Giriş  | |
|
:Fatih:
Uzaklaştırılmış
4 gün cezanın 0 günü kaldı.
|
|
|
 8 Ekim 2008; 10:45:38
|
|
|
Buyur serji kardeşim..
ComboFix 08-10-07.06 - By Mudo 2008-10-08 10:30:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.1.1055.18.648 [GMT 3:00]
Running from: C:\Documents and Settings\By Mudo\Desktop\ComboFix.exe
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\windows\system32\Cache
C:\windows\system32\ijl11pro.dll
C:\windows\winhelp.ini
.
((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
.
2008-10-07 22:52 . 2008-10-07 22:52 <DIR> d-------- C:\Program Files\MSECache
2008-10-02 12:38 . 2008-10-02 12:38 <DIR> d-------- C:\Documents and Settings\By Mudo\Application Data\Leadertech
2008-10-02 00:58 . 2008-10-02 00:58 <DIR> d-------- C:\Program Files\GRETECH
2008-10-02 00:58 . 2008-10-02 00:58 <DIR> d-------- C:\Documents and Settings\By Mudo\Application Data\GRETECH
2008-10-02 00:58 . 2008-10-02 00:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-10-01 23:47 . 2008-10-07 10:30 <DIR> d-------- C:\Documents and Settings\By Mudo\Application Data\DMCache
2008-10-01 14:16 . 2008-10-01 14:16 <DIR> d-------- C:\Program Files\Router Screenshot Grabber
2008-10-01 13:35 . 2008-10-02 15:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-01 13:35 . 2008-10-01 13:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-28 21:18 . 2008-09-28 21:18 <DIR> d-------- C:\WINDOWS\Setup2K
2008-09-28 21:18 . 2002-10-01 14:43 119,798 --a------ C:\WINDOWS\system32\drivers\spca561.sys
2008-09-28 21:18 . 2002-11-22 15:56 118,784 --a------ C:\WINDOWS\ShowBmp.exe
2008-09-28 21:18 . 2002-08-13 18:01 53,248 --a------ C:\WINDOWS\ap561.exe
2008-09-28 21:18 . 2002-08-13 18:01 14,385 --a------ C:\WINDOWS\Tw561a.ini
2008-09-28 21:18 . 2002-09-20 19:44 14,336 --a------ C:\WINDOWS\system32\dshow508.ax
2008-09-28 21:18 . 2002-08-13 18:01 7,431 --a------ C:\WINDOWS\Tw561a.src
2008-09-28 21:18 . 2002-03-19 14:11 81 --a------ C:\WINDOWS\Setup8a.ini
2008-09-27 22:00 . 2008-09-27 22:00 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-09-25 00:02 . 2008-09-25 00:03 <DIR> d-------- C:\Program Files\JAP
2008-09-14 18:43 . 2008-09-14 18:43 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-09-14 18:42 . 2008-09-14 18:42 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-09-14 18:42 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-09-09 23:09 . 2008-09-09 23:09 32 --a------ C:\WINDOWS\system32\fms01278.vxd
2008-09-09 23:08 . 2008-09-13 15:05 <DIR> d--hs---- C:\Program Files\Elgqym
2008-09-09 23:08 . 2008-09-09 23:08 <DIR> d-------- C:\Program Files\Common Files\Elgqym
2008-09-08 00:00 . 2008-09-08 00:27 <DIR> d-------- C:\Documents and Settings\By Mudo\Application Data\Mp3tag
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-08 07:36 16,500,768 --sha-w C:\windows\system32\drivers\fidbox.dat
2008-10-08 07:34 385,056 --sha-w C:\windows\system32\drivers\fidbox2.dat
2008-10-08 07:33 42,320 --sha-w C:\windows\system32\drivers\fidbox2.idx
2008-10-08 07:33 233,432 --sha-w C:\windows\system32\drivers\fidbox.idx
2008-10-08 07:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-07 17:49 --------- d-----w C:\Program Files\FlashGet
2008-10-01 22:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-01 21:56 --------- d-----w C:\Documents and Settings\By Mudo\Application Data\uTorrent
2008-10-01 10:28 --------- d-----w C:\Program Files\EA Sports
2008-09-28 18:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-25 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-09-25 15:41 --------- d-----w C:\Program Files\Nokia
2008-09-25 15:41 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-23 16:54 --------- d-----w C:\Documents and Settings\By Mudo\Application Data\LimeWire
2008-09-13 12:01 96,976 ----a-w C:\windows\system32\drivers\klin.dat
2008-09-13 12:01 87,855 ----a-w C:\windows\system32\drivers\klick.dat
2008-09-13 11:34 --------- d-----w C:\Program Files\ESET
2008-09-13 10:29 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2008-09-13 10:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cast ping base frag
2008-09-09 22:06 --------- d-----w C:\Program Files\7-Zip
2008-09-07 20:35 --------- d-----w C:\Program Files\Mp3tag
2008-09-06 21:15 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-03 20:13 --------- d-----w C:\Documents and Settings\By Mudo\Application Data\PC Suite
2008-09-03 17:43 --------- d-----w C:\Program Files\Kaspersky Lab
2008-09-01 09:25 --------- d-----w C:\Program Files\Philips
2008-08-25 15:19 --------- d-----w C:\Documents and Settings\By Mudo\Application Data\Sports Interactive
2008-08-25 11:08 --------- d-----w C:\Program Files\DAEMON Tools
2008-08-24 12:55 --------- d-----w C:\Documents and Settings\By Mudo\Application Data\Apple Computer
2008-08-24 09:04 --------- d--h--w C:\Program Files\Zero G Registry
2008-08-24 09:04 --------- d--h--r C:\Documents and Settings\By Mudo\Application Data\SecuROM
2008-08-24 08:54 682,232 ----a-w C:\windows\system32\drivers\sptd.sys
2008-08-24 08:22 --------- d-----w C:\Program Files\Valve
2008-08-24 08:20 --------- d-----w C:\Program Files\sXe Injected
2008-08-24 08:17 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-24 08:17 --------- d-----w C:\Program Files\QuickTime
2008-08-24 08:17 --------- d-----w C:\Program Files\PhotomatixPro3
2008-08-22 12:23 --------- d-----w C:\Documents and Settings\By Mudo\Application Data\Hamachi
2008-08-19 18:33 --------- d-----w C:\Program Files\Picasa2
2008-08-19 18:32 --------- d-----w C:\Program Files\Google
2008-08-17 12:05 --------- d-----w C:\Program Files\Eidos
2008-08-16 15:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-08-16 15:32 --------- d-----w C:\Documents and Settings\By Mudo\Application Data\Ulead Systems
2008-08-16 14:48 --------- d-----w C:\Program Files\SmartSound Software
2008-08-16 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-08-16 14:47 --------- d-----w C:\Program Files\Windows Media Components
2008-08-16 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-08-16 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-16 14:43 --------- d-----w C:\Program Files\Sipru
2008-08-16 14:42 --------- d-----w C:\Program Files\DevGuru
2008-08-16 13:27 --------- d-----w C:\Program Files\Free FLV Converter
2008-08-16 08:54 136,888 ----a-w C:\windows\system32\drivers\PnkBstrK.sys
2008-08-16 08:54 111,928 ----a-w C:\windows\system32\PnkBstrB.exe
2008-08-16 08:54 --------- d-----w C:\Documents and Settings\By Mudo\Application Data\Xfire
2008-08-15 14:25 --------- d-----w C:\Program Files\Circle Developement
2008-08-15 00:48 --------- d-----w C:\Documents and Settings\By Mudo\Application Data\Vso
2008-08-15 00:40 --------- d-----w C:\Program Files\VSO
2008-08-14 11:20 258,048 ----a-w C:\windows\system32\TubeFinder.exe
2008-08-12 22:08 42,320 ----a-w C:\windows\system32\xfcodec.dll
2008-08-12 18:43 --------- d-----w C:\Program Files\LimeWire
2008-08-11 12:15 --------- d-----w C:\Documents and Settings\By Mudo\Application Data\Azureus
2008-07-28 13:45 107,888 ----a-w C:\windows\system32\CmdLineExt.dll
2008-07-25 11:26 66,872 ----a-w C:\windows\system32\PnkBstrA.exe
2008-07-25 11:21 22,328 ----a-w C:\Documents and Settings\By Mudo\Application Data\PnkBstrK.sys
2008-07-22 12:54 444,952 ----a-w C:\windows\system32\wrap_oal.dll
2008-07-22 12:54 109,080 ----a-w C:\windows\system32\OpenAL32.dll
2008-07-18 19:10 94,920 ----a-w C:\windows\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\windows\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\windows\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\windows\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\windows\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\windows\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\windows\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\windows\system32\wuaueng.dll
2008-07-18 19:07 270,880 ----a-w C:\windows\system32\mucltui.dll
2008-07-18 19:07 210,976 ----a-w C:\windows\system32\muweb.dll
2008-07-18 18:39 586,752 ----a-w C:\windows\WLXPGSS.SCR
2008-05-04 10:16 32,768 --sha-w C:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050420080505\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-19 5724184]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-08-16 155648]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-05-05 214544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^Adobe Reader Hızlı Çalıştırma.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç\Adobe Reader Hızlı Çalıştırma.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hızlı Çalıştırma.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^By Mudo^Start Menu^Programlar^Başlangıç^Adobe Gamma.lnk]
path=C:\Documents and Settings\By Mudo\Start Menu\Programlar\Başlangıç\Adobe Gamma.lnk
backup=C:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-08-03 12:51 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 09:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-09-19 19:53 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 09:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-08-11 08:31 1124352 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsDM]
--a------ 2005-09-14 23:12 520192 C:\Program Files\Philips\Philips Device Manager\bin\DeviceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-08-16 17:47 155648 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 21:49 36352 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2008-04-11 10:20 69632 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-04-11 10:20 16264192 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2008-04-11 10:19 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\By Mudo\\Desktop\\Fatih Silme!\\Xfire\\xfire.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"D:\\amma ne flatout\\Flatout2\\FlatOut2.exe"=
"E:\\Oyunlar 2\\Counter strike 1.6\\Counter-Strike 1.6\\hl.exe"=
"E:\\Oyunlar 2\\Football manager\\fm.exe"=
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 XDva136;XDva136;C:\WINDOWS\system32\XDva136.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d2c24f9-573e-11dd-8db7-001617917caf}]
\Shell\Auto\command - H:\activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - H:\activexdebugger32.exe f
\Shell\open\Command - H:\activexdebugger32.exe f
.
Contents of the 'Scheduled Tasks' folder
2008-10-07 C:\windows\Tasks\A66B4B2C9184C340.job
- c:\docume~1\bymudo~1\applic~1\proxyb~1\2 burn default.exe []
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Barbtrans - C:\DOCUME~1\BYMUDO~1\APPLIC~1\PROXYB~1\NOUNBUILD.exe
MSConfigStartUp-Base frag grid bows - C:\Documents and Settings\All Users\Application Data\Cast ping base frag\Rdr Bin.exe
MSConfigStartUp-SLApp - C:\Program Files\Elgqym\Sentin.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\By Mudo\Application Data\Mozilla\Firefox\Profiles\9u9m2bvw.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com.tr
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NP_IDM1.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NP_IDM2.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NP_IDM3.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NP_IDM5.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NP_IDM6.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-08 10:35:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-10-08 10:40:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-08 07:39:12
Pre-Run: 5.508.358.144 bayt bos
Post-Run: 5,430,829,056 bayt bos
270 --- E O F --- 2008-09-10 17:29:51
|
|
|
|
|
|
8 Ekim 2008; 16:46:59
|
|
|
İşte rapor
ComboFix 08-10-07.06 - AOPEN 2008-10-08 16:38:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1254.1.1055.18.1601 [GMT 2:00]
Running from: D:\Download\ComboFix.exe
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\Documents and Settings\AOPEN\Application Data\BITS
C:\Documents and Settings\AOPEN\Application Data\BITS\BITS.ini
C:\Documents and Settings\AOPEN\Application Data\BITS\DHTTable.dat
C:\Documents and Settings\AOPEN\Application Data\BITS\ProxyList.ini
C:\Documents and Settings\AOPEN\Application Data\BITS\Torrent\20080718172621.torrent
C:\Documents and Settings\AOPEN\Application Data\BITS\Torrent\20080718172621.torrent.~tmp
C:\Documents and Settings\AOPEN\Application Data\BITS\Torrent\20080718172621.torrent.bits
C:\Documents and Settings\AOPEN\Application Data\BITS\Torrent\20080718172621.torrent.****
C:\Documents and Settings\AOPEN\Application Data\BITS\UPnP.ini
C:\e.exe
C:\itsduel.exe
C:\n6t1h.cmd
C:\Program Files\FlashGet Network
C:\Program Files\FlashGet Network\FlashGet universal\dbtrans_verbose - 2008.08.29 14.54.16.log
C:\Program Files\FlashGet Network\FlashGet universal\dbtrans_verbose - 2008.09.05 16.07.01.log
C:\Program Files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
C:\Program Files\FlashGet Network\FlashGet universal\fgoption.ini
C:\Program Files\FlashGet Network\FlashGet universal\P2PCfg.ini
C:\Program Files\FlashGet Network\FlashGet universal\p2spmgr.ini
C:\Program Files\FlashGet Network\FlashGet universal\p4spmgr.ini
C:\Program Files\FlashGet Network\FlashGet universal\Profiles\config.dat
C:\Program Files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
C:\Program Files\FlashGet Network\FlashGet universal\transaction - 2008.08.29 14.54.16.log
C:\Program Files\FlashGet Network\FlashGet universal\transaction - 2008.09.05 16.07.01.log
C:\Program Files\FlashGet Network\FlashGet universal\transaction.log
C:\vva0hc0p.cmd
C:\WINDOWS\system32\BReWErS.dll
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\ckvo1.dll
C:\WINDOWS\system32\ckvo2.dll
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\ijl11pro.dll
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll
C:\WINDOWS\system32\kavo1.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\tavo.exe
C:\WINDOWS\system32\tavo0.dll
C:\WINDOWS\system32\tavo1.dll
C:\WINDOWS\winhelp.ini
D:\Autorun.inf
D:\itsduel.exe
D:\n6t1h.cmd
D:\vva0hc0p.cmd
E:\Autorun.inf
E:\itsduel.exe
E:\n6t1h.cmd
E:\vva0hc0p.cmd
.
((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
.
2008-10-07 15:40 . 2008-10-07 15:40 64 --a------ C:\WINDOWS\system32\aiks.ldb
2008-10-06 20:08 . 2008-10-06 20:08 <DIR> d-------- C:\downloads
2008-10-05 14:21 . 2008-10-05 14:20 119,960 -r-hs---- C:\o6pq1n8.com
2008-10-05 14:20 . 2008-10-05 14:20 <DIR> d-------- C:\Documents and Settings\AOPEN\Application Data\GrabPro
2008-10-05 13:59 . 2008-10-05 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-10-05 13:55 . 2008-10-05 13:55 <DIR> d-------- C:\Program Files\CCleaner
2008-10-03 18:39 . 2008-10-03 18:39 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-10-03 15:50 . 2008-10-03 15:50 <DIR> d-------- C:\Program Files\DVDVIDEOSOFT
2008-10-03 15:50 . 2008-10-03 15:50 <DIR> d-------- C:\Program Files\Common Files\DVDVIDEOSOFT
2008-10-01 12:43 . 2008-10-01 12:43 <DIR> d-------- C:\Documents and Settings\AOPEN\Application Data\Nokia Multimedia Player
2008-10-01 12:40 . 2008-10-01 12:40 <DIR> d-------- C:\Documents and Settings\AOPEN\Phone Browser
2008-10-01 12:25 . 2008-10-01 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-10-01 12:24 . 2008-10-01 12:24 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-10-01 12:24 . 2008-10-01 12:24 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-10-01 12:24 . 2008-10-01 12:38 <DIR> d-------- C:\Documents and Settings\AOPEN\Application Data\Nokia
2008-10-01 12:23 . 2008-10-01 12:23 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-10-01 12:23 . 2008-10-01 12:24 <DIR> d-------- C:\Program Files\Nokia
2008-10-01 12:23 . 2008-10-01 12:23 <DIR> d-------- C:\Program Files\DIFX
2008-10-01 12:23 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-10-01 12:23 . 2007-02-22 11:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-10-01 12:23 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-10-01 12:23 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-10-01 12:23 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-10-01 10:44 . 2008-10-01 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-10-01 02:45 . 2008-10-01 02:46 18 --a------ C:\WINDOWS\system32\pingtime.ini
2008-09-30 10:23 . 2008-09-20 21:28 118,322 -r-hs---- C:\sasyg1y8.com
2008-09-23 04:04 . <DIR> C:\Program Files\Konusan Sözlük
2008-09-17 22:03 . 2008-10-07 14:32 <DIR> d-------- C:\Program Files\Incomplete
2008-09-11 15:02 . 2008-09-11 15:22 <DIR> d-------- C:\WINDOWS\Lhsp
2008-09-11 15:01 . 2008-09-11 15:01 <DIR> d-ah----- C:\Program Files\SETUP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-08 14:37 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\Orbit
2008-10-08 14:31 --------- d-----w C:\Program Files\Google
2008-10-07 18:18 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\OpenOffice.org2
2008-10-07 14:41 --------- d-----w C:\Program Files\AIMP2
2008-10-07 12:40 --------- d-----w C:\Program Files\LimeWire
2008-10-07 12:32 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\LimeWire
2008-10-07 08:23 --------- d-----w C:\Program Files\Orbitdownloader
2008-10-05 12:28 --------- d-----w C:\Program Files\Total Video Converter
2008-10-05 12:20 --------- d-----w C:\Program Files\ESET
2008-10-04 18:00 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\Skype
2008-10-03 04:17 --------- d-----w C:\Program Files\FlashGet
2008-10-03 04:17 --------- d-----w C:\Program Files\ErtemSoft Videocapture
2008-10-01 10:40 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\PC Suite
2008-09-23 02:09 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\Hamachi
2008-09-23 02:04 --------- d-----w C:\Program Files\Konuşan Sözlük
2008-09-06 10:56 --------- d-----w C:\Program Files\Picasa2
2008-09-01 09:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-01 09:15 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-30 09:55 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\IObit
2008-08-30 09:50 --------- d-----w C:\Program Files\IObit
2008-08-29 12:53 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-26 11:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-26 09:35 --------- d-----w C:\Program Files\MSN Messenger
2008-08-23 13:57 --------- d-----w C:\Program Files\Ashampoo
2008-08-23 13:57 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\Ashampoo
2008-08-23 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
2008-08-20 14:30 22,328 ----a-w C:\Documents and Settings\AOPEN\Application Data\PnkBstrK.sys
2008-08-20 14:29 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-08-20 14:20 --------- d-----w C:\Program Files\Electronic Arts
2008-08-18 00:25 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-18 00:25 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-18 00:25 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-18 00:25 --------- d-----w C:\Program Files\Common Files\Real
2008-08-16 20:44 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\ATI
2008-08-16 15:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-16 14:56 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-16 13:05 --------- d-----w C:\Program Files\Unlocker
2008-08-16 13:04 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\Desktopicon
2008-08-15 21:44 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-15 21:40 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\uTorrent
2008-08-15 00:31 --------- d-----w C:\Program Files\Yahoo!
2008-08-14 00:03 --------- d-----w C:\Program Files\Sony Ericsson
2008-08-14 00:03 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-08-14 00:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-08-14 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca(2)
2008-08-13 23:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-13 16:37 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\MxBoost
2008-08-05 16:58 44,544 ----a-w C:\WINDOWS\system32\msxml4a.dll
2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-14 10:47 48,640 ----a-w C:\WINDOWS\mmfs.dll
2008-07-14 10:47 2,560 ----a-w C:\WINDOWS\Runservice.exe
2008-07-12 06:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll
2008-07-12 06:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll
2008-07-12 06:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll
2008-02-08 07:43 8 ------w C:\Documents and Settings\All Users\Application Data\SDGLYBMPWPP.SYS
2007-12-29 18:18 32 ------w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2005-06-22 05:37 45,568 --sh--r C:\WINDOWS\system32\cygz.dll
.
------- Sigcheck -------
2004-08-04 00:45 14336 1d651165a36d10f6b0fc69a914e52947 C:\WINDOWS\system32\svchost.exe
2004-08-04 00:45 14336 1d651165a36d10f6b0fc69a914e52947 C:\WINDOWS\system32\dllcache\svchost.exe
2005-03-02 20:20 577536 5eaa22b4862d42dd073d2e437fe07272 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:50 578560 955907521336ffd22f77bf3ded8186ba C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-04 00:45 577536 bf3789c2c424d7a44dd485a28c1224e9 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:10 577536 63ac04e172b3171f82aba15732b43dd7 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 17:37 578048 660e675422f77ca1f536c104770df16a C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 578048 660e675422f77ca1f536c104770df16a C:\WINDOWS\system32\dllcache\user32.dll
2004-08-04 00:45 82944 c0a38170c28c13bdbe7857b04999fa18 C:\WINDOWS\system32\ws2_32.dll
2004-08-04 00:45 82944 c0a38170c28c13bdbe7857b04999fa18 C:\WINDOWS\system32\dllcache\ws2_32.dll
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\drivers\tcpip.sys
2004-08-04 00:45 502272 370ac794b77d3284c807b401d0979c49 C:\WINDOWS\system32\winlogon.exe
2004-08-04 00:45 502272 370ac794b77d3284c807b401d0979c49 C:\WINDOWS\system32\dllcache\winlogon.exe
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2005-03-02 20:12 2058880 e777ae8c26094fad6e7ab0f3bf6ddb7c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:07 2061312 53b8af4bc9689641eca0f2d70ff95ffd C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-04 00:56 2017280 006d1111aeb782304d0a6608eb9574cd C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:07 2017280 845778d8eaaf28fd2a64774e16285f4a C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:01 2059520 974e97643035a2c23319a97e12d8bc48 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:01 2017792 06429c730a2f9e281af089fd5aea13cd C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:01 2017792 06429c730a2f9e281af089fd5aea13cd C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2005-03-02 20:13 2181504 5dab3abc3dd66cbf8ba675620538e88f C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:07 2184064 feb7f68bd5482931e0acf82badd34b7b C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-04 00:40 2150400 3b7671944597041aaad95dc1029c375f C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:07 2137600 a8513089dd134a2ca95ddafc67066a18 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:01 2182272 29d2479c1bf45f3c683a6b8e2f300316 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:01 2138112 cc61ce452f0d562b22e377985ebde29f C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:01 2138112 cc61ce452f0d562b22e377985ebde29f C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 15:22 1033216 16c9974928b0159bb2c4c4041426a49b C:\WINDOWS\explorer.exe
2007-06-13 15:10 1033216 8c82776ff0d43e2526ec2e259567b464 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 00:45 1032192 0d82ee7c6edee0e8e36305e63ac20aaf C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 1033216 16c9974928b0159bb2c4c4041426a49b C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-04 00:45 108544 c71da9498b37280c61c75983789be279 C:\WINDOWS\system32\services.exe
2004-08-04 00:45 108544 c71da9498b37280c61c75983789be279 C:\WINDOWS\system32\dllcache\services.exe
2004-08-04 00:45 13312 2380b134a9fea8b7683be78a4c8d92b8 C:\WINDOWS\system32\lsass.exe
2004-08-04 00:45 13312 2380b134a9fea8b7683be78a4c8d92b8 C:\WINDOWS\system32\dllcache\lsass.exe
2004-08-04 00:45 15360 9d83d8f381868e8347263dc62a8a2152 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 00:45 15360 9d83d8f381868e8347263dc62a8a2152 C:\WINDOWS\system32\dllcache\ctfmon.exe
2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 00:45 57856 eded8ea387a59c4b6ea154f29e562aae C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\dllcache\spoolsv.exe
2004-08-04 00:45 24576 b0b1983041c5c1bee93e24907bc83722 C:\WINDOWS\system32\userinit.exe
2004-08-04 00:45 24576 b0b1983041c5c1bee93e24907bc83722 C:\WINDOWS\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-18 185896]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09}"= "C:\WINDOWS\system32\Bitkv0.dll" [2007-06-13 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-r------- 2008-02-01 17:22 21898024 C:\Documents and Settings\AOPEN\desktop\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-18 02:25 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"W32Time"=2 (0x2)
"LmHosts"=2 (0x2)
"lanmanserver"=2 (0x2)
"mnmsrvc"=3 (0x3)
"WZCSVC"=2 (0x2)
"ERSvc"=2 (0x2)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"VMSnap3"=C:\WINDOWS\VMSnap3.EXE
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
"Alcmtr"=ALCMTR.EXE
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"SkyTel"=SkyTel.EXE
"Domino"=C:\WINDOWS\Domino.EXE
"RTHDCPL"=RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Documents and Settings\\AOPEN\\Desktop\\Skype.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2008-07-14 2560]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-07-03 39424]
R3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 428160]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-06-20 13352]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b5883d5-20f3-11dd-8e2a-001d60ca5b51}]
\Shell\AutoRun\command - G:\e6.com
\Shell\explore\Command - G:\e6.com
\Shell\open\Command - G:\e6.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4466fd2c-8c83-11dd-8529-001d60ca5b51}]
\Shell\Auto\command - activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - activexdebugger32.exe f
\Shell\open\Command - activexdebugger32.exe f
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{681442de-3ec2-11dd-9b14-001d60ca5b51}]
\Shell\AutoRun\command - G:\e.exe
\Shell\explore\Command - G:\e.exe
\Shell\open\Command - G:\e.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0130550-acac-11dc-b9d8-001d60ca5b51}]
\Shell\AutoRun\command - G:\sasyg1y8.com
\Shell\explore\Command - G:\sasyg1y8.com
\Shell\open\Command - G:\sasyg1y8.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8248ffd-d16d-11dc-8bfd-001d60ca5b51}]
\Shell\AutoRun\command - G:\sasyg1y8.com
\Shell\explore\Command - G:\sasyg1y8.com
\Shell\open\Command - G:\sasyg1y8.com
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-10-08 C:\WINDOWS\Tasks\CryptLoad.job
- C:\Documents and Settings\AOPEN\Desktop\CrytLoad\CryptLoad.exe []
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-TRKY-DnsAyar - C:\Program Files\TRKY-DnsAyar\TRKY-DnsAyar.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\AOPEN\Application Data\Mozilla\Firefox\Profiles\2o2ztk0z.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF -: plugin - C:\Program Files\Picasa2\npPicasa2.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-08 16:39:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-08 16:40:27
ComboFix-quarantined-files.txt 2008-10-08 14:40:18
Pre-Run: 8.158.150.656 bayt bos
Post-Run: 8,167,534,592 bayt bos
345 --- E O F --- 2008-09-12 13:10:17
< Bu mesaj bu kişi tarafından değiştirildi Golday -- 8 Ekim 2008; 16:43:50 >
_____________________________
|
|
|
|
|
|
8 Ekim 2008; 16:49:26
|
|
|
quote:
Orjinalden alıntı: serji
* HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ve yeniden başlatın.
Evet durum biraz vahim. Ama temizleycegiz. 
Combofix adli programi indirin.
http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
serji kardeşim combo fix log unuda gönderiyorum kolay gelsin 
ComboFix 08-10-02.04 - Administrator 2008-10-08 0:40:06.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1254.1.1055.18.1661 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe
C:\Program Files.exe
C:\WINDOWS\system32\drivers\IsDrv118.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_IsDrv118
((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
.
2008-10-07 02:14 . 2006-12-06 12:19 76,800 --a-s---- C:\Documents and Settings\Administrator\Desktop.exe
2008-10-06 16:02 . 2008-10-06 16:02 0 --a------ C:\WINDOWS\bulmaca.INI
2008-10-05 22:39 . 2008-10-05 22:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-05 01:50 . 2008-10-05 01:50 <DIR> d-------- C:\Program Files\EA GAMES
2008-10-05 01:49 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-10-05 01:12 . 2008-10-05 01:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-10-05 01:12 . 2008-10-05 01:12 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-10-05 01:12 . 2008-10-05 01:12 103,736 --a------ C:\Documents and Settings\Administrator\Application Data\PnkBstrB.exe
2008-10-05 01:12 . 2008-10-05 01:12 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-10-05 01:12 . 2008-10-05 01:12 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-05 01:12 . 2008-10-05 01:12 22,328 --a------ C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2008-10-05 01:12 . 2008-10-05 01:12 319 --a------ C:\WINDOWS\game.ini
2008-10-05 01:05 . 2008-10-05 01:05 <DIR> d-------- C:\Program Files\Activision
2008-10-04 22:58 . 2008-10-04 22:58 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-10-04 05:10 . 2006-12-06 12:19 76,800 --a-s---- C:\Program Files\SRS Labs.exe
2008-10-04 03:59 . 2006-12-06 12:19 76,800 --a-s---- C:\Program Files\WindowsUpdate.exe
2008-10-04 03:59 . 2006-12-06 12:19 76,800 --a-s---- C:\Program Files\Uninstall Information.exe
2008-10-04 03:59 . 2006-12-06 12:19 76,800 --a-s---- C:\Program Files\InstallShield Installation Information.exe
2008-10-04 03:59 . 2006-12-06 12:19 76,800 --a-s---- C:\Program Files\AIMP2.exe
2008-10-04 03:58 . 2006-12-06 12:19 76,800 --a-s---- C:\Program Files\AntiVir PersonalEdition Classic.exe
2008-09-30 07:45 . 2006-12-06 12:19 76,800 --a-s---- C:\Documents and Settings\Administrator\Belgelerim.exe
2008-09-29 04:51 . 2008-09-29 04:51 <DIR> d--h----- C:\WINDOWS\PIF
2008-09-27 02:36 . 2008-09-27 02:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ACD Systems
2008-09-27 02:35 . 2008-09-27 02:36 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-09-27 02:35 . 2008-09-27 02:35 <DIR> d-------- C:\Program Files\ACD Systems
2008-09-27 02:35 . 2008-09-27 02:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-09-26 19:11 . 2008-09-26 19:11 62 --a------ C:\WINDOWS\soko.ini
2008-09-26 19:02 . 1998-11-17 13:44 328,704 --a------ C:\WINDOWS\IsUn0407.exe
2008-09-26 18:38 . 2008-09-26 18:38 0 --a------ C:\WINDOWS\wordsearch.INI
2008-09-23 00:38 . 2004-08-04 00:45 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-09-23 00:38 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-09-23 00:38 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-09-23 00:38 . 2001-11-21 21:35 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-09-21 18:22 . 2008-09-26 19:16 24 --a------ C:\WINDOWS\WINTOYS.INI
2008-09-21 18:21 . 2008-09-25 16:00 131 --a------ C:\WINDOWS\chess.ini
2008-09-20 12:48 . 2008-09-20 12:48 121 --a------ C:\WINDOWS\SYMGAMES.INI
2008-09-20 00:14 . 2008-09-20 00:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-09-20 00:13 . 2008-09-20 00:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GRETECH
2008-09-19 17:32 . 2008-09-26 20:12 1,327 --a------ C:\WINDOWS\EntPack.dat
2008-09-19 14:34 . 2008-10-07 15:44 1,358 --a------ C:\WINDOWS\entpack.ini
2008-09-19 14:24 . 2008-09-26 18:18 93 --a------ C:\WINDOWS\GECKOS.INI
2008-09-19 14:24 . 2008-09-21 18:23 71 --a------ C:\WINDOWS\dodger.ini
2008-09-19 03:17 . 2008-09-19 03:17 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-09-19 03:06 . 2008-10-04 05:11 <DIR> d--hs---- C:\Program Files\SRS Labs
2008-09-19 03:06 . 2008-09-19 03:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SRS Labs
2008-09-19 03:06 . 2007-07-26 09:25 47,360 -ra------ C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
2008-09-19 03:06 . 2007-07-26 09:25 47,104 -ra------ C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
2008-09-19 03:06 . 2007-07-26 09:25 42,112 -ra------ C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
2008-09-19 03:06 . 2007-07-26 09:25 39,808 -ra------ C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
2008-09-19 03:06 . 2007-07-26 09:25 32,000 -ra------ C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
2008-09-19 02:59 . 2008-10-07 15:10 <DIR> d--hs---- C:\Program Files\AIMP2
2008-09-19 02:53 . 2008-09-20 00:13 <DIR> d-------- C:\Program Files\GRETECH
2008-09-18 23:32 . 2008-09-18 23:32 <DIR> d-------- C:\Program Files\OpenAL
2008-09-18 23:30 . 2007-06-08 04:56 4,931,584 --a------ C:\WINDOWS\system32\stacgui.cpl
2008-09-18 23:30 . 2007-06-08 04:56 1,097,728 --a------ C:\WINDOWS\system32\stlang.dll
2008-09-18 23:30 . 2007-06-08 04:56 303,104 --a------ C:\WINDOWS\sttray.exe
2008-09-18 23:30 . 2007-06-08 04:56 90,112 --a------ C:\WINDOWS\system32\stacsv.exe
2008-09-18 23:25 . 2007-06-08 04:56 117,248 --a------ C:\WINDOWS\system32\staco.dll
2008-09-18 22:40 . 2008-09-18 22:40 <DIR> d-------- C:\Program Files\Webteh
2008-09-18 21:49 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-09-18 21:49 . 2008-09-19 03:24 396 --a------ C:\WINDOWS\ODBC.INI
2008-09-18 21:48 . 2008-09-18 21:49 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-18 21:48 . 2008-09-18 21:48 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-18 21:47 . 2008-09-18 21:47 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-18 21:44 . 2008-09-18 21:44 <DIR> dr-h----- C:\MSOCache
2008-09-18 21:36 . 2008-09-18 21:36 <DIR> d-------- C:\Program Files\SigmaTel
2008-09-18 21:36 . 2007-06-08 04:56 1,184,168 --a------ C:\WINDOWS\system32\drivers\sthda.sys
2008-09-18 21:36 . 2007-06-08 04:56 229,376 --a------ C:\WINDOWS\system32\stacapi.dll
2008-09-18 21:36 . 2007-06-08 04:56 54,272 --a------ C:\WINDOWS\system32\drivers\sfng32.sys
2008-09-18 21:36 . 2004-11-18 10:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-09-18 14:35 . 2008-09-19 14:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-09-18 14:27 . 2008-10-07 01:20 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-18 14:26 . 2008-09-18 14:26 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-09-18 14:26 . 2008-09-18 14:26 <DIR> d-------- C:\Program Files\Ahead
2008-09-18 14:26 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-09-18 14:26 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-09-18 14:26 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-09-18 14:26 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-09-18 14:26 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-09-18 14:26 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-09-18 14:26 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-09-18 14:26 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-09-18 14:15 . 2008-09-18 14:15 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-18 14:02 . 2008-09-18 14:02 <DIR> dr------- C:\Documents and Settings\merve\Sk Kullanlanlar
2008-09-18 14:02 . 2008-09-18 23:07 <DIR> dr------- C:\Documents and Settings\merve\Belgelerim
2008-09-18 14:02 . 2008-09-18 14:02 <DIR> d-------- C:\Documents and Settings\merve\Application Data\ATI
2008-09-18 14:02 . 2008-09-18 14:48 <DIR> d-------- C:\Documents and Settings\merve
2008-09-18 13:55 . 2008-09-18 13:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-09-18 13:55 . 2008-09-18 13:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2008-09-18 13:49 . 2008-09-18 13:49 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2008-09-18 13:46 . 2008-09-18 13:52 <DIR> d-------- C:\Program Files\ATI Technologies
2008-09-18 13:43 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-18 13:42 . 2008-09-18 13:42 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-09-18 13:42 . 2008-09-18 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-09-18 13:41 . 2008-09-18 13:43 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-18 13:37 . 1999-09-22 23:18 2,167,684 --------- C:\WINDOWS\system32\CT2MGM.SF2
2008-09-18 13:37 . 2007-09-26 10:17 22,764 --a------ C:\WINDOWS\system32\Ludap17.ini
2008-09-18 13:37 . 2008-09-30 07:33 1,568 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-09-18 13:37 . 2008-09-30 07:33 1,568 --a------ C:\WINDOWS\system32\settings.sfm
2008-09-18 13:37 . 2005-03-08 14:17 54 --a------ C:\WINDOWS\system32\ctzapxx.ini
2008-09-18 13:36 . 2008-10-05 01:12 <DIR> d--hs---- C:\Program Files\InstallShield Installation Information
2008-09-18 13:36 . 2008-09-18 13:37 <DIR> d-------- C:\Program Files\Creative
2008-09-18 13:36 . 2008-09-18 13:49 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-09-18 13:36 . 2008-09-18 14:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-09-18 13:33 . 2007-06-08 04:59 254,872 -ra------ C:\WINDOWS\system32\drivers\e1e5132.sys
2008-09-18 13:33 . 2007-06-08 04:59 179,048 -ra------ C:\WINDOWS\system32\e1000msg.dll
2008-09-18 13:33 . 2007-06-08 04:59 154,496 -ra------ C:\WINDOWS\system32\Prounstl.exe
2008-09-18 13:33 . 2007-06-08 04:59 66,424 -ra------ C:\WINDOWS\system32\NicEtCoE.dll
2008-09-18 13:33 . 2007-06-08 04:59 62,840 -ra------ C:\WINDOWS\system32\NicInstE.dll
2008-09-18 13:33 . 2007-06-08 04:59 28,536 -ra------ C:\WINDOWS\system32\NicCo.dll
2008-09-18 13:33 . 2007-06-08 04:59 2,889 -ra------ C:\WINDOWS\system32\e1e5132.din
2008-09-18 13:33 . 2007-06-08 04:58 1,904 --------- C:\WINDOWS\system32\SetupBD.din
2008-09-18 13:31 . 2008-09-18 13:31 <DIR> d-------- C:\Program Files\Intel Desktop Board
2008-09-18 13:31 . 2007-04-03 16:29 912,152 --a------ C:\WINDOWS\system32\heciudlg.exe
2008-09-18 13:31 . 2006-11-10 09:25 319,456 --a------ C:\WINDOWS\system32\difxapi.dll
2008-09-18 13:31 . 2007-03-13 13:05 44,672 --a------ C:\WINDOWS\system32\drivers\HECI.sys
2008-09-18 13:29 . 2008-09-18 13:31 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-18 13:29 . 2008-09-18 21:38 <DIR> d-------- C:\TempEI4
2008-09-18 13:29 . 2008-09-18 13:29 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-18 13:29 . 2008-09-18 13:33 <DIR> d-------- C:\Program Files\Intel
2008-09-18 13:29 . 2008-09-18 13:29 <DIR> d-------- C:\Intel
2008-09-18 13:28 . 2001-11-21 19:12 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-09-18 13:28 . 2001-11-21 19:12 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 21:32 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-09-18 21:32 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-09-17 09:41 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((( snapshot_2008-09-24_ 2.06.59.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-04 23:50:01 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-10-04 23:50:01 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-10-04 23:50:01 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-10-04 23:50:01 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-10-04 23:50:01 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-10-04 23:50:01 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-10-04 23:50:01 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-10-04 23:50:02 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-10-04 23:50:01 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-10-04 23:12:37 216,358 ----a-r C:\WINDOWS\Installer\{E48469CC-635E-4FD5-A122-1497C286D217}\ARPPRODUCTICON.exe
+ 2008-09-27 00:36:04 81,920 ----a-r C:\WINDOWS\Installer\{F8B98EB6-FC06-45BF-87D4-9784E0408611}\ACDSeeDesktopShortcu_F99F74B4972B4B06B8936B3B0DB0128B.exe
+ 2008-09-27 00:36:03 81,920 ----a-r C:\WINDOWS\Installer\{F8B98EB6-FC06-45BF-87D4-9784E0408611}\ACDSeePMShortcut_F99F74B4972B4B06B8936B3B0DB0128B.exe
+ 2008-09-27 00:36:04 566,608 ----a-r C:\WINDOWS\Installer\{F8B98EB6-FC06-45BF-87D4-9784E0408611}\ACDSeeShowroomShor_89621A33AFFC45029C8C9D5A4EA9D15A.exe
+ 2008-09-27 00:36:03 81,920 ----a-r C:\WINDOWS\Installer\{F8B98EB6-FC06-45BF-87D4-9784E0408611}\ARPPRODUCTICON.exe
+ 2008-09-27 00:36:04 45,056 ----a-r C:\WINDOWS\Installer\{F8B98EB6-FC06-45BF-87D4-9784E0408611}\DevDetectPMShortcut_ECE0113B23D04DD889E6D2F026CABF03.exe
+ 2005-03-18 15:23:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 15:23:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 15:23:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Micr | | | |
Basılabilir versiyon
