ok
02:26:09.0812 3976 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
02:26:09.0817 3976 HomeGroupProvider - ok
02:26:09.0867 3976 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
02:26:09.0899 3976 HpSAMD - ok
02:26:10.0009 3976 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
02:26:10.0024 3976 HTTP - ok
02:26:10.0100 3976 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
02:26:10.0104 3976 hwpolicy - ok
02:26:10.0166 3976 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
02:26:10.0171 3976 i8042prt - ok
02:26:10.0223 3976 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
02:26:10.0233 3976 iaStorV - ok
02:26:10.0352 3976 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:26:10.0382 3976 idsvc - ok
02:26:10.0438 3976 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
02:26:10.0442 3976 iirsp - ok
02:26:10.0579 3976 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
02:26:10.0588 3976 IKEEXT - ok
02:26:10.0617 3976 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
02:26:10.0622 3976 Impcd - ok
02:26:10.0755 3976 IntcAzAudAddService (2a7cf87be453241fe0baa1c8651e7aa4) C:\Windows\system32\drivers\RTKVHD64.sys
02:26:10.0787 3976 IntcAzAudAddService - ok
02:26:10.0921 3976 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
02:26:10.0925 3976 intelide - ok
02:26:10.0960 3976 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
02:26:10.0964 3976 intelppm - ok
02:26:10.0993 3976 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
02:26:11.0039 3976 IPBusEnum - ok
02:26:11.0067 3976 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:26:11.0071 3976 IpFilterDriver - ok
02:26:11.0112 3976 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
02:26:11.0142 3976 IPMIDRV - ok
02:26:11.0191 3976 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:26:11.0196 3976 IPNAT - ok
02:26:11.0372 3976 iPod Service (d38469601b72d2da4f847fc642174e21) C:\Program Files\iPod\bin\iPodService.exe
02:26:11.0384 3976 iPod Service - ok
02:26:11.0414 3976 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:26:11.0416 3976 IRENUM - ok
02:26:11.0449 3976 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
02:26:11.0452 3976 isapnp - ok
02:26:11.0497 3976 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
02:26:11.0503 3976 iScsiPrt - ok
02:26:11.0530 3976 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
02:26:11.0534 3976 kbdclass - ok
02:26:11.0595 3976 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
02:26:11.0597 3976 kbdhid - ok
02:26:11.0637 3976 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:26:11.0639 3976 KeyIso - ok
02:26:11.0682 3976 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
02:26:11.0682 3976 KSecDD - ok
02:26:11.0725 3976 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
02:26:11.0726 3976 KSecPkg - ok
02:26:11.0763 3976 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:26:11.0804 3976 ksthunk - ok
02:26:11.0862 3976 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
02:26:11.0884 3976 KtmRm - ok
02:26:11.0961 3976 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
02:26:11.0966 3976 LanmanServer - ok
02:26:12.0024 3976 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
02:26:12.0028 3976 LanmanWorkstation - ok
02:26:12.0094 3976 Lavasoft Kernexplorer - ok
02:26:12.0132 3976 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
02:26:12.0136 3976 Lbd - ok
02:26:12.0175 3976 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:26:12.0195 3976 lltdio - ok
02:26:12.0272 3976 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
02:26:12.0277 3976 lltdsvc - ok
02:26:12.0295 3976 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
02:26:12.0297 3976 lmhosts - ok
02:26:12.0323 3976 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:26:12.0358 3976 LSI_FC - ok
02:26:12.0388 3976 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:26:12.0393 3976 LSI_SAS - ok
02:26:12.0408 3976 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:26:12.0412 3976 LSI_SAS2 - ok
02:26:12.0450 3976 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:26:12.0491 3976 LSI_SCSI - ok
02:26:12.0521 3976 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:26:12.0526 3976 luafv - ok
02:26:12.0580 3976 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
02:26:12.0585 3976 Mcx2Svc - ok
02:26:12.0636 3976 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
02:26:12.0639 3976 megasas - ok
02:26:12.0683 3976 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
02:26:12.0691 3976 MegaSR - ok
02:26:12.0813 3976 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
02:26:12.0818 3976 Microsoft Office Groove Audit Service - ok
02:26:12.0867 3976 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:26:12.0870 3976 MMCSS - ok
02:26:12.0901 3976 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:26:12.0904 3976 Modem - ok
02:26:12.0935 3976 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:26:12.0938 3976 monitor - ok
02:26:12.0978 3976 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
02:26:12.0983 3976 mouclass - ok
02:26:13.0016 3976 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:26:13.0020 3976 mouhid - ok
02:26:13.0083 3976 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
02:26:13.0088 3976 mountmgr - ok
02:26:13.0150 3976 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
02:26:13.0155 3976 MozillaMaintenance - ok
02:26:13.0195 3976 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
02:26:13.0217 3976 mpio - ok
02:26:13.0254 3976 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:26:13.0258 3976 mpsdrv - ok
02:26:13.0309 3976 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
02:26:13.0314 3976 MRxDAV - ok
02:26:13.0359 3976 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:26:13.0365 3976 mrxsmb - ok
02:26:13.0417 3976 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:26:13.0425 3976 mrxsmb10 - ok
02:26:13.0468 3976 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:26:13.0473 3976 mrxsmb20 - ok
02:26:13.0500 3976 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
02:26:13.0514 3976 msahci - ok
02:26:13.0551 3976 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
02:26:13.0567 3976 msdsm - ok
02:26:13.0603 3976 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
02:26:13.0610 3976 MSDTC - ok
02:26:13.0649 3976 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:26:13.0653 3976 Msfs - ok
02:26:13.0672 3976 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:26:13.0676 3976 mshidkmdf - ok
02:26:13.0719 3976 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
02:26:13.0722 3976 msisadrv - ok
02:26:13.0763 3976 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
02:26:13.0783 3976 MSiSCSI - ok
02:26:13.0788 3976 msiserver - ok
02:26:13.0827 3976 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:26:13.0830 3976 MSKSSRV - ok
02:26:13.0872 3976 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:26:13.0874 3976 MSPCLOCK - ok
02:26:13.0890 3976 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:26:13.0912 3976 MSPQM - ok
02:26:13.0989 3976 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
02:26:13.0999 3976 MsRPC - ok
02:26:14.0035 3976 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
02:26:14.0038 3976 mssmbios - ok
02:26:14.0077 3976 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:26:14.0081 3976 MSTEE - ok
02:26:14.0118 3976 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
02:26:14.0121 3976 MTConfig - ok
02:26:14.0145 3976 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:26:14.0160 3976 Mup - ok
02:26:14.0247 3976 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
02:26:14.0255 3976 napagent - ok
02:26:14.0316 3976 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:26:14.0326 3976 NativeWifiP - ok
02:26:14.0442 3976 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
02:26:14.0478 3976 NDIS - ok
02:26:14.0515 3976 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:26:14.0519 3976 NdisCap - ok
02:26:14.0550 3976 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:26:14.0554 3976 NdisTapi - ok
02:26:14.0620 3976 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
02:26:14.0624 3976 Ndisuio - ok
02:26:14.0672 3976 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
02:26:14.0677 3976 NdisWan - ok
02:26:14.0722 3976 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
02:26:14.0726 3976 NDProxy - ok
02:26:14.0803 3976 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
02:26:14.0806 3976 Net Driver HPZ12 - ok
02:26:14.0841 3976 Netaapl (307bc83250fc8e3b2878d81e7d760299) C:\Windows\system32\DRIVERS\netaapl64.sys
02:26:14.0844 3976 Netaapl - ok
02:26:14.0875 3976 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:26:14.0879 3976 NetBIOS - ok
02:26:14.0952 3976 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
02:26:14.0973 3976 NetBT - ok
02:26:14.0993 3976 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:26:14.0995 3976 Netlogon - ok
02:26:15.0043 3976 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
02:26:15.0047 3976 Netman - ok
02:26:15.0113 3976 NetMsmqActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:26:15.0127 3976 NetMsmqActivator - ok
02:26:15.0147 3976 NetPipeActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:26:15.0149 3976 NetPipeActivator - ok
02:26:15.0199 3976 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
02:26:15.0204 3976 netprofm - ok
02:26:15.0209 3976 NetTcpActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:26:15.0211 3976 NetTcpActivator - ok
02:26:15.0217 3976 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:26:15.0218 3976 NetTcpPortSharing - ok
02:26:15.0270 3976 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
02:26:15.0274 3976 nfrd960 - ok
02:26:15.0379 3976 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
02:26:15.0384 3976 NlaSvc - ok
02:26:15.0397 3976 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:26:15.0401 3976 Npfs - ok
02:26:15.0428 3976 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
02:26:15.0429 3976 nsi - ok
02:26:15.0453 3976 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:26:15.0456 3976 nsiproxy - ok
02:26:15.0576 3976 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
02:26:15.0603 3976 Ntfs - ok
02:26:15.0737 3976 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:26:15.0741 3976 Null - ok
02:26:15.0789 3976 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
02:26:15.0794 3976 nvraid - ok
02:26:15.0826 3976 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
02:26:15.0831 3976 nvstor - ok
02:26:16.0163 3976 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
02:26:16.0168 3976 nv_agp - ok
02:26:16.0301 3976 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:26:16.0311 3976 odserv - ok
02:26:16.0343 3976 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
02:26:16.0380 3976 ohci1394 - ok
02:26:16.0455 3976 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:26:16.0460 3976 ose - ok
02:26:16.0540 3976 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:26:16.0550 3976 p2pimsvc - ok
02:26:16.0581 3976 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
02:26:16.0629 3976 p2psvc - ok
02:26:16.0683 3976 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
02:26:16.0701 3976 Parport - ok
02:26:16.0753 3976 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
02:26:16.0777 3976 partmgr - ok
02:26:16.0812 3976 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
02:26:16.0816 3976 PcaSvc - ok
02:26:16.0859 3976 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
02:26:16.0865 3976 pci - ok
02:26:16.0886 3976 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
02:26:16.0888 3976 pciide - ok
02:26:16.0947 3976 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
02:26:16.0972 3976 pcmcia - ok
02:26:16.0993 3976 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:26:16.0997 3976 pcw - ok
02:26:17.0048 3976 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:26:17.0063 3976 PEAUTH - ok
02:26:17.0135 3976 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
02:26:17.0139 3976 PerfHost - ok
02:26:17.0269 3976 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
02:26:17.0310 3976 pla - ok
02:26:17.0373 3976 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
02:26:17.0381 3976 PlugPlay - ok
02:26:17.0456 3976 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
02:26:17.0461 3976 Pml Driver HPZ12 - ok
02:26:17.0492 3976 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
02:26:17.0497 3976 PNRPAutoReg - ok
02:26:17.0539 3976 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:26:17.0544 3976 PNRPsvc - ok
02:26:17.0622 3976 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
02:26:17.0635 3976 PolicyAgent - ok
02:26:17.0686 3976 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
02:26:17.0691 3976 Power - ok
02:26:17.0780 3976 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
02:26:17.0785 3976 PptpMiniport - ok
02:26:17.0821 3976 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
02:26:17.0825 3976 Processor - ok
02:26:17.0885 3976 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
02:26:17.0888 3976 ProfSvc - ok
02:26:17.0926 3976 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:26:17.0928 3976 ProtectedStorage - ok
02:26:17.0986 3976 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
02:26:18.0003 3976 Psched - ok
02:26:18.0045 3976 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
02:26:18.0049 3976 PxHlpa64 - ok
02:26:18.0133 3976 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
02:26:18.0179 3976 ql2300 - ok
02:26:18.0306 3976 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
02:26:18.0311 3976 ql40xx - ok
02:26:18.0355 3976 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
02:26:18.0364 3976 QWAVE - ok
02:26:18.0383 3976 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:26:18.0395 3976 QWAVEdrv - ok
02:26:18.0429 3976 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:26:18.0432 3976 RasAcd - ok
02:26:18.0477 3976 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:26:18.0499 3976 RasAgileVpn - ok
02:26:18.0542 3976 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
02:26:18.0548 3976 RasAuto - ok
02:26:18.0622 3976 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:26:18.0627 3976 Rasl2tp - ok
02:26:18.0700 3976 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
02:26:18.0711 3976 RasMan - ok
02:26:18.0751 3976 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:26:18.0757 3976 RasPppoe - ok
02:26:18.0765 3976 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:26:18.0769 3976 RasSstp - ok
02:26:18.0832 3976 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
02:26:18.0840 3976 rdbss - ok
02:26:18.0867 3976 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
02:26:18.0870 3976 rdpbus - ok
02:26:18.0889 3976 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:26:18.0892 3976 RDPCDD - ok
02:26:18.0917 3976 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:26:18.0920 3976 RDPENCDD - ok
02:26:18.0936 3976 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:26:18.0938 3976 RDPREFMP - ok
02:26:18.0979 3976 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
02:26:18.0986 3976 RDPWD - ok
02:26:19.0070 3976 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
02:26:19.0090 3976 rdyboost - ok
02:26:19.0148 3976 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
02:26:19.0195 3976 RemoteAccess - ok
02:26:19.0242 3976 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
02:26:19.0250 3976 RemoteRegistry - ok
02:26:19.0303 3976 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
02:26:19.0327 3976 RFCOMM - ok
02:26:19.0373 3976 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
02:26:19.0377 3976 RpcEptMapper - ok
02:26:19.0411 3976 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
02:26:19.0414 3976 RpcLocator - ok
02:26:19.0504 3976 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:26:19.0510 3976 RpcSs - ok
02:26:19.0549 3976 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:26:19.0554 3976 rspndr - ok
02:26:19.0608 3976 RSUSBSTOR (502b316947ea887cddd325d4745eb7d0) C:\Windows\system32\Drivers\RtsUStor.sys
02:26:19.0615 3976 RSUSBSTOR - ok
02:26:19.0658 3976 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
02:26:19.0665 3976 RTL8167 - ok
02:26:19.0694 3976 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:26:19.0696 3976 SamSs - ok
02:26:20.0038 3976 SBAMSvc (bce943896289a91ad75cc5652620b1c6) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
02:26:20.0087 3976 SBAMSvc - ok
02:26:20.0255 3976 sbapifs (6e342316e72f4b6fa39c99e06373a1a3) C:\Windows\system32\DRIVERS\sbapifs.sys
02:26:20.0259 3976 sbapifs - ok
02:26:20.0338 3976 SbFw (19954328dda3d656f8a879b3a46ffed6) C:\Windows\system32\drivers\SbFw.sys
02:26:20.0347 3976 SbFw - ok
02:26:20.0391 3976 SBFWIMCL (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\sbfwim.sys
02:26:20.0397 3976 SBFWIMCL - ok
02:26:20.0412 3976 SBFWIMCLMP (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\SBFWIM.sys
02:26:20.0414 3976 SBFWIMCLMP - ok
02:26:20.0466 3976 sbhips (b671eef468d13016b9286f5835a06ae1) C:\Windows\system32\drivers\sbhips.sys
02:26:20.0475 3976 sbhips - ok
02:26:20.0519 3976 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
02:26:20.0524 3976 sbp2port - ok
02:26:20.0602 3976 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
02:26:20.0607 3976 SBRE - ok
02:26:20.0672 3976 sbwtis (eab54adcceca64b2f38cd859fb494895) C:\Windows\system32\DRIVERS\sbwtis.sys
02:26:20.0677 3976 sbwtis - ok
02:26:20.0716 3976 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
02:26:20.0734 3976 SCardSvr - ok
02:26:20.0760 3976 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
02:26:20.0763 3976 scfilter - ok
02:26:20.0864 3976 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
02:26:20.0872 3976 Schedule - ok
02:26:20.0942 3976 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:26:20.0943 3976 SCPolicySvc - ok
02:26:20.0966 3976 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
02:26:20.0969 3976 SDRSVC - ok
02:26:21.0127 3976 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
02:26:21.0129 3976 SeaPort - ok
02:26:21.0230 3976 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:26:21.0234 3976 secdrv - ok
02:26:21.0279 3976 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
02:26:21.0314 3976 seclogon - ok
02:26:21.0353 3976 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
02:26:21.0356 3976 SENS - ok
02:26:21.0393 3976 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
02:26:21.0414 3976 SensrSvc - ok
02:26:21.0445 3976 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
02:26:21.0448 3976 Serenum - ok
02:26:21.0491 3976 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
02:26:21.0495 3976 Serial - ok
02:26:21.0530 3976 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
02:26:21.0534 3976 sermouse - ok
02:26:21.0601 3976 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
02:26:21.0605 3976 SessionEnv - ok
02:26:21.0643 3976 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
02:26:21.0645 3976 sffdisk - ok
02:26:21.0658 3976 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
02:26:21.0673 3976 sffp_mmc - ok
02:26:21.0690 3976 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
02:26:21.0729 3976 sffp_sd - ok
02:26:21.0779 3976 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
02:26:21.0797 3976 sfloppy - ok
02:26:21.0852 3976 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
02:26:21.0855 3976 ShellHWDetection - ok
02:26:21.0892 3976 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:26:21.0894 3976 SiSRaid2 - ok
02:26:21.0911 3976 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
02:26:21.0915 3976 SiSRaid4 - ok
02:26:21.0928 3976 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:26:21.0932 3976 Smb - ok
02:26:21.0978 3976 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
02:26:21.0981 3976 SNMPTRAP - ok
02:26:22.0006 3976 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:26:22.0040 3976 spldr - ok
02:26:22.0085 3976 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
02:26:22.0090 3976 Spooler - ok
02:26:22.0266 3976 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
02:26:22.0286 3976 sppsvc - ok
02:26:22.0376 3976 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
02:26:22.0380 3976 sppuinotify - ok
02:26:22.0452 3976 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
02:26:22.0460 3976 srv - ok
02:26:22.0493 3976 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
02:26:22.0501 3976 srv2 - ok
02:26:22.0542 3976 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
02:26:22.0585 3976 srvnet - ok
02:26:22.0656 3976 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
02:26:22.0659 3976 SSDPSRV - ok
02:26:22.0684 3976 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
02:26:22.0688 3976 SstpSvc - ok
02:26:22.0743 3976 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
02:26:22.0748 3976 stexstor - ok
02:26:22.0807 3976 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
02:26:22.0812 3976 stisvc - ok
02:26:22.0842 3976 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
02:26:22.0845 3976 swenum - ok
02:26:22.0883 3976 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
02:26:22.0893 3976 swprv - ok
02:26:23.0008 3976 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
02:26:23.0026 3976 SysMain - ok
02:26:23.0151 3976 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
02:26:23.0157 3976 TabletInputService - ok
02:26:23.0202 3976 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
02:26:23.0216 3976 TapiSrv - ok
02:26:23.0248 3976 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
02:26:23.0252 3976 TBS - ok
02:26:23.0415 3976 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
02:26:23.0448 3976 Tcpip - ok
02:26:23.0683 3976 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
02:26:23.0694 3976 TCPIP6 - ok
02:26:23.0820 3976 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
02:26:23.0824 3976 tcpipreg - ok
02:26:23.0852 3976 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:26:23.0868 3976 TDPIPE - ok
02:26:23.0892 3976 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
02:26:23.0896 3976 TDTCP - ok
02:26:23.0994 3976 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
02:26:24.0000 3976 tdx - ok
02:26:24.0039 3976 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
02:26:24.0043 3976 TermDD - ok
02:26:24.0133 3976 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
02:26:24.0140 3976 TermService - ok
02:26:24.0171 3976 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
02:26:24.0173 3976 Themes - ok
02:26:24.0199 3976 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:26:24.0200 3976 THREADORDER - ok
02:26:24.0237 3976 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
02:26:24.0239 3976 TrkWks - ok
02:26:24.0309 3976 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
02:26:24.0311 3976 TrustedInstaller - ok
02:26:24.0364 3976 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:26:24.0368 3976 tssecsrv - ok
02:26:24.0458 3976 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
02:26:24.0462 3976 TsUsbFlt - ok
02:26:24.0520 3976 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
02:26:24.0525 3976 tunnel - ok
02:26:24.0555 3976 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
02:26:24.0560 3976 uagp35 - ok
02:26:24.0614 3976 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
02:26:24.0631 3976 udfs - ok
02:26:24.0673 3976 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
02:26:24.0679 3976 UI0Detect - ok
02:26:24.0725 3976 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
02:26:24.0729 3976 uliagpkx - ok
02:26:24.0777 3976 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
02:26:24.0782 3976 umbus - ok
02:26:24.0807 3976 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
02:26:24.0811 3976 UmPass - ok
02:26:24.0865 3976 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
02:26:24.0877 3976 upnphost - ok
02:26:24.0918 3976 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
02:26:24.0923 3976 USBAAPL64 - ok
02:26:24.0982 3976 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
02:26:24.0987 3976 usbaudio - ok
02:26:25.0020 3976 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
02:26:25.0024 3976 usbccgp - ok
02:26:25.0083 3976 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
02:26:25.0088 3976 usbcir - ok
02:26:25.0111 3976 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
02:26:25.0134 3976 usbehci - ok
02:26:25.0196 3976 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
02:26:25.0223 3976 usbhub - ok
02:26:25.0254 3976 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
02:26:25.0257 3976 usbohci - ok
02:26:25.0303 3976 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
02:26:25.0306 3976 usbprint - ok
02:26:25.0340 3976 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
02:26:25.0344 3976 usbscan - ok
02:26:25.0420 3976 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
02:26:25.0423 3976 usbser - ok
02:26:25.0451 3976 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:26:25.0455 3976 USBSTOR - ok
02:26:25.0470 3976 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
02:26:25.0473 3976 usbuhci - ok
02:26:25.0533 3976 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
02:26:25.0550 3976 usbvideo - ok
02:26:25.0582 3976 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
02:26:25.0585 3976 UxSms - ok
02:26:25.0627 3976 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:26:25.0629 3976 VaultSvc - ok
02:26:25.0682 3976 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
02:26:25.0686 3976 vdrvroot - ok
02:26:25.0756 3976 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
02:26:25.0779 3976 vds - ok
02:26:25.0839 3976 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:26:25.0842 3976 vga - ok
02:26:25.0866 3976 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:26:25.0869 3976 VgaSave - ok
02:26:25.0925 3976 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
02:26:25.0932 3976 vhdmp - ok
02:26:25.0946 3976 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
02:26:25.0949 3976 viaide - ok
02:26:25.0974 3976 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
02:26:25.0977 3976 volmgr - ok
02:26:26.0042 3976 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
02:26:26.0052 3976 volmgrx - ok
02:26:26.0105 3976 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
02:26:26.0113 3976 volsnap - ok
02:26:26.0153 3976 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
02:26:26.0159 3976 vsmraid - ok
02:26:26.0302 3976 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
02:26:26.0331 3976 VSS - ok
02:26:26.0458 3976 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
02:26:26.0462 3976 vwifibus - ok
02:26:26.0485 3976 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
02:26:26.0488 3976 vwififlt - ok
02:26:26.0529 3976 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
02:26:26.0534 3976 W32Time - ok
02:26:26.0573 3976 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
02:26:26.0601 3976 WacomPen - ok
02:26:26.0662 3976 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:26:26.0675 3976 WANARP - ok
02:26:26.0693 3976 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:26:26.0695 3976 Wanarpv6 - ok
02:26:26.0794 3976 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
02:26:26.0819 3976 WatAdminSvc - ok
02:26:26.0961 3976 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
02:26:26.0989 3976 wbengine - ok
02:26:27.0106 3976 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
02:26:27.0115 3976 WbioSrvc - ok
02:26:27.0166 3976 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
02:26:27.0178 3976 wcncsvc - ok
02:26:27.0205 3976 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
02:26:27.0209 3976 WcsPlugInService - ok
02:26:27.0265 3976 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
02:26:27.0269 3976 Wd - ok
02:26:27.0324 3976 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:26:27.0339 3976 Wdf01000 - ok
02:26:27.0364 3976 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:26:27.0366 3976 WdiServiceHost - ok
02:26:27.0371 3976 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:26:27.0373 3976 WdiSystemHost - ok
02:26:27.0430 3976 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
02:26:27.0441 3976 WebClient - ok
02:26:27.0497 3976 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
02:26:27.0504 3976 Wecsvc - ok
02:26:27.0528 3976 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
02:26:27.0530 3976 wercplsupport - ok
02:26:27.0568 3976 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
02:26:27.0570 3976 WerSvc - ok
02:26:27.0639 3976 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:26:27.0643 3976 WfpLwf - ok
02:26:27.0665 3976 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:26:27.0668 3976 WIMMount - ok
02:26:27.0678 3976 WinHttpAutoProxySvc - ok
02:26:27.0756 3976 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
02:26:27.0759 3976 Winmgmt - ok
02:26:27.0912 3976 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
02:26:27.0970 3976 WinRM - ok
02:26:28.0144 3976 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
02:26:28.0158 3976 WinUsb - ok
02:26:28.0230 3976 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
02:26:28.0240 3976 Wlansvc - ok
02:26:28.0345 3976 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
02:26:28.0350 3976 wlcrasvc - ok
02:26:28.0559 3976 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:26:28.0574 3976 wlidsvc - ok
02:26:28.0623 3976 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
02:26:28.0624 3976 wltrysvc - ok
02:26:28.0759 3976 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
02:26:28.0762 3976 WmiAcpi - ok
02:26:28.0817 3976 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
02:26:28.0824 3976 wmiApSrv - ok
02:26:28.0880 3976 WMPNetworkSvc - ok
02:26:28.0911 3976 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
02:26:28.0916 3976 WPCSvc - ok
02:26:28.0979 3976 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
02:26:28.0989 3976 WPDBusEnum - ok
02:26:29.0010 3976 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:26:29.0013 3976 ws2ifsl - ok
02:26:29.0020 3976 WSearch - ok
02:26:29.0188 3976 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
02:26:29.0211 3976 wuauserv - ok
02:26:29.0352 3976 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
02:26:29.0357 3976 WudfPf - ok
02:26:29.0404 3976 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:26:29.0410 3976 WUDFRd - ok
02:26:29.0461 3976 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
02:26:29.0466 3976 wudfsvc - ok
02:26:29.0526 3976 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
02:26:29.0536 3976 WwanSvc - ok
02:26:29.0593 3976 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:26:29.0812 3976 \Device\Harddisk0\DR0 - ok
02:26:29.0816 3976 Boot (0x1200) (fbb2f977ea70918718692072bd926ceb) \Device\Harddisk0\DR0\Partition0
02:26:29.0817 3976 \Device\Harddisk0\DR0\Partition0 - ok
02:26:29.0832 3976 Boot (0x1200) (5fbeec304255b89f9f44bfbc42ea0a09) \Device\Harddisk0\DR0\Partition1
02:26:29.0834 3976 \Device\Harddisk0\DR0\Partition1 - ok
02:26:29.0914 3976 Boot (0x1200) (074b17f64ec59072bd6c041aa1f1cd63) \Device\Harddisk0\DR0\Partition2
02:26:29.0916 3976 \Device\Harddisk0\DR0\Partition2 - ok
02:26:29.0917 3976 ============================================================
02:26:29.0917 3976 Scan finished
02:26:29.0917 3976 ============================================================
02:26:29.0931 5284 Detected object count: 0
02:26:29.0931 5284 Actual detected object count: 0
02:27:29.0575 4972 Deinitialize success0 -
Please, don't edit your posts, since I might miss it. Reply instead. 0 -
Have you access to another computer where you can download the files and then transfer them to the infected computer, for example with a CD or flash drive (don't have anything important one them in case the infection erases them)?
I can also upload the tools for you, but now it is too late so that will be tomorrow.0 -
[color=#282828][font=helvetica, arial, sans-serif]when i restart the computer a 'black dos table was shown on the screen and gone' and shut the computer once after that computer was opened.[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]Later couple run time error seemed on the screen. I wrote them to you.[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]msvcr100.dll[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]nspr4.dll[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]plc4.dll[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]mozsglite3.dll[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]nssutil3.dll[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]and [/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]run time error 216 at 00012b8c[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]your answer I don't have another computer.... my external disc was harmed too cause this virus and I lost my every file in it... very very important reseacrh report thousand of music most important is my pictures...[/font][/color]0 -
when i restart the computer a 'black dos table was shown on the screen and gone' and shut the computer once after that computer was opened.
Later couple run time error seemed on the screen. I wrote them to you.
msvcr100.dll
nspr4.dll
plc4.dll
mozsglite3.dll
nssutil3.dll
and
run time error 216 at 00012b8c
your answer I don't have another computer.... my external disc was harmed too cause this virus and I lost my every file in it... very very important reseacrh report thousand of music most important is my pictures...0 -
meanwhile "hostmyexe" virus is seemed after 3-4 hours my last fullscan /smile.png' class='bbc_emoticon' alt=':)' />)) 0 -
Even if you don't notice it any more, there may still be several malicious files and registry entries in the computer. Please, continue with item 2 and 3 in post #3. 0 -
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-30 17:08:17
-----------------------------
17:08:17.339 OS Version: Windows x64 6.1.7601 Service Pack 1
17:08:17.339 Number of processors: 4 586 0x2502
17:08:17.340 ComputerName: KENANVEDENIZ UserName:
17:08:18.214 Initialize success
17:08:24.720 AVAST engine defs: 12073000
17:08:27.606 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:08:27.609 Disk 0 Vendor: TOSHIBA_MK5055GSX FG000D Size: 476940MB BusType: 11
17:08:27.659 Disk 0 MBR read successfully
17:08:27.662 Disk 0 MBR scan
17:08:27.667 Disk 0 Windows 7 default MBR code
17:08:27.672 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
17:08:27.689 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10000 MB offset 206848
17:08:27.710 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 60000 MB offset 20686848
17:08:27.716 Disk 0 Partition - 00 0F Extended LBA 406838 MB offset 143566848
17:08:27.747 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 406837 MB offset 143568896
17:08:27.790 Disk 0 scanning C:\Windows\system32\drivers
17:08:41.665 Service scanning
17:09:26.952 Modules scanning
17:09:27.290 Disk 0 trace - called modules:
17:09:27.307 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:09:27.313 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bb1060]
17:09:27.319 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003b77680]
17:09:27.919 AVAST engine scan C:\Windows
17:09:30.064 AVAST engine scan C:\Windows\system32
17:14:40.420 AVAST engine scan C:\Windows\system32\drivers
17:14:59.823 AVAST engine scan C:\Users\Kenan ve Deniz
17:20:36.336 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\257A.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
17:20:47.007 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\47EA.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
17:20:51.772 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\70B1.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
17:22:31.303 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\8BD1.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
17:22:31.401 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\8FA4.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
17:22:32.869 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\97D8.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
17:22:37.767 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\AEFC.tmp **INFECTED** Win32:Malware-gen
17:22:39.938 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\B5E5.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
17:22:40.035 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\B5FE.tmp **INFECTED** Win32:Malware-gen
17:22:40.101 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\B8AB.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
17:22:40.275 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\BEA2.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
17:22:40.651 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\CF2C.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
17:23:08.341 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\DC32.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
17:24:33.533 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\F2B6.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
17:26:23.497 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\msitcm.cpl **INFECTED** Win32:MalOb-ER [Cryp]
17:26:27.582 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\plugins\svchost.exe **INFECTED** Win32:Malware-gen
17:27:52.496 File: C:\Users\Kenan ve Deniz\AppData\Roaming\brwcfj.exe **INFECTED** Win32:Rootkit-gen [Rtk]
17:28:43.858 File: C:\Users\Kenan ve Deniz\AppData\Roaming\sccdlc.exe **INFECTED** Win32:Malware-gen
17:28:47.738 File: C:\Users\Kenan ve Deniz\AppData\Roaming\wpjeqw.exe **INFECTED** Win32:Ruskill-EG [Trj]
17:29:09.114 AVAST engine scan C:\ProgramData
17:31:43.785 Scan finished successfully
17:31:54.806 Disk 0 MBR has been saved successfully to "C:\Users\Kenan ve Deniz\Desktop\MBR.dat"
17:31:54.812 The log file has been saved successfully to "C:\Users\Kenan ve Deniz\Desktop\aswMBR.txt"0 -
ComboFix 12-07-30.01 - Kenan ve Deniz 30.07.2012 17:41:41.1.4 - x64
Running from: c:\users\Kenan ve Deniz\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\Rundll32.exe
c:\users\Kenan ve Deniz\AppData\Roaming\8T5A0C240222OWfrancesco_updatedbin.exe
c:\users\Kenan ve Deniz\AppData\Roaming\allwnj.exe
c:\users\Kenan ve Deniz\AppData\Roaming\brwcfj.exe
c:\users\Kenan ve Deniz\AppData\Roaming\dkotyu.exe
c:\users\Kenan ve Deniz\AppData\Roaming\jvcldk.exe
c:\users\Kenan ve Deniz\AppData\Roaming\Kenan ve Denizlog.dat
c:\users\Kenan ve Deniz\AppData\Roaming\Microsoft\pdt__wpr_ridwsymbxnopd_kcoc_bsa.exe
c:\users\Kenan ve Deniz\AppData\Roaming\Orrirw.exe
c:\users\Kenan ve Deniz\AppData\Roaming\osbbpq.exe
c:\users\Kenan ve Deniz\AppData\Roaming\pewpxq.exe
c:\users\Kenan ve Deniz\AppData\Roaming\proclean.exe
c:\users\Kenan ve Deniz\AppData\Roaming\proclean.zgy
c:\users\Kenan ve Deniz\AppData\Roaming\rnbkwi.exe
c:\users\Kenan ve Deniz\AppData\Roaming\rqxkrl.exe
c:\users\Kenan ve Deniz\AppData\Roaming\sccdlc.exe
c:\users\Kenan ve Deniz\AppData\Roaming\smayfj.exe
c:\users\Kenan ve Deniz\AppData\Roaming\tlyfga.exe
c:\users\Kenan ve Deniz\AppData\Roaming\trphnu.exe
c:\users\Kenan ve Deniz\AppData\Roaming\vbccvbgfb.zgy
c:\users\Kenan ve Deniz\AppData\Roaming\windowsand.zgy
c:\users\Kenan ve Deniz\AppData\Roaming\wpjeqw.exe
c:\users\Kenan ve Deniz\AppData\Roaming\xjeamo.exe
c:\users\Kenan ve Deniz\AppData\Roaming\xllhol.exe
c:\users\Kenan ve Deniz\AppData\Roaming\yfybln.exe
c:\users\Kenan ve Deniz\AppData\Roaming\ZH5T6Q5Q2Jfrancesco_updatedbin.exe
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\install
D:\autorun.inf
D:\Rundll32.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-29 12:26 . 2012-07-29 12:26 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\adaware
2012-07-29 12:26 . 2011-12-19 09:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-07-29 12:26 . 2011-09-29 09:16 119416 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-07-29 12:26 . 2011-12-19 09:44 256632 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-07-29 12:25 . 2011-12-19 10:21 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-07-29 12:25 . 2011-10-26 11:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2012-07-29 11:54 . 2012-07-29 11:54 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Downloaded Installations
2012-07-29 00:31 . 2010-11-05 01:57 32072 ----a-w- c:\users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe
2012-07-28 05:10 . 2012-07-30 14:43 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\install
2012-07-28 02:53 . 2012-07-28 02:53 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\R-TT
2012-07-28 01:24 . 2012-07-28 01:25 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\eType
2012-07-28 01:24 . 2012-07-28 01:24 304 -c--a-w- C:\user.js
2012-07-28 01:14 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpipreset
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Opera
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Comodo
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Bromium
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Chromium
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Nichrome
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Xpom
2012-07-28 01:04 . 2012-07-28 01:11 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\dclogs
2012-07-26 13:25 . 2012-07-26 13:25 -------- d-----w- c:\program files (x86)\adawaretb
2012-07-26 13:25 . 2011-10-26 13:19 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-07-26 00:14 . 2012-07-26 00:14 -------- d-----w- c:\program files (x86)\Oracle
2012-07-25 21:57 . 2012-07-25 21:57 -------- d-----w- c:\programdata\Local Settings
2012-07-11 11:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 03:12 . 2012-07-03 03:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Geekcorp
2012-07-01 12:09 . 2012-07-01 12:09 -------- d-sh--w- c:\windows\ftpcache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 23:49 . 2012-04-10 17:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 23:49 . 2011-05-19 13:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 11:04 . 2010-06-04 19:30 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-05 19:06 . 2012-05-28 11:05 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 19:06 . 2012-05-28 11:05 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-05 10:18 . 2011-03-28 15:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-21 07:01 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 07:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 07:01 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 07:01 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 07:01 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 07:01 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 07:01 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:19 . 2012-06-21 07:00 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 12:15 . 2012-06-21 07:00 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 04:01 . 2012-06-15 16:35 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-15 16:35 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-15 16:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 11:06 . 2012-06-15 16:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-15 16:34 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-15 16:34 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"audiodg_TR.exe"="c:\users\Kenan ve Deniz\Documents\audiodg_TR.exe" [2012-07-28 24064]
"gtcllxcfnibemqjscko"="c:\users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe" [2010-11-05 32072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-09 98304]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Güncelleme Hizmeti (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-01 35104]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-19 22528]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-10-26 69376]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-05-03 1226096]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-09 92160]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-08 202752]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPNAT
*NewlyCreated* - SBWTIS
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-05-03 15:37]
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 23:49]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3972443797-2272916507-3105240164-1001Core.job
- c:\users\Kenan ve Deniz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 12:49]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3972443797-2272916507-3105240164-1001UA.job
- c:\users\Kenan ve Deniz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 12:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-10-01 3189016]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15}: NameServer = 8.8.8.8,8.8.4.4
DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} - hxxps://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv29.CAB
FF - ProfilePath - c:\users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\me9vxh6d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=KW_ss&mntrId=5611f8ee000000000000000000000030&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112543&tt=3012_3
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 5611f8ee000000000000000000000030
FF - user.js: extensions.BabylonToolbar.instlDay - 15549
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.14:24
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-OscarEditor - c:\program files (x86)\G9 16-in-1\\G9_16-in-1.exe
Wow6432Node-HKCU-Run-xllhol.exe - c:\users\Kenan ve Deniz\AppData\Roaming\xllhol.exe
Wow6432Node-HKCU-Run-Orrirw - c:\users\Kenan ve Deniz\AppData\Roaming\Orrirw.exe
Wow6432Node-HKCU-Run-Java Runtime - c:\users\Kenan ve Deniz\AppData\Roaming\install\server.exe
Wow6432Node-HKLM-Run-NUYwRDIxNUNDRjQxNEE4RU - c:\users\Kenan ve Deniz\certCredKB.exe
Wow6432Node-HKLM-Run-NEI3N0NFMzYxQ0MxNUZEME - c:\users\Kenan ve Deniz\unimfsm.exe
Wow6432Node-HKLM-Run-AdobeART - c:\users\Kenan ve Deniz\AppData\Roaming\AdobeART.exe
Wow6432Node-HKLM-Run-xllhol.exe - c:\users\Kenan ve Deniz\AppData\Roaming\xllhol.exe
Wow6432Node-HKLM-Explorer_Run-63726 - c:\progra~3\LOCALS~1\Temp\mswartzai.cmd
SafeBoot-Wdf01000.sys
SafeBoot-Lavasoft Ad-Aware Service
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-07-30 18:02:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-30 15:02
.
Pre-Run: 16.577.212.416 bayt boş
Post-Run: 20.154.937.344 bayt boş
.
- - End Of File - - C58D04D8DA1933A0364F754F119280BE0 -
Good, ComboFix removed many files, but there are more.
1.
Upload this file to http://www.virustotal.com/ using the "Choose file" function (select reanalyze if asked) and post back the link to the scan report:
c:\users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe
2.
Copy all lines in the box:
[code]
Killall::
DirLook::
c:\users\Kenan ve Deniz\AppData\Roaming\install
[/code]
and paste into Notepad.
Save the file on the desktop with the name CFScript.
Prepare the computer according to the instructions for running ComboFix.
Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way.
Paste the new ComboFix log into your answer.
3.
Please, run aswMBR in the same way as last time and post its log.0 -
in 1st step which file do I have to choose? I don't understand that point clearly.
Shall I choose this one and after that scan ??[b][color=#282828][font=helvetica, arial, sans-serif]c:\users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe[/font][/color][/b]0 -
SHA256: b746362010a101cb5931bc066f0f4d3fc740c02a68c1f37fc3c8e6c87fd7cb1e SHA1: 0f02fc517c7facc4baefde4fe9467fb6488ebabe MD5: ed797d8dc2c92401985d162e42ffa450 File size: 31.3 KB ( 32072 bytes ) File name: gtcllxcfnibemqjscko.exe File type: Win32 EXE Detection ratio: 0 / 40 Analysis date: 2012-07-30 17:00:17 UTC ( 0 dakika ago ) 0 -
Yes, that is correct. 0 -
ComboFix 12-07-30.01 - Kenan ve Deniz 30.07.2012 20:10:54.2.4 - x64
Running from: c:\users\Kenan ve Deniz\Desktop\ComboFix.exe
Command switches used :: c:\users\Kenan ve Deniz\Desktop\CFScript.txt
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 17:17 . 2012-07-30 17:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-07-30 17:17 . 2012-07-30 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 12:26 . 2012-07-29 12:26 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\adaware
2012-07-29 12:26 . 2011-12-19 09:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-07-29 12:26 . 2011-09-29 09:16 119416 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-07-29 12:26 . 2011-12-19 09:44 256632 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-07-29 12:25 . 2011-12-19 10:21 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-07-29 12:25 . 2011-10-26 11:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2012-07-29 11:54 . 2012-07-29 11:54 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Downloaded Installations
2012-07-29 00:31 . 2010-11-05 01:57 32072 ----a-w- c:\users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe
2012-07-28 05:10 . 2012-07-30 14:43 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\install
2012-07-28 02:53 . 2012-07-28 02:53 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\R-TT
2012-07-28 01:24 . 2012-07-28 01:25 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\eType
2012-07-28 01:24 . 2012-07-28 01:24 304 -c--a-w- C:\user.js
2012-07-28 01:14 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpipreset
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Opera
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Comodo
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Bromium
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Chromium
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Nichrome
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Xpom
2012-07-28 01:04 . 2012-07-28 01:11 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\dclogs
2012-07-26 13:25 . 2012-07-26 13:25 -------- d-----w- c:\program files (x86)\adawaretb
2012-07-26 13:25 . 2011-10-26 13:19 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-07-26 00:14 . 2012-07-26 00:14 -------- d-----w- c:\program files (x86)\Oracle
2012-07-25 21:57 . 2012-07-25 21:57 -------- d-----w- c:\programdata\Local Settings
2012-07-11 11:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 03:12 . 2012-07-03 03:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Geekcorp
2012-07-01 12:09 . 2012-07-01 12:09 -------- d-sh--w- c:\windows\ftpcache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 23:49 . 2012-04-10 17:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 23:49 . 2011-05-19 13:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 11:04 . 2010-06-04 19:30 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-05 19:06 . 2012-05-28 11:05 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 19:06 . 2012-05-28 11:05 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-05 10:18 . 2011-03-28 15:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-21 07:01 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 07:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 07:01 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 07:01 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 07:01 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 07:01 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 07:01 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:19 . 2012-06-21 07:00 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 12:15 . 2012-06-21 07:00 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 04:01 . 2012-06-15 16:35 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-15 16:35 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-15 16:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 11:06 . 2012-06-15 16:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-15 16:34 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-15 16:34 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Kenan ve Deniz\AppData\Roaming\install ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-30_14.55.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-04 10:51 . 2012-07-30 17:20 60488 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-30 17:20 30194 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-30 17:21 . 2012-07-30 17:20 22076 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3972443797-2272916507-3105240164-1001_UserData.bin
- 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-30 17:21 . 2012-07-30 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-30 17:21 . 2012-07-30 14:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-30 17:21 . 2012-07-30 17:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-30 17:21 . 2012-07-30 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-30 17:21 . 2012-07-30 17:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-30 17:21 . 2012-07-30 17:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-30 14:51 . 2012-07-30 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-30 17:18 . 2012-07-30 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-30 14:51 . 2012-07-30 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-30 17:18 . 2012-07-30 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-07-30 14:50 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-30 17:17 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"audiodg_TR.exe"="c:\users\Kenan ve Deniz\Documents\audiodg_TR.exe" [2012-07-28 24064]
"gtcllxcfnibemqjscko"="c:\users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe" [2010-11-05 32072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-09 98304]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"63726"="c:\progra~3\LOCALS~1\Temp\mswartzai.cmd" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Güncelleme Hizmeti (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-01 35104]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-19 22528]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-10-26 69376]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-05-03 1226096]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-09 92160]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-08 202752]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-05-03 15:37]
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 23:49]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3972443797-2272916507-3105240164-1001Core.job
- c:\users\Kenan ve Deniz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 12:49]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3972443797-2272916507-3105240164-1001UA.job
- c:\users\Kenan ve Deniz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 12:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15}: NameServer = 8.8.8.8,8.8.4.4
DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} - hxxps://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv29.CAB
FF - ProfilePath - c:\users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\me9vxh6d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=KW_ss&mntrId=5611f8ee000000000000000000000030&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112543&tt=3012_3
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 5611f8ee000000000000000000000030
FF - user.js: extensions.BabylonToolbar.instlDay - 15549
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.14:24
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-07-30 20:24:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-30 17:24
ComboFix2.txt 2012-07-30 15:02
.
Pre-Run: 22.001.483.776 bayt boş
Post-Run: 22.001.799.168 bayt boş
.
- - End Of File - - 67748F8BAA8520C469D623DABA4C47350 -
1.
Save SystemLook on the desktop from one of these linkes:
http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshortstuff/SystemLook.exe
Double-click on SystemLook file to run it.
Copy all lines in the box
[code]
:dir
c:\users\Kenan ve Deniz\AppData\Roaming\install
c:\users\Kenan ve Deniz\AppData\Roaming\R-TT
c:\users\Kenan ve Deniz\AppData\Roaming\eType
c:\users\Kenan ve Deniz\AppData\Local\Opera
c:\users\Kenan ve Deniz\AppData\Local\Comodo
c:\users\Kenan ve Deniz\AppData\Local\Bromium
c:\users\Kenan ve Deniz\AppData\Local\Chromium
c:\users\Kenan ve Deniz\AppData\Local\Nichrome
c:\users\Kenan ve Deniz\AppData\Local\Xpom
c:\users\Kenan ve Deniz\AppData\Roaming\dclogs
:file
c:\windows\system32\drivers\tcpipreset
[/code]
and paste in the big text field in SýstemLook.
Click on the Look button to start the search.
When finished Notepad will pop-up with the log. Copy the log and paste into your answer. If Notepad doesn't pop-up you can find the log as SystemLook.txt on the Desktop.
2.
Please, uninstall Java(TM) 6 Update 16 in Control Panel - Programs and Features.
In Firefox - Tools - Add-Ons, look for Babylon on the different tabs and uninstall it when found.
Restart the computer.
3.
Please, run DDS and paste DDS.txt into your answer and attach Attach.txt.0 -
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-30 20:28:30
-----------------------------
20:28:30.446 OS Version: Windows x64 6.1.7601 Service Pack 1
20:28:30.446 Number of processors: 4 586 0x2502
20:28:30.446 ComputerName: KENANVEDENIZ UserName:
20:28:30.914 Initialize success
20:28:40.732 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:28:40.732 Disk 0 Vendor: TOSHIBA_MK5055GSX FG000D Size: 476940MB BusType: 11
20:28:40.748 Disk 0 MBR read successfully
20:28:40.748 Disk 0 MBR scan
20:28:40.748 Disk 0 Windows 7 default MBR code
20:28:40.763 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
20:28:40.779 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10000 MB offset 206848
20:28:40.795 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 60000 MB offset 20686848
20:28:40.795 Disk 0 Partition - 00 0F Extended LBA 406838 MB offset 143566848
20:28:40.826 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 406837 MB offset 143568896
20:28:40.857 Disk 0 scanning C:\Windows\system32\drivers
20:28:55.786 Service scanning
20:29:31.838 Modules scanning
20:29:31.838 Disk 0 trace - called modules:
20:29:32.415 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:29:32.415 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bb3060]
20:29:32.431 3 CLASSPNP.SYS[fffff8800196c43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80048f6550]
20:29:32.431 Scan finished successfully
20:31:34.126 Disk 0 MBR has been saved successfully to "C:\Users\Kenan ve Deniz\Desktop\MBR.dat"
20:31:34.126 The log file has been saved successfully to "C:\Users\Kenan ve Deniz\Desktop\aswMBR1.txt"0 -
SystemLook 30.07.11 by jpshortstuff
Log created at 21:03 on 30/07/2012 by Kenan ve Deniz
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
========== dir ==========
c:\users\Kenan ve Deniz\AppData\Roaming\install - Parameters: "(none)"
---Files---
None found.
---Folders---
None found.
c:\users\Kenan ve Deniz\AppData\Roaming\R-TT - Parameters: "(none)"
---Files---
None found.
---Folders---
R-Studio d------ [02:53 28/07/2012]
c:\users\Kenan ve Deniz\AppData\Roaming\eType - Parameters: "(none)"
---Files---
AdNotFound.htm --a---- 117 bytes [10:02 31/08/2011] [10:02 31/08/2011]
all.zip --a---- 346691 bytes [01:24 28/07/2012] [01:24 28/07/2012]
BigAd.htm --a---- 276 bytes [11:53 06/09/2011] [11:53 06/09/2011]
BigAd2.htm --a---- 354 bytes [07:07 11/09/2011] [07:07 11/09/2011]
BinariesVersions.xml --a---- 127 bytes [12:22 25/07/2012] [12:22 25/07/2012]
BinaryFiles_308.zip --a---- 0 bytes [01:24 28/07/2012] [01:24 28/07/2012]
DefaultPrograms.ini --a---- 1232 bytes [07:43 13/09/2011] [07:43 13/09/2011]
dicEnUs_TrTr.Lang_37.zip --a---- 1382524 bytes [01:25 28/07/2012] [01:25 28/07/2012]
dicInfo.txt --a---- 52 bytes [01:25 28/07/2012] [01:25 28/07/2012]
Dictionaries.xml --a---- 3060 bytes [11:15 15/08/2011] [11:15 15/08/2011]
dicTrTr_EnUs.Lang_37.zip --a---- 2222751 bytes [01:25 28/07/2012] [01:25 28/07/2012]
EmptyFacebook.jpg --a---- 390 bytes [14:28 07/03/2011] [14:28 07/03/2011]
EmptyFacebookL.jpg --a---- 1428 bytes [12:53 30/08/2011] [12:53 30/08/2011]
eTypeUninstall.exe --a---- 300440 bytes [12:14 25/07/2012] [12:14 25/07/2012]
eTypeUpdate.exe_52.zip --a---- 0 bytes [01:24 28/07/2012] [01:24 28/07/2012]
Facebook.htm --a---- 517 bytes [08:17 27/02/2011] [08:17 27/02/2011]
GoldUpdater.zip --a---- 1407117 bytes [01:25 28/07/2012] [01:25 28/07/2012]
icon_all_shadow.ico --a---- 15086 bytes [12:49 24/05/2010] [12:49 24/05/2010]
Install.bin --a---- 0 bytes [01:24 28/07/2012] [01:24 28/07/2012]
Launchx64.exe --a---- 17776 bytes [15:18 16/02/2012] [15:18 16/02/2012]
Loading.htm -ra---- 343 bytes [13:02 16/06/2010] [13:02 16/06/2010]
Loading_icon_circles_blue.gif -ra---- 2215 bytes [13:02 16/06/2010] [13:02 16/06/2010]
lzma.exe --a---- 83968 bytes [11:13 19/09/2010] [11:13 19/09/2010]
lzma.zip --a---- 43995 bytes [01:24 28/07/2012] [01:24 28/07/2012]
MessengerPromotion.txt --a---- 150 bytes [12:45 29/12/2010] [12:45 29/12/2010]
MyZip.dll --a---- 109464 bytes [15:45 13/04/2010] [15:45 13/04/2010]
news_box_facebook.jpg --a---- 23944 bytes [12:59 25/10/2010] [12:59 25/10/2010]
news_box_internet_connection.jpg --a---- 35413 bytes [06:47 19/08/2010] [06:47 19/08/2010]
NoConn.htm --a---- 388 bytes [09:08 10/10/2011] [09:08 10/10/2011]
NoConnection.htm --a---- 364 bytes [08:21 11/08/2010] [08:21 11/08/2010]
no_internet_connection.jpg --a---- 8232 bytes [09:07 10/10/2011] [09:07 10/10/2011]
OutlookHtmlPromotion.htm --a---- 407 bytes [09:07 28/12/2010] [09:07 28/12/2010]
OutlookHtmlPromotion2.htm --a---- 446 bytes [09:07 28/12/2010] [09:07 28/12/2010]
OutlookPlainPromotion.txt --a---- 145 bytes [09:06 28/12/2010] [09:06 28/12/2010]
Programs.ini --a---- 1220 bytes [07:43 13/09/2011] [07:43 13/09/2011]
SmallAd.htm --a---- 274 bytes [11:53 06/09/2011] [11:53 06/09/2011]
TimeRangeCache.dat --a---- 187 bytes [14:46 28/10/2010] [14:46 28/10/2010]
UpdaterVersions.xml --a---- 138 bytes [12:23 25/07/2012] [12:23 25/07/2012]
Url.xml --a---- 298 bytes [13:01 23/02/2010] [13:01 23/02/2010]
UserDictionaries.xml --a---- 223 bytes [06:25 05/06/2011] [01:24 28/07/2012]
VistaTool32.dll --a---- 53104 bytes [15:18 16/02/2012] [15:18 16/02/2012]
VistaTool64.dll --a---- 20848 bytes [15:18 16/02/2012] [15:18 16/02/2012]
WordNotFound.htm --a---- 1071 bytes [10:17 18/02/2010] [10:17 18/02/2010]
---Folders---
None found.
c:\users\Kenan ve Deniz\AppData\Local\Opera - Parameters: "(none)"
---Files---
None found.
---Folders---
Opera d------ [01:13 28/07/2012]
c:\users\Kenan ve Deniz\AppData\Local\Comodo - Parameters: "(none)"
---Files---
None found.
---Folders---
Dragon d------ [01:13 28/07/2012]
c:\users\Kenan ve Deniz\AppData\Local\Bromium - Parameters: "(none)"
---Files---
None found.
---Folders---
User Data d------ [01:13 28/07/2012]
c:\users\Kenan ve Deniz\AppData\Local\Chromium - Parameters: "(none)"
---Files---
None found.
---Folders---
Application d------ [01:13 28/07/2012]
User Data d------ [01:13 28/07/2012]
c:\users\Kenan ve Deniz\AppData\Local\Nichrome - Parameters: "(none)"
---Files---
None found.
---Folders---
Application d------ [01:13 28/07/2012]
User Data d------ [01:13 28/07/2012]
c:\users\Kenan ve Deniz\AppData\Local\Xpom - Parameters: "(none)"
---Files---
None found.
---Folders---
Application d------ [01:13 28/07/2012]
User Data d------ [01:13 28/07/2012]
c:\users\Kenan ve Deniz\AppData\Roaming\dclogs - Parameters: "(none)"
---Files---
2012-07-28-7.dc --a---- 33633 bytes [01:11 28/07/2012] [06:44 28/07/2012]
---Folders---
None found.
========== file ==========
c:\windows\system32\drivers\tcpipreset - Unable to find/read file.
-= EOF =-0 -
i can't solve from 'babylon' neither firefox nor explorer.
i deleted but when open again it's still there.
and according to my opinion this the basic problem for everything that all stuff obstruct run explorer0 -
Are you familiar with these folders/programs?
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Opera
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Comodo
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Bromium
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Chromium
2012-07-28 01:24 . 2012-07-28 01:25 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\eType
2012-07-28 02:53 . 2012-07-28 02:53 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\R-TT
2012-07-28 05:10 . 2012-07-30 14:43 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\install
Did you (try to) install those programs or do you think they are part of the infection?0 -
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
Run by Kenan ve Deniz at 21:19:28 on 2012-07-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1254.90.1055.18.3957.2376 [GMT 3:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Enabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\Kenan ve Deniz\Documents\audiodg_TR.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\sppsvc.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Oturum Açma Yardım Aracı: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [audiodg_TR.exe] C:\Users\Kenan ve Deniz\Documents\audiodg_TR.exe
uRun: [gtcllxcfnibemqjscko] C:\Users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe"
mExplorerRun: [63726] C:\PROGRA~3\LOCALS~1\Temp\mswartzai.cmd
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} - hxxps://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv29.CAB
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{66E038D8-3659-42FE-8B79-20B4A5026A87} : DhcpNameServer = 212.65.128.2 212.65.140.142
TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6E5B96E3-5364-4179-972A-90BA9B474A7F} : DhcpNameServer = 13.35.0.1 13.35.0.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}
{6c97a91e-4524-4019-86af-2aa2d567bf5c}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}
{8dcb7100-df86-4384-8842-8fa844297b3f}
{6c97a91e-4524-4019-86af-2aa2d567bf5c}
{98889811-442D-49dd-99D7-DC866BE87DBC}
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\me9vxh6d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=KW_ss&mntrId=5611f8ee000000000000000000000030&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kenan ve Deniz\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112543&tt=3012_3
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 5611f8ee000000000000000000000030
FF - user.js: extensions.BabylonToolbar.instlDay - 15549
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.14:24:30
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-07-30 18:17:15 -------- dcsh--w- C:\$RECYCLE.BIN
2012-07-30 14:39:21 98816 ----a-w- C:\Windows\sed.exe
2012-07-30 14:39:21 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-30 14:39:21 256000 ----a-w- C:\Windows\PEV.exe
2012-07-30 14:39:21 208896 ----a-w- C:\Windows\MBR.exe
2012-07-29 19:33:29 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\{F7105408-CB7A-409A-BC9C-D049858133E1}
2012-07-29 19:33:17 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\{4A8F921E-5FFD-4BA1-BB73-6F0690923D9C}
2012-07-29 12:26:31 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\adaware
2012-07-29 12:26:19 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-07-29 12:26:06 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-07-29 12:26:05 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-07-29 12:25:21 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys
2012-07-29 12:25:21 45936 ----a-w- C:\Windows\System32\sbbd.exe
2012-07-29 11:54:04 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Downloaded Installations
2012-07-29 00:31:31 32072 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe
2012-07-28 05:10:13 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Roaming\install
2012-07-28 02:53:54 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Roaming\R-TT
2012-07-28 01:24:44 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Roaming\eType
2012-07-28 01:14:00 1918320 ----a-w- C:\Windows\System32\drivers\tcpipreset
2012-07-28 01:13:40 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Opera
2012-07-28 01:13:40 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Comodo
2012-07-28 01:13:40 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Bromium
2012-07-28 01:13:39 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Chromium
2012-07-28 01:13:37 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Nichrome
2012-07-28 01:13:33 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Xpom
2012-07-28 01:04:50 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Roaming\dclogs
2012-07-26 13:25:36 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-07-26 13:25:31 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-07-26 00:14:28 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-11 11:07:46 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-03 03:12:07 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Geekcorp
2012-07-01 12:09:26 -------- d-sh--w- C:\Windows\ftpcache
.
==================== Find3M ====================
.
2012-07-27 23:49:51 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 23:49:51 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-05 19:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-05 19:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 12:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 21:23:39,25 ===============0 -
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 30.05.2010 20:03:31
System Uptime: 30.07.2012 21:16:31 (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | U2E1 | 1314/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 59 GiB total, 20,223 GiB free.
D: is FIXED (NTFS) - 397 GiB total, 397,2 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP604: 30.07.2012 21:06:39 - Removed Java(TM) 6 Update 16 (64-bit)
RP605: 30.07.2012 21:08:31 - Removed Java(TM) 6 Update 16
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
AC3Filter 1.63b
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Ad-Aware Security Toolbar
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.2
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
ArtRage 2 Starter Edition
ATI Catalyst Control Center
Azureus Vuze
Bing Bar
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
Dell Webcam Central
GOM Player
Google Chrome
Google Update Helper
HPDiagnosticAlert
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
Live! Cam Avatar Creator
Mesh Runtime
Messenger Companion
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Turkish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007 Help Güncelleştirmesi (KB963678)
Microsoft Office Excel MUI (Turkish) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Turkish) 2007
Microsoft Office InfoPath MUI (Turkish) 2007
Microsoft Office OneNote MUI (Turkish) 2007
Microsoft Office Outlook MUI (Turkish) 2007
Microsoft Office Powerpoint 2007 Help Güncelleştirmesi (KB963669)
Microsoft Office PowerPoint MUI (Turkish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Turkish) 2007
Microsoft Office Proofing (Turkish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Turkish) 2007
Microsoft Office Shared MUI (Turkish) 2007
Microsoft Office Word 2007 Help Güncelleştirmesi (KB963665)
Microsoft Office Word MUI (Turkish) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 14.0.1 (x86 tr)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
PowerDVD DX
QuickTime
Realtek High Definition Audio Driver
Roxio Burn
Security Update for Microsoft .NET Framework 4 İstemci Profili TRK Dil Paketi (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skins
Spelling Dictionaries Support For Adobe Reader 9
swMSM
TomTom HOME 2.8.1.2218
TomTom HOME Visual Studio Merge Modules
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Winamp
Winamp Algılayıcı
Winamp Toolbar
Windows Live Communications Platform
Windows Live Fotoğraf Galerisi
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
Youtube Jacker
.
==== End Of File ===========================0 -
no ı dont need none of them
[color=#282828][font=helvetica, arial, sans-serif]2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Opera[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Comodo[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Bromium[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Chromium[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]2012-07-28 01:24 . 2012-07-28 01:25 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\eType[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]2012-07-28 02:53 . 2012-07-28 02:53 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\R-TT[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]2012-07-28 05:10 . 2012-07-30 14:43 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\install[/font][/color]0 -
if chorimium interests with google chrome yes i prepared it.
and I established etype when I was trying to restore or recover my deleted pictures....
that day I established couple programmes and I tried to delete most of them.
the 'babylon thing' get in my computer that day...0 -
but i dont need none of them except Google Chrome /smile.png' class='bbc_emoticon' alt=':)' />) 0 -
? 0 -
No need to delete folders that aren't malicious. /smile.png' class='bbc_emoticon' alt=':)' />
Babylon toolbar usually comes together with another program, it is used as a way of the program developer to get paid for the work.
1.
Please, upload the file c:\users\Kenan ve Deniz\AppData\Roaming\dclogs\2012-07-28-7.dc to the virustotal web page and post the link to the result.
2.
Copy all lines in the box:
[code]
Killall::
ClearJavaCache::
DDS::
uStart Page = hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
uRun: [gtcllxcfnibemqjscko] C:\Users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe
mExplorerRun: [63726] C:\PROGRA~3\LOCALS~1\Temp\mswartzai.cmd
FF - ProfilePath - C:\Users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\me9vxh6d.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=KW_ss&mntrId=5611f8ee000000000000000000000030&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112543&tt=3012_3
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 5611f8ee000000000000000000000030
FF - user.js: extensions.BabylonToolbar.instlDay - 15549
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.14:24:30
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
2012-07-29 00:31:31 32072 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe
[/code]
and paste into Notepad.
Save the file on the desktop with the name CFScript and encoding ANSI (next to the save button).
Prepare the computer according to the instructions for running ComboFix.
Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way.
Paste the new ComboFix log into your answer.0 -
Ok, not necessary to perform step 1. Please, perform step 2. 0 -
ComboFix 12-07-30.01 - Kenan ve Deniz 31.07.2012 2:48.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1254.90.1055.18.3957.2734 [GMT 3:00]
Running from: c:\users\Kenan ve Deniz\Desktop\vir³s programlar²\ComboFix.exe
Command switches used :: c:\users\Kenan ve Deniz\Desktop\CFScript.txt
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Enabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kenan ve Deniz\AppData\Roaming\data.dat
c:\users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 23:54 . 2012-07-30 23:54 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-07-30 23:54 . 2012-07-30 23:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 12:26 . 2012-07-29 12:26 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\adaware
2012-07-29 12:26 . 2011-12-19 09:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-07-29 12:26 . 2011-09-29 09:16 119416 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-07-29 12:26 . 2011-12-19 09:44 256632 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-07-29 12:25 . 2011-12-19 10:21 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-07-29 12:25 . 2011-10-26 11:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2012-07-29 11:54 . 2012-07-29 11:54 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Downloaded Installations
2012-07-28 05:10 . 2012-07-30 14:43 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\install
2012-07-28 02:53 . 2012-07-28 02:53 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\R-TT
2012-07-28 01:24 . 2012-07-28 01:25 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\eType
2012-07-28 01:24 . 2012-07-28 01:24 304 -c--a-w- C:\user.js
2012-07-28 01:14 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpipreset
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Opera
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Comodo
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Bromium
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Chromium
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Nichrome
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Xpom
2012-07-28 01:04 . 2012-07-28 01:11 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\dclogs
2012-07-26 13:25 . 2012-07-26 13:25 -------- d-----w- c:\program files (x86)\adawaretb
2012-07-26 13:25 . 2011-10-26 13:19 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-07-26 00:14 . 2012-07-26 00:14 -------- d-----w- c:\program files (x86)\Oracle
2012-07-25 21:57 . 2012-07-25 21:57 -------- d-----w- c:\programdata\Local Settings
2012-07-11 11:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 03:12 . 2012-07-03 03:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Geekcorp
2012-07-01 12:09 . 2012-07-01 12:09 -------- d-sh--w- c:\windows\ftpcache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 23:49 . 2012-04-10 17:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 23:49 . 2011-05-19 13:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 11:04 . 2010-06-04 19:30 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-05 19:06 . 2012-05-28 11:05 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 19:06 . 2012-05-28 11:05 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-05 10:18 . 2011-03-28 15:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-21 07:01 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 07:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 07:01 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 07:01 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 07:01 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 07:01 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 07:01 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:19 . 2012-06-21 07:00 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 12:15 . 2012-06-21 07:00 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 04:01 . 2012-06-15 16:35 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-15 16:35 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-15 16:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 11:06 . 2012-06-15 16:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-15 16:34 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-15 16:34 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-30_14.55.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-04 10:51 . 2012-07-30 23:15 60640 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-30 23:45 30242 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-30 17:21 . 2012-07-30 23:45 22116 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3972443797-2272916507-3105240164-1001_UserData.bin
+ 2010-05-30 17:21 . 2012-07-30 23:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-30 17:21 . 2012-07-30 14:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-30 17:21 . 2012-07-30 23:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-30 17:21 . 2012-07-30 23:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-30 17:21 . 2012-07-30 23:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-30 17:21 . 2012-07-30 23:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-07 17:55 . 2012-07-30 18:15 4194 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-30 14:51 . 2012-07-30 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-30 23:55 . 2012-07-30 23:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-30 23:55 . 2012-07-30 23:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-30 14:51 . 2012-07-30 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-26 00:14 . 2012-06-26 22:43 227824 c:\windows\SysWOW64\javaws.exe
- 2009-09-22 20:29 . 2012-06-15 22:13 619554 c:\windows\system32\perfh01F.dat
+ 2009-09-22 20:29 . 2012-07-30 18:23 619554 c:\windows\system32\perfh01F.dat
- 2009-07-14 02:36 . 2012-06-15 22:13 617064 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-30 18:23 617064 c:\windows\system32\perfh009.dat
+ 2009-09-22 20:29 . 2012-07-30 18:23 121714 c:\windows\system32\perfc01F.dat
- 2009-09-22 20:29 . 2012-06-15 22:13 121714 c:\windows\system32\perfc01F.dat
- 2009-07-14 02:36 . 2012-06-15 22:13 106246 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-30 18:23 106246 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-30 14:50 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-30 23:55 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-01-23 01:26 . 2012-07-30 14:32 1411404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3972443797-2272916507-3105240164-1001-12288.dat
+ 2012-01-23 01:26 . 2012-07-30 18:34 1411404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3972443797-2272916507-3105240164-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"audiodg_TR.exe"="c:\users\Kenan ve Deniz\Documents\audiodg_TR.exe" [2012-07-28 24064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-09 98304]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"63726"="c:\progra~3\LOCALS~1\Temp\mswartzai.cmd" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Güncelleme Hizmeti (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-01 35104]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-19 22528]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-10-26 69376]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-05-03 1226096]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-09 92160]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-08 202752]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-05-03 15:37]
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 23:49]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3972443797-2272916507-3105240164-1001Core.job
- c:\users\Kenan ve Deniz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 12:49]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3972443797-2272916507-3105240164-1001UA.job
- c:\users\Kenan ve Deniz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 12:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15}: NameServer = 8.8.8.8,8.8.4.4
DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} - hxxps://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv29.CAB
FF - ProfilePath - c:\users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\me9vxh6d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=KW_ss&mntrId=5611f8ee000000000000000000000030&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112543&tt=3012_3
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 5611f8ee000000000000000000000030
FF - user.js: extensions.BabylonToolbar.instlDay - 15549
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.14:24
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre7\bin\jusched.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-07-31 03:01:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-31 00:01
ComboFix2.txt 2012-07-30 15:02
.
Pre-Run: 21.302.284.288 bayt boş
Post-Run: 21.183.340.544 bayt boş
.
- - End Of File - - EA69DA088A825D11EC2991B5366496280
Please sign in to leave a comment.
Comments
70 comments