| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Yahoo Search Redirect VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.05.2011, 11:50
| #1 |
| |  Yahoo Search Redirect Virus Hallo, ich habe seit etwa zwei Wochen folgendes Problem... wahrend ich im Internet surfe werde ich öfter auf eine Yahoo-Suchseite geleitet... mittlerweile nervt das. Anscheinend habe ich mir ein Redirect Virus eingefangen... Habe Malware und HijackThis laufen lassen und nichts gefunden... Bitte um Unterstützung! |
|
21.05.2011, 12:05
| #2 |
| /// Malware-holic   | Yahoo Search Redirect Virus hiho
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
21.05.2011, 15:09
| #3 |
| | Yahoo Search Redirect Virus OTL.TXT Teil AOTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 21.05.2011 14:22:01 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kargi\Downloads Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 0000041f | Country: Türkiye | Language: TRK | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 57,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 100,01 Gb Total Space | 25,84 Gb Free Space | 25,84% Space Free | Partition Type: NTFS Drive D: | 132,78 Gb Total Space | 52,89 Gb Free Space | 39,84% Space Free | Partition Type: NTFS Drive G: | 100,00 Mb Total Space | 37,77 Mb Free Space | 37,77% Space Free | Partition Type: NTFS Computer Name: KARGI-EXPER | User Name: Kargi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Kargi\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Kargi\Downloads\HiJackThis204.exe (Trend Micro Inc.) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) PRC - C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe (Symantec Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Kargi\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (N360) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110520.036\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110520.036\NAVENG.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110518.001\BHDrvx86.sys (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110518.001\IDSvix86.sys (Symantec Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS (Symantec Corporation) DRV - (ccHP) -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys (Symantec Corporation) DRV - (SiS6350) -- C:\Windows\System32\drivers\SISGRKMD.sys (Silicon Integrated Systems Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS (Symantec Corporation) DRV - (uagp35) -- C:\Windows\system32\DRIVERS\sisagpx.sys (Silicon Integrated Systems Corporation) DRV - (SISAGP) -- C:\Windows\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.) DRV - (VMUVC) -- C:\Windows\System32\drivers\VMUVC.sys (Vimicro Corporation) DRV - (vvftUVC) -- C:\Windows\System32\drivers\vvftUVC.sys (Vimicro Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/clipextractor/{1F44E312-6FE2-490D-87E9-5492257F1953} IE - HKU\S-1-5-21-3260133423-2253578972-2420577606-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.exper.com.tr [binary data] IE - HKU\S-1-5-21-3260133423-2253578972-2420577606-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3260133423-2253578972-2420577606-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://tr.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3260133423-2253578972-2420577606-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = tr IE - HKU\S-1-5-21-3260133423-2253578972-2420577606-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 90 21 FB C3 01 CC 01 [binary data] IE - HKU\S-1-5-21-3260133423-2253578972-2420577606-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011.04.24 15:43:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2011.04.23 17:57:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.20 11:19:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.23 17:46:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kargi\AppData\Roaming\mozilla\Extensions [2011.05.11 11:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kargi\AppData\Roaming\mozilla\Firefox\Profiles\sd0pdf2u.default\extensions [2011.04.23 18:19:44 | 000,000,000 | ---D | M] (Clip Extractor Toolbar) -- C:\Users\Kargi\AppData\Roaming\mozilla\Firefox\Profiles\sd0pdf2u.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC} [2011.04.23 18:20:15 | 000,002,384 | ---- | M] () -- C:\Users\Kargi\AppData\Roaming\Mozilla\Firefox\Profiles\sd0pdf2u.default\searchplugins\search.xml [2011.05.20 11:19:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.04.23 17:59:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} File not found (No name found) -- [2011.04.24 15:43:51 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN [2011.04.14 19:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2010.01.01 11:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 11:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 11:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 11:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 11:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 11:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.11 00:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Clip Extractor Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Clip Extractor Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Clip Extractor Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3260133423-2253578972-2420577606-1000\..\Toolbar\WebBrowser: (Clip Extractor Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Clip Extractor Toolbar\tbcore3.dll () O3 - HKU\S-1-5-21-3260133423-2253578972-2420577606-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: SMSTray - hkey= - key= - C:\Program Files\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler) Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm () Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll () Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) ========== Files/Folders - Created Within 30 Days ========== [2011.05.21 13:13:41 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\Malwarebytes [2011.05.21 13:11:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.21 13:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.21 13:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.21 13:11:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.21 13:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.05.21 11:05:55 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{D4506B6D-D739-4DE0-A863-80A8F4FE2362} [2011.05.20 11:05:17 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{D2BFA828-1465-42A1-A830-3046807AD3BA} [2011.05.19 02:53:20 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe [2011.05.18 18:38:48 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\Thinstall [2011.05.18 18:38:48 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\Thinstall [2011.05.18 09:51:47 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{DBF7905D-70E4-48FE-ADC4-91B1207A9CD3} [2011.05.17 09:51:09 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{A85A974A-DE4E-480C-A0AB-74E2DF3A6B12} [2011.05.16 09:50:31 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{B072B2F5-857E-44F5-9890-1881B2874982} [2011.05.15 09:49:52 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{01151125-C344-4602-88D4-6CC719996FC0} [2011.05.14 23:11:51 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\Microsoft Games [2011.05.14 21:21:28 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{4BA3C763-4F83-4492-90EB-F69EE1DE5236} [2011.05.14 09:21:03 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{BDFC348B-078F-473E-AFE5-D8291F40571D} [2011.05.13 21:20:50 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{CF42E8DF-A2A3-4CB5-AB32-BDF0D33B5DF6} [2011.05.13 09:20:38 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{D5B39BEC-E5D5-4093-84CE-E4E51EA38EF0} [2011.05.12 21:20:26 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{C8D1874B-F359-404B-85E8-695113569A02} [2011.05.12 09:20:33 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{BDAD932B-C4F4-4336-9C94-FB8BAA2FBDEC} [2011.05.11 12:18:02 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{154068B3-0299-4C55-9467-0F15DA87A2FA} [2011.05.11 09:33:38 | 000,000,000 | ---D | C] -- C:\TEMP [2011.05.11 00:17:36 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{D03C71A8-136A-45B7-A29B-ED02C34FD3DD} [2011.05.10 22:23:13 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2011.05.10 22:23:11 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys [2011.05.10 22:23:07 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.05.10 22:23:07 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.05.10 12:17:24 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{078B02EE-5E11-4227-98FD-5A8D3F33E2BC} [2011.05.10 11:55:55 | 000,000,000 | ---D | C] -- C:\Users\Kargi\Documents\Meine empfangenen Dateien [2011.05.10 00:17:11 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{6EDB1EA6-BD6F-42DC-8C88-46A5A529EB66} [2011.05.09 19:53:37 | 014,744,456 | ---- | C] ( ) -- C:\Users\Kargi\Desktop\K-Lite_Codec_Pack_700_Full[1].exe [2011.05.09 19:22:37 | 000,839,680 | ---- | C] (hxxp://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm [2011.05.09 19:12:49 | 014,744,456 | ---- | C] ( ) -- C:\Users\Kargi\Desktop\K-Lite_Codec_Pack_700_Full.exe [2011.05.09 12:16:45 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{11DEFDEA-C215-4608-9BD9-DEAC69750C2B} [2011.05.09 00:16:17 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{83D7346F-1CF8-42E4-AD85-05A3BACDF28C} [2011.05.08 19:50:50 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joboshare [2011.05.08 19:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Joboshare [2011.05.08 13:12:42 | 000,000,000 | ---D | C] -- C:\Users\Kargi\Documents\Pinnacle VideoSpin [2011.05.08 13:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle [2011.05.08 13:05:51 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\Downloaded Installations [2011.05.08 12:15:51 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{468072F5-A192-4822-85C3-CB319255A1DB} [2011.05.08 12:14:22 | 000,000,000 | ---D | C] -- C:\Windows\de [2011.05.07 00:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3GP Player 2010 [2011.05.07 00:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\3GPplayer2010 [2011.05.07 00:27:10 | 011,525,230 | ---- | C] (Reganam ) -- C:\Users\Kargi\Desktop\3GP-Player.exe [2011.05.07 00:09:39 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{AE30FFF2-8874-44D4-A4AC-4DA74B2D02AA} [2011.05.05 11:27:16 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{F29432D2-9FD5-4C63-BCB8-EC0A06957016} [2011.05.04 23:25:54 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{3C1AA983-3D04-4A38-8911-ED6F8F2822DC} [2011.05.04 11:25:33 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{F701DB1A-4C75-49BD-ADA5-A4642FE9E0B2} [2011.05.03 11:24:55 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{E3AD9178-C1AD-4CF5-8418-1C0AF35371F3} [2011.05.02 15:46:34 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TABCTL32.OCX [2011.05.02 15:46:34 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL [2011.05.02 15:46:34 | 000,067,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SYSINFO.OCX [2011.05.02 11:24:16 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{3FD2E5BD-45A9-427C-B713-156A9DC390A0} [2011.05.01 19:58:57 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\DivX [2011.05.01 19:10:26 | 000,000,000 | ---D | C] -- C:\tmp [2011.05.01 11:16:03 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{481E557A-6411-4F32-B414-2821CD71C9D7} [2011.04.30 22:06:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime [2011.04.30 21:59:21 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{556D2D6B-30B5-4EF7-A5B5-36A61C82194F} [2011.04.30 21:37:28 | 000,000,000 | ---D | C] -- C:\Users\Kargi\.thumbnails [2011.04.30 21:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation [2011.04.30 21:35:00 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\Blender Foundation [2011.04.30 21:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation [2011.04.30 21:07:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\discreet [2011.04.30 21:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\backburner 2 [2011.04.30 13:37:35 | 000,106,609 | ---- | C] ((주) 마크애니, 컨텐츠 사업실) -- C:\Windows\System32\MaJUtilLib.dll [2011.04.30 13:37:35 | 000,049,152 | R--- | C] ((주) 마크애니) -- C:\Windows\System32\MaJGUILib.dll [2011.04.30 13:37:35 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MaXMLProto.dll [2011.04.30 13:03:59 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\Foxit Software [2011.04.30 12:59:48 | 000,373,760 | ---- | C] (Softuarium) -- C:\Windows\System32\xwpdlx20.ocx [2011.04.30 12:59:48 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screen Capture Pro [2011.04.30 12:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screen Capture Pro [2011.04.30 12:59:47 | 001,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mscomctl.ocx [2011.04.30 12:59:46 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.000 [2011.04.30 12:42:12 | 000,000,000 | ---D | C] -- C:\Users\Kargi\Documents\Downloads [2011.04.30 12:41:52 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\GetRightToGo [2011.04.30 09:58:55 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{D91D6A0B-9E85-4B3E-9332-38A59EA814A3} [2011.04.29 21:58:29 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{ECA8F419-AF64-440A-8AD7-22A96A25EACC} [2011.04.29 19:54:57 | 000,000,000 | ---D | C] -- C:\Users\Kargi\Documents\SelfMV [2011.04.29 19:53:42 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\Media Player Classic [2011.04.29 09:58:17 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{49526C9E-F688-448D-98F8-45D19154AAAC} [2011.04.28 09:57:39 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{5159AB98-24B2-41D1-A518-8A4AE51D8B87} [2011.04.27 21:22:36 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{36E17CF9-D92F-44F3-8488-C350197ADDB7} [2011.04.27 09:22:24 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{64F39B9B-1862-489B-8AC0-79F41CDD3A91} [2011.04.27 09:15:50 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe [2011.04.27 09:15:32 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll [2011.04.27 09:15:32 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys [2011.04.27 09:15:31 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe [2011.04.27 09:15:24 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.04.27 09:15:23 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2011.04.26 21:21:59 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{E24AF082-975F-471F-859E-9539887452D2} [2011.04.26 11:29:07 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\Adobe [2011.04.26 09:21:47 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{D600640C-9B53-4D83-86CB-40D0F28E9755} [2011.04.26 09:21:47 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{634427D8-4CF3-4C10-A26C-0D1545E5EAD9} [2011.04.25 21:21:21 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{E1742150-E1C7-4C99-A6EB-9F150F826520} [2011.04.25 09:21:07 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{0E1157D6-E5F4-4D06-839E-FA355EDC77A3} [2011.04.24 23:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2011.04.24 23:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011.04.24 23:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2011.04.24 23:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2011.04.24 23:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2011.04.24 23:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011.04.24 23:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2011.04.24 23:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2011.04.24 23:49:49 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2011.04.24 23:49:49 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm [2011.04.24 23:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2011.04.24 23:49:34 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvbvm50.dll [2011.04.24 23:49:33 | 001,099,776 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\System32\libeay32.dll [2011.04.24 23:49:33 | 001,017,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70u.dll [2011.04.24 23:49:33 | 000,614,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comctl32.ocx [2011.04.24 23:49:33 | 000,415,552 | ---- | C] (Microsoft Corporation ) -- C:\Windows\System32\comct332.ocx [2011.04.24 23:49:33 | 000,222,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dblist32.ocx [2011.04.24 23:49:33 | 000,215,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mci32.ocx [2011.04.24 23:49:33 | 000,170,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comct232.ocx [2011.04.24 23:49:33 | 000,155,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.ocx [2011.04.24 23:49:33 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl70.dll [2011.04.24 23:49:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70ita.dll [2011.04.24 23:49:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70fra.dll [2011.04.24 23:49:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70esp.dll [2011.04.24 23:49:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70deu.dll [2011.04.24 23:49:33 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70enu.dll [2011.04.24 23:49:33 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70kor.dll [2011.04.24 23:49:33 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70jpn.dll [2011.04.24 23:49:33 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70cht.dll [2011.04.24 23:49:33 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70chs.dll [2011.04.24 23:49:26 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\Yandex [2011.04.24 23:49:25 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\Yandex [2011.04.24 23:49:24 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\Opera [2011.04.24 23:49:24 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\Opera [2011.04.24 23:49:24 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\Google [2011.04.24 23:49:24 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\Bromium [2011.04.24 23:48:58 | 000,000,000 | ---D | C] -- C:\Windows\VMUVC [2011.04.24 23:48:43 | 000,516,096 | ---- | C] (vimicro) -- C:\Windows\System32\VMUVC.ax [2011.04.24 23:48:43 | 000,188,416 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\vvftUVC.ax [2011.04.24 23:48:43 | 000,098,304 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\VMCtrl.ax [2011.04.24 23:48:42 | 000,398,720 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\drivers\vvftUVC.sys [2011.04.24 23:48:42 | 000,252,416 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\drivers\VMUVC.sys [2011.04.24 23:48:42 | 000,073,728 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\exvmuvc.ax [2011.04.24 23:48:38 | 000,094,208 | ---- | C] (Vimicro Cooperation) -- C:\Windows\System32\VvFtCtrl.dll [2011.04.24 23:48:38 | 000,011,776 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\VMUVC.dll [2011.04.24 23:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint2K [2011.04.24 23:47:58 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll [2011.04.24 23:47:58 | 000,255,096 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys [2011.04.24 23:47:58 | 000,114,616 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\Vxdif.dll [2011.04.24 23:47:56 | 000,170,864 | ---- | C] (ALPS Electric Co., Ltd.) -- C:\Windows\System32\ApShellExt.dll [2011.04.24 23:47:39 | 000,376,832 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\RTL8187B.sys [2011.04.24 23:47:20 | 004,080,128 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\Windows\System32\SiSGlv.dll [2011.04.24 23:47:20 | 003,653,120 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\Windows\System32\SISGRUMD.dll [2011.04.24 23:47:20 | 000,655,360 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\Windows\System32\SiSClone.dll [2011.04.24 23:47:20 | 000,465,920 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\Windows\System32\drivers\SISGRKMD.sys [2011.04.24 23:47:20 | 000,212,992 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\Windows\System32\SiSFunc.dll [2011.04.24 23:47:20 | 000,006,656 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\Windows\System32\SiSCo.dll [2011.04.24 23:47:20 | 000,005,632 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\Windows\System32\SiSKrl.dll [2011.04.24 23:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech [2011.04.24 23:47:03 | 004,543,880 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\System32\ETDUI.cpl [2011.04.24 23:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2011.04.24 23:46:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM [2011.04.24 23:46:14 | 002,145,896 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll [2011.04.24 23:46:14 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll [2011.04.24 23:46:14 | 001,723,536 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll [2011.04.24 23:46:14 | 001,084,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl [2011.04.24 23:46:14 | 000,820,224 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RCoRes.dat [2011.04.24 23:46:14 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll [2011.04.24 23:46:14 | 000,214,352 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFNHK.dll [2011.04.24 23:46:14 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll [2011.04.24 23:46:14 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll [2011.04.24 23:46:14 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll [2011.04.24 23:46:14 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFCOM.dll [2011.04.24 23:46:14 | 000,068,944 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFAPO.dll [2011.04.24 23:46:13 | 003,805,288 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll [2011.04.24 23:46:13 | 001,705,816 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll [2011.04.24 23:46:13 | 000,485,992 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll [2011.04.24 23:46:13 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll [2011.04.24 23:46:13 | 000,341,848 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll [2011.04.24 23:46:13 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll [2011.04.24 23:46:13 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll [2011.04.24 23:46:13 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll [2011.04.24 23:46:13 | 000,096,600 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll [2011.04.24 23:46:13 | 000,081,240 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll [2011.04.24 23:46:13 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll [2011.04.24 23:46:13 | 000,069,224 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll [2011.04.24 23:46:13 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll [2011.04.24 23:46:13 | 000,061,784 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll [2011.04.24 23:46:12 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [2011.04.24 23:46:12 | 001,730,112 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2011.04.24 23:46:12 | 001,439,064 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll [2011.04.24 23:46:12 | 001,132,648 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll [2011.04.24 23:46:12 | 000,962,664 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll [2011.04.24 23:46:12 | 000,901,224 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll [2011.04.24 23:46:12 | 000,448,616 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll [2011.04.24 23:46:12 | 000,429,160 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll [2011.04.24 23:46:12 | 000,406,120 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll [2011.04.24 23:46:12 | 000,291,432 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll [2011.04.24 23:46:12 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll [2011.04.24 23:46:12 | 000,252,760 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll [2011.04.24 23:46:12 | 000,236,648 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll [2011.04.24 23:46:12 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [2011.04.24 23:46:12 | 000,224,360 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll [2011.04.24 23:46:12 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll [2011.04.24 23:46:12 | 000,107,112 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll [2011.04.24 23:46:12 | 000,107,112 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll [2011.04.24 23:46:12 | 000,106,600 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll [2011.04.24 23:46:10 | 000,175,200 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll [2011.04.24 23:46:10 | 000,096,160 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll [2011.04.24 23:45:59 | 000,058,400 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\Windows\System32\drivers\sisagpx.sys [2011.04.24 23:45:54 | 000,014,128 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmmouse.sys [2011.04.24 15:44:04 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\symtdiv.sys [2011.04.24 15:44:04 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\symds.sys [2011.04.24 15:44:04 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\srtsp.sys [2011.04.24 15:44:04 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\symefa.sys [2011.04.24 15:44:04 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\srtspx.sys [2011.04.24 15:44:03 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\cchpx86.sys [2011.04.24 15:44:03 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\ironx86.sys [2011.04.24 15:43:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0403000.005 [2011.04.24 14:44:45 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\CrashDumps [2011.04.24 14:08:57 | 000,485,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE [2011.04.24 14:07:58 | 000,000,000 | ---D | C] -- C:\NVIDIA [2011.04.24 12:13:16 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2011.04.24 12:13:16 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2011.04.24 12:13:16 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2011.04.24 12:01:25 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys [2011.04.24 06:38:19 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{C80F374D-8AF8-4549-AD8A-4B83C7E712DD} [2011.04.24 03:17:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.24 03:17:14 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.24 03:17:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.24 03:17:03 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.24 03:17:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.24 03:16:57 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll [2011.04.24 03:16:57 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2011.04.24 03:16:53 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2011.04.24 03:16:42 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.24 03:16:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.24 03:16:42 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.24 03:16:42 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.24 03:16:41 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.24 03:16:41 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.24 03:16:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.24 03:16:41 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.24 03:16:41 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.24 03:16:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.24 03:16:41 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.24 03:16:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.04.24 03:16:26 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2011.04.24 03:16:26 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2011.04.24 03:16:21 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2011.04.24 03:16:21 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2011.04.24 03:16:21 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2011.04.24 03:16:21 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe [2011.04.24 03:16:17 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2011.04.24 03:16:15 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2011.04.24 03:16:05 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll [2011.04.24 03:16:05 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2011.04.24 03:16:05 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2011.04.24 03:15:58 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.04.24 03:15:55 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2011.04.24 03:15:41 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2011.04.24 03:15:41 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2011.04.24 03:15:31 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2011.04.24 03:15:29 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2011.04.24 03:15:27 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.24 03:15:26 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe [2011.04.24 03:15:24 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2011.04.24 03:15:20 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.04.24 03:15:18 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2011.04.24 03:15:18 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2011.04.24 03:15:18 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2011.04.24 03:15:16 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.04.24 03:15:16 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2011.04.24 03:15:16 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.04.24 03:15:16 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.04.24 03:15:14 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll [2011.04.24 03:14:50 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.04.24 03:14:50 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.04.24 03:14:49 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll [2011.04.24 03:14:49 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.04.24 03:14:49 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.04.24 03:14:48 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.04.24 03:14:48 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.04.24 03:14:45 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll [2011.04.24 03:14:44 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll [2011.04.24 03:14:44 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll [2011.04.24 03:14:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll [2011.04.24 03:14:42 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2011.04.24 03:14:41 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2011.04.24 03:14:39 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2011.04.24 03:14:39 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2011.04.24 03:14:39 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2011.04.24 03:14:39 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2011.04.24 03:14:39 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2011.04.24 03:14:39 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2011.04.24 03:14:39 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2011.04.24 03:14:39 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2011.04.24 03:14:37 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.24 03:14:37 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.24 03:08:37 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2011.04.24 03:08:37 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.04.23 23:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2011.04.23 23:53:21 | 000,000,000 | ---D | C] -- C:\ttt [2011.04.23 23:52:48 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\DataCast [2011.04.23 23:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny [2011.04.23 23:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information [2011.04.23 23:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2011.04.23 19:03:33 | 000,000,000 | ---D | C] -- C:\Users\Kargi\Documents\Alınan Dosyalarım [2011.04.23 19:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2011.04.23 19:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2011.04.23 18:52:21 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\Uniblue [2011.04.23 18:47:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0 [2011.04.23 18:37:55 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\{76AE79B5-1389-405F-8CC6-245EFEC45B89} [2011.04.23 18:37:41 | 000,000,000 | ---D | C] -- C:\Users\Kargi\Tracing [2011.04.23 18:33:17 | 000,000,000 | ---D | C] -- C:\Windows\tr [2011.04.23 18:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2011.04.23 18:29:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011.04.23 18:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live OTL.TXT Teil B [2011.04.23 18:27:37 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2011.04.23 18:27:36 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll [2011.04.23 18:27:36 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll [2011.04.23 18:26:50 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll [2011.04.23 18:26:30 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\Easeware [2011.04.23 18:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.04.23 18:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2011.04.23 18:24:01 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll [2011.04.23 18:24:01 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll [2011.04.23 18:23:01 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.04.23 18:23:01 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.04.23 18:23:00 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2011.04.23 18:21:15 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\Windows Live [2011.04.23 18:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2011.04.23 18:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\Clip Extractor Toolbar [2011.04.23 18:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2011.04.23 18:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clip Extractor [2011.04.23 18:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Clip Extractor [2011.04.23 18:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.04.23 18:18:28 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.04.23 18:16:49 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\WinRAR [2011.04.23 18:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2011.04.23 18:07:59 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\FileZilla [2011.04.23 18:01:57 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\skypePM [2011.04.23 18:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras [2011.04.23 18:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2011.04.23 18:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client [2011.04.23 18:00:00 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\Skype [2011.04.23 17:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.04.23 17:59:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2011.04.23 17:59:03 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2011.04.23 17:58:55 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2011.04.23 17:58:53 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\Diagnostics [2011.04.23 17:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2011.04.23 17:58:08 | 000,000,000 | ---D | C] -- C:\Users\Kargi\Documents\Symantec [2011.04.23 17:57:11 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll [2011.04.23 17:57:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2011.04.23 17:57:09 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2011.04.23 17:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2011.04.23 17:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2011.04.23 17:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.04.23 17:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.04.23 17:55:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360 [2011.04.23 17:55:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 [2011.04.23 17:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360 [2011.04.23 17:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2011.04.23 17:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2011.04.23 17:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2011.04.23 17:46:23 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\Mozilla [2011.04.23 17:46:23 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\Mozilla [2011.04.23 17:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2011.04.23 17:42:04 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\Macromedia [2011.04.23 17:42:04 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\Adobe [2011.04.23 17:42:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2011.04.23 17:41:51 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2011.04.23 17:33:39 | 000,000,000 | R--D | C] -- C:\Users\Kargi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.04.23 17:33:39 | 000,000,000 | R--D | C] -- C:\Users\Kargi\Searches [2011.04.23 17:33:39 | 000,000,000 | R--D | C] -- C:\Users\Kargi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.04.23 17:33:39 | 000,000,000 | -H-D | C] -- C:\Users\Kargi\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2011.04.23 17:33:27 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Roaming\Identities [2011.04.23 17:33:23 | 000,000,000 | R--D | C] -- C:\Users\Kargi\Contacts [2011.04.23 17:33:10 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\VirtualStore [2011.04.23 17:33:06 | 000,000,000 | --SD | C] -- C:\Users\Kargi\AppData\Roaming\Microsoft [2011.04.23 17:33:06 | 000,000,000 | R--D | C] -- C:\Users\Kargi\Videos [2011.04.23 17:33:06 | 000,000,000 | R--D | C] -- C:\Users\Kargi\Saved Games [2011.04.23 17:33:06 | 000,000,000 | R--D | C] -- C:\Users\Kargi\Pictures [2011.04.23 17:33:06 | 000,000,000 | R--D | C] -- C:\Users\Kargi\Music [2011.04.23 17:33:06 | 000,000,000 | R--D | C] -- C:\Users\Kargi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.04.23 17:33:06 | 000,000,000 | R--D | C] -- C:\Users\Kargi\Links [2011.04.23 17:33:06 | 000,000,000 | R--D | C] -- C:\Users\Kargi\Favorites [2011.04.23 17:33:06 | 000,000,000 | R--D | C] -- C:\Users\Kargi\Downloads [2011.04.23 17:33:06 | 000,000,000 | R--D | C] -- C:\Users\Kargi\Documents [2011.04.23 17:33:06 | 000,000,000 | R--D | C] -- C:\Users\Kargi\Desktop [2011.04.23 17:33:06 | 000,000,000 | R--D | C] -- C:\Users\Kargi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.04.23 17:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Kargi\Documents\Videolarım [2011.04.23 17:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Kargi\AppData\Local\Temporary Internet Files [2011.04.23 17:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Kargi\Templates [2011.04.23 17:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Kargi\Start Menu [2011.04.23 17:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Kargi\SendTo [2011.04.23 17:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Kargi\Documents\Resimlerim [2011.04.23 17:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Kargi\Recent [2011.04.23 17:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Kargi\PrintHood [2011.04.23 17:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Kargi\NetHood [2011.04.23 17:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Kargi\Documents\Müziğim [2011.04.23 17:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Kargi\Local Settings [2011.04.23 17:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Kargi\AppData\Local\History [2011.04.23 17:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Kargi\Cookies [2011.04.23 17:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Kargi\Belgelerim [2011.04.23 17:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Kargi\Application Data [2011.04.23 17:33:06 | 000,000,000 | -HSD | C] -- C:\Users\Kargi\AppData\Local\Application Data [2011.04.23 17:33:06 | 000,000,000 | -H-D | C] -- C:\Users\Kargi\AppData [2011.04.23 17:33:06 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\Temp [2011.04.23 17:33:06 | 000,000,000 | ---D | C] -- C:\Users\Kargi\AppData\Local\Microsoft [2011.04.23 17:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Videolarım [2011.04.23 17:32:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\Sık Kullanılanlar [2011.04.23 17:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Resimlerim [2011.04.23 17:32:49 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Müziğim [2011.04.23 17:32:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\Belgeler [2011.04.23 17:12:50 | 000,000,000 | ---D | C] -- C:\Windows\PANTHER [2011.04.23 17:12:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM [2011.04.23 16:52:53 | 000,000,000 | ---D | C] -- C:\Windows.old [2011.04.23 16:17:46 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011.04.23 16:14:33 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch ========== Files - Modified Within 30 Days ========== [2011.05.21 14:00:01 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.21 13:11:31 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.21 12:19:31 | 001,067,228 | ---- | M] () -- C:\Windows\System32\drivers\N360\0403000.005\Cat.DB [2011.05.21 10:45:12 | 000,010,272 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.21 10:45:12 | 000,010,272 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.21 10:37:03 | 000,001,004 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.21 10:36:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.21 10:36:02 | 1407,062,016 | -HS- | M] () -- C:\hiberfil.sys [2011.05.20 22:16:21 | 000,016,896 | ---- | M] () -- C:\Users\Kargi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.20 11:19:29 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.05.18 22:49:07 | 000,049,999 | ---- | M] () -- C:\Users\Kargi\Desktop\30_laranxas-cazoo.png [2011.05.17 23:59:34 | 000,000,179 | ---- | M] () -- C:\Users\Kargi\Documents\.burrtools.rc [2011.05.11 09:33:52 | 000,001,676 | ---- | M] () -- C:\Users\Kargi\Desktop\RPM.exe.lnk [2011.05.11 09:33:52 | 000,001,012 | ---- | M] () -- C:\Users\Kargi\Desktop\Link to RPM Browser for Windows Website.url.lnk [2011.05.09 19:55:08 | 014,744,456 | ---- | M] ( ) -- C:\Users\Kargi\Desktop\K-Lite_Codec_Pack_700_Full[1].exe [2011.05.09 19:14:40 | 014,744,456 | ---- | M] ( ) -- C:\Users\Kargi\Desktop\K-Lite_Codec_Pack_700_Full.exe [2011.05.08 19:50:52 | 000,001,161 | ---- | M] () -- C:\Users\Kargi\Desktop\Joboshare Video Converter.lnk [2011.05.08 19:18:13 | 000,261,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.05.08 17:47:27 | 008,262,273 | ---- | M] () -- C:\Users\Kargi\Desktop\sss.wmv [2011.05.08 17:11:23 | 000,013,922 | ---- | M] () -- C:\Users\Kargi\Desktop\Filmim.wlmp [2011.05.08 00:04:17 | 001,762,884 | ---- | M] () -- C:\Users\Kargi\Desktop\BURR.blend [2011.05.07 23:04:22 | 668,760,404 | ---- | M] () -- C:\Users\Kargi\Desktop\0001-0430.avi [2011.05.07 14:02:03 | 000,618,332 | ---- | M] () -- C:\Windows\System32\perfh01F.dat [2011.05.07 14:02:03 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.07 14:02:03 | 000,121,670 | ---- | M] () -- C:\Windows\System32\perfc01F.dat [2011.05.07 14:02:03 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.07 00:29:01 | 011,525,230 | ---- | M] (Reganam ) -- C:\Users\Kargi\Desktop\3GP-Player.exe [2011.05.05 22:23:33 | 000,469,483 | ---- | M] () -- C:\Users\Kargi\Desktop\Filmim2.wmv [2011.05.05 16:27:51 | 105,759,180 | ---- | M] () -- C:\Users\Kargi\Desktop\0001-0400.avi [2011.05.04 18:22:57 | 008,179,266 | ---- | M] () -- C:\Users\Kargi\Desktop\Filmim.wmv [2011.04.30 21:35:46 | 000,002,059 | ---- | M] () -- C:\Users\Public\Desktop\Blender.lnk [2011.04.30 12:36:54 | 000,002,437 | ---- | M] () -- C:\Users\Kargi\Desktop\Windows Live Messenger.lnk [2011.04.30 12:29:20 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe [2011.04.30 10:00:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.04.25 18:35:20 | 000,001,037 | ---- | M] () -- C:\Users\Kargi\Desktop\burrgui - Kısayol.lnk [2011.04.24 23:50:13 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2011.04.24 23:48:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01009.Wdf [2011.04.23 23:53:33 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\EmoDio.lnk [2011.04.23 23:49:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.04.23 18:19:00 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\Clip Extractor.lnk [2011.04.23 18:02:07 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2011.04.23 18:00:16 | 000,001,174 | ---- | M] () -- C:\Users\Kargi\Desktop\FileZilla.lnk [2011.04.23 17:59:07 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011.04.23 17:57:09 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2011.04.23 17:57:09 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2011.04.23 17:57:09 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011.04.23 17:56:28 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.23 17:37:29 | 000,001,400 | ---- | M] () -- C:\Users\Kargi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011.04.23 17:33:40 | 000,000,877 | ---- | M] () -- C:\Users\Kargi\Desktop\Downloads.lnk [2011.04.23 16:19:21 | 000,056,758 | ---- | M] () -- C:\Windows\System32\license.rtf [2011.04.23 15:08:00 | 001,191,671 | ---- | M] () -- C:\Users\Kargi\Desktop\Adsız.png [2011.04.23 13:02:18 | 000,183,497 | ---- | M] () -- C:\Users\Kargi\Desktop\IMG_2897.JPG [2011.04.23 13:02:10 | 000,223,161 | ---- | M] () -- C:\Users\Kargi\Desktop\IMG_2896.JPG [2011.04.22 11:31:36 | 000,207,130 | ---- | M] () -- C:\Users\Kargi\Desktop\IMG_2895.JPG [2011.04.22 11:31:30 | 000,209,919 | ---- | M] () -- C:\Users\Kargi\Desktop\IMG_2894.JPG [2011.04.22 11:31:24 | 000,194,246 | ---- | M] () -- C:\Users\Kargi\Desktop\IMG_2893.JPG [2011.04.22 10:51:58 | 000,278,880 | ---- | M] () -- C:\Users\Kargi\Desktop\IMG_2892.JPG [2011.04.22 10:51:54 | 000,247,231 | ---- | M] () -- C:\Users\Kargi\Desktop\IMG_2891.JPG [2011.04.22 10:51:40 | 000,256,655 | ---- | M] () -- C:\Users\Kargi\Desktop\IMG_2890.JPG ========== Files Created - No Company Name ========== [2011.05.21 13:11:31 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.11 09:33:52 | 000,001,676 | ---- | C] () -- C:\Users\Kargi\Desktop\RPM.exe.lnk [2011.05.11 09:33:52 | 000,001,012 | ---- | C] () -- C:\Users\Kargi\Desktop\Link to RPM Browser for Windows Website.url.lnk [2011.05.09 19:22:38 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml [2011.04.23 23:47:53 | 000,000,179 | ---- | C] () -- C:\Users\Kargi\Documents\.burrtools.rc [2011.04.23 18:32:17 | 000,001,256 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2011.04.23 18:31:44 | 000,001,325 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2011.04.23 18:31:06 | 000,002,437 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2011.04.23 18:19:00 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\Clip Extractor.lnk [2011.04.23 18:19:00 | 000,001,065 | ---- | C] () -- C:\Users\Kargi\Application Data\Microsoft\Internet Explorer\Quick Launch\Clip Extractor.lnk [2011.04.23 18:02:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.23 18:00:15 | 000,001,174 | ---- | C] () -- C:\Users\Kargi\Desktop\FileZilla.lnk [2011.04.23 17:59:07 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011.04.23 17:58:55 | 001,191,671 | ---- | C] () -- C:\Users\Kargi\Desktop\Adsız.png [2011.04.23 17:57:09 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2011.04.23 17:57:09 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011.04.23 17:56:28 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.23 17:46:20 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.04.23 17:46:19 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.04.23 17:37:29 | 000,001,400 | ---- | C] () -- C:\Users\Kargi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011.04.23 17:33:42 | 000,001,406 | ---- | C] () -- C:\Users\Kargi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.04.23 17:33:40 | 000,000,877 | ---- | C] () -- C:\Users\Kargi\Desktop\Downloads.lnk [2011.04.23 17:33:06 | 000,000,290 | ---- | C] () -- C:\Users\Kargi\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2011.04.23 17:33:06 | 000,000,272 | ---- | C] () -- C:\Users\Kargi\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2011.04.23 16:14:12 | 1407,062,016 | -HS- | C] () -- C:\hiberfil.sys [2011.04.23 13:02:18 | 000,183,497 | ---- | C] () -- C:\Users\Kargi\Desktop\IMG_2897.JPG [2011.04.23 13:02:10 | 000,223,161 | ---- | C] () -- C:\Users\Kargi\Desktop\IMG_2896.JPG [2011.04.22 11:31:36 | 000,207,130 | ---- | C] () -- C:\Users\Kargi\Desktop\IMG_2895.JPG [2011.04.22 11:31:30 | 000,209,919 | ---- | C] () -- C:\Users\Kargi\Desktop\IMG_2894.JPG [2011.04.22 11:31:24 | 000,194,246 | ---- | C] () -- C:\Users\Kargi\Desktop\IMG_2893.JPG [2011.04.22 10:51:58 | 000,278,880 | ---- | C] () -- C:\Users\Kargi\Desktop\IMG_2892.JPG [2011.04.22 10:51:54 | 000,247,231 | ---- | C] () -- C:\Users\Kargi\Desktop\IMG_2891.JPG [2011.04.22 10:51:40 | 000,256,655 | ---- | C] () -- C:\Users\Kargi\Desktop\IMG_2890.JPG [2009.07.14 11:10:26 | 000,618,332 | ---- | C] () -- C:\Windows\System32\perfh01F.dat [2009.07.14 11:10:26 | 000,285,034 | ---- | C] () -- C:\Windows\System32\perfi01F.dat [2009.07.14 11:10:26 | 000,121,670 | ---- | C] () -- C:\Windows\System32\perfc01F.dat [2009.07.14 11:10:26 | 000,037,160 | ---- | C] () -- C:\Windows\System32\perfd01F.dat [2009.07.14 07:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 07:33:53 | 000,261,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 05:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 05:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 05:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 05:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 05:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 05:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 02:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.04.16 13:24:14 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2009.04.16 13:24:14 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2009.04.16 13:24:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2009.04.16 13:24:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll ========== LOP Check ========== [2011.04.30 12:34:52 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\Artweaver Plus [2011.04.30 21:35:00 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\Blender Foundation [2011.04.23 23:52:48 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\DataCast [2011.04.23 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\Easeware [2011.04.23 18:08:04 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\FileZilla [2011.04.30 13:03:59 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\Foxit Software [2011.04.30 12:59:55 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\GetRightToGo [2011.04.24 23:49:24 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\Opera [2011.05.18 18:38:48 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\Thinstall [2011.04.30 12:44:59 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\Uniblue [2011.05.09 13:47:34 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\uTorrent [2011.04.30 21:12:57 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\Yandex [2009.07.14 07:53:46 | 000,008,862 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.04.26 11:29:29 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\Adobe [2011.04.30 21:35:00 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\Blender Foundation [2011.04.23 23:52:48 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\DataCast [2011.05.01 19:58:57 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\DivX [2011.04.23 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\Easeware [2011.04.23 18:08:04 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\FileZilla [2011.04.30 13:03:59 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\Foxit Software [2011.04.30 12:59:55 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\GetRightToGo [2011.04.23 17:33:27 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\Identities [2011.04.23 17:42:04 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\Macromedia [2011.05.21 13:13:41 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\Malwarebytes [2011.05.09 19:47:57 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\Media Player Classic [2011.04.24 21:46:58 | 000,000,000 | --SD | M] -- C:\Users\Kargi\AppData\Roaming\Microsoft [2011.04.23 17:46:32 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\Mozilla [2011.04.24 23:49:24 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\Opera [2011.05.21 13:49:52 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\Skype [2011.05.21 10:37:53 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\skypePM [2011.05.18 18:38:48 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\Thinstall [2011.04.23 18:18:38 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\WinRAR [2011.04.30 21:12:57 | 000,000,000 | ---D | M] -- C:\Users\Kargi\AppData\Roaming\Yandex < %APPDATA%\*.exe /s > [2011.04.26 11:29:02 | 012,795,016 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Kargi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller2x0\airinstaller2x0.exe < %SYSTEMDRIVE%\*.exe > [2008.01.21 05:23:32 | 000,013,312 | R--- | M] (Microsoft Corporation) -- C:\setupSNK.exe < MD5 for: AGP440.SYS > [2009.07.14 04:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\drivers\AGP440.sys [2009.07.14 04:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 04:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 04:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 04:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 04:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\drivers\atapi.sys [2009.07.14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 04:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\System32\cngaudit.dll [2009.07.14 04:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 04:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 04:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 04:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.07.14 04:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 08:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 08:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows.old\Windows\explorer.exe [2009.10.31 08:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.10.31 08:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 08:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe [2011.02.26 08:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 08:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 08:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 08:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.08.03 08:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 09:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [2009.10.31 09:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 08:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 08:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 08:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011.03.11 08:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 08:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 04:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys [2009.07.14 04:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 04:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2009.07.14 04:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 04:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2011.03.11 08:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 04:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\System32\netlogon.dll [2009.07.14 04:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll [2009.07.14 04:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 04:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 08:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 08:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 08:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 08:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 08:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2009.07.14 04:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\System32\drivers\nvstor.sys [2009.07.14 04:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 04:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys [2009.07.14 04:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 04:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: NVSTOR32.SYS > [2009.08.04 17:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\Win7\sataraid\nvstor32.sys [2009.08.04 17:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\WinVista\sataraid\nvstor32.sys [2009.08.04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\Win7\sata_ide\nvstor32.sys [2009.08.04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\WinVista\sata_ide\nvstor32.sys < MD5 for: SCECLI.DLL > [2009.07.14 04:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\System32\scecli.dll [2009.07.14 04:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2009.07.14 04:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 04:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 04:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows.old\Windows\System32\user32.dll [2009.07.14 04:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2009.07.14 04:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 04:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\System32\userinit.exe [2009.07.14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 09:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows.old\Windows\System32\winlogon.exe [2009.10.28 09:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 09:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 09:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 08:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.10.28 08:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 04:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2009.07.14 04:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 02:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys [2009.07.14 02:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 02:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 04:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.07.14 04:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2011.02.24 08:29:55 | 000,185,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll < End of report > |
|
21.05.2011, 15:15
| #4 |
| | Yahoo Search Redirect Virus EXTRAS.TXTOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.05.2011 14:22:01 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kargi\Downloads
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041f | Country: Türkiye | Language: TRK | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 57,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,01 Gb Total Space | 25,84 Gb Free Space | 25,84% Space Free | Partition Type: NTFS
Drive D: | 132,78 Gb Total Space | 52,89 Gb Free Space | 39,84% Space Free | Partition Type: NTFS
Drive G: | 100,00 Mb Total Space | 37,77 Mb Free Space | 37,77% Space Free | Partition Type: NTFS
Computer Name: KARGI-EXPER | User Name: Kargi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3260133423-2253578972-2420577606-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54DF35BD-4A36-35DA-B029-A0C083C88614}" = Google Chrome
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CA199A8-574E-432F-A98F-A55741E233D1}_is1" = 3GP Player 2010
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98F690C6-1D6D-46AD-A93A-F7C56B02FA57}_is1" = Artweaver Plus 2.0
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1EEC87C-E30F-3BAD-9D3C-F225873EC0CF}" = Microsoft .NET Framework 4 Client Profile TRK Language Pack
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D60F533D-0CBF-475F-8300-8B13799775D0}" = Foxit Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Blender" = Blender
"CCleaner" = CCleaner
"Clip Extractor Toolbar" = Clip Extractor Toolbar
"Clip Extractor_is1" = Clip Extractor 3.0.0.3
"Elantech" = ETDWare PS/2-x86 7.0.6.5_WHQL
"FileZilla Client" = FileZilla Client 3.4.0
"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"Joboshare Video Converter" = Joboshare Video Converter
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile TRK Language Pack" = Microsoft .NET Framework 4 İstemci Profili TRK Dil Paketi
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3260133423-2253578972-2420577606-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 08.05.2011 10:10:26 | Computer Name = Kargi-EXPER | Source = Application Error | ID = 1000
Description = Hatalı uygulama adı: MovieMaker.exe, sürüm: 15.4.3508.1109, zaman
damgası: 0x4cda7233 Hatalı modül adı: msvcrt.dll, sürüm: 7.0.7600.16385, zaman damgası:
0x4a5bda6f Özel durum kodu: 0xc0000005 Hata uzaklığı 0x00009b60 Hatalı işlem kimliği:
0x368 Uygulama başlangıç zamanı: 0x01cc0d887bfe6c94 Hatalı uygulama yolu: C:\Program
Files\Windows Live\Photo Gallery\MovieMaker.exe Hatalı modül yolu: C:\Windows\system32\msvcrt.dll
Rapor
kimliği: eb896375-797c-11e0-9fd8-00158315a310
Error - 08.05.2011 10:11:26 | Computer Name = Kargi-EXPER | Source = Application Error | ID = 1000
Description = Hatalı uygulama adı: MovieMaker.exe, sürüm: 15.4.3508.1109, zaman
damgası: 0x4cda7233 Hatalı modül adı: msvcrt.dll, sürüm: 7.0.7600.16385, zaman damgası:
0x4a5bda6f Özel durum kodu: 0xc0000005 Hata uzaklığı 0x00009b60 Hatalı işlem kimliği:
0x698 Uygulama başlangıç zamanı: 0x01cc0d89be07f7d7 Hatalı uygulama yolu: C:\Program
Files\Windows Live\Photo Gallery\MovieMaker.exe Hatalı modül yolu: C:\Windows\system32\msvcrt.dll
Rapor
kimliği: 0f03a251-797d-11e0-9fd8-00158315a310
Error - 08.05.2011 12:23:15 | Computer Name = Kargi-EXPER | Source = Application Hang | ID = 1002
Description = firefox.exe programının 2.0.1.4120 sürümü, Windows ile birlikte çalışmayı
durdurdu ve kapatıldı. Sorun hakkında daha fazla bilgi olup olmadığını görmek için
Eylem Merkezi denetim masasında sorunun geçmişini denetleyin. İşlem Kimlik No: d64
Başlatma
Saati: 01cc0d9bc1a36612 Sona Erdirme Saati: 99 Uygulama Yolu: C:\Program Files\Mozilla
Firefox\firefox.exe Rapor Kimliği: 711faf6c-798f-11e0-860a-00158315a310
Error - 19.05.2011 16:42:16 | Computer Name = Kargi-EXPER | Source = Application Error | ID = 1000
Description = Hatalı uygulama adı: plugin-container.exe, sürüm: 2.0.1.4120, zaman
damgası: 0x4da6a99c Hatalı modül adı: coreclr.dll, sürüm: 4.0.60310.0, zaman damgası:
0x4d786298 Özel durum kodu: 0xc00000fd Hata uzaklığı 0x0000bd7f Hatalı işlem kimliği:
0xd68 Uygulama başlangıç zamanı: 0x01cc1528c4fb04f7 Hatalı uygulama yolu: C:\Program
Files\Mozilla Firefox\plugin-container.exe Hatalı modül yolu: C:\Program Files\Microsoft
Silverlight\4.0.60310.0\coreclr.dll Rapor kimliği: 7b1c525c-8258-11e0-b7e4-00158315a310
Error - 20.05.2011 17:43:21 | Computer Name = Kargi-EXPER | Source = Application Error | ID = 1000
Description = Hatalı uygulama adı: Skype.exe, sürüm: 5.3.0.111, zaman damgası: 0x4dac4a84
Hatalı
modül adı: SISGRUMD.dll, sürüm: 8.14.10.5260, zaman damgası: 0x4b289064 Özel durum
kodu: 0xc000008e Hata uzaklığı 0x0019306d Hatalı işlem kimliği: 0x3e28 Uygulama başlangıç
zamanı: 0x01cc1736d0fa5f7d Hatalı uygulama yolu: C:\Program Files\Skype\Phone\Skype.exe
Hatalı
modül yolu: C:\Windows\system32\SISGRUMD.dll Rapor kimliği: 2dc9673b-832a-11e0-958c-00158315a310
Error - 20.05.2011 17:44:07 | Computer Name = Kargi-EXPER | Source = Application Error | ID = 1000
Description = Hatalı uygulama adı: Skype.exe, sürüm: 5.3.0.111, zaman damgası: 0x4dac4a84
Hatalı
modül adı: SISGRUMD.dll, sürüm: 8.14.10.5260, zaman damgası: 0x4b289064 Özel durum
kodu: 0xc000008e Hata uzaklığı 0x0019306d Hatalı işlem kimliği: 0x3924 Uygulama başlangıç
zamanı: 0x01cc1736fc32640e Hatalı uygulama yolu: C:\Program Files\Skype\Phone\Skype.exe
Hatalı
modül yolu: C:\Windows\system32\SISGRUMD.dll Rapor kimliği: 49240fe4-832a-11e0-958c-00158315a310
Error - 20.05.2011 17:44:41 | Computer Name = Kargi-EXPER | Source = Application Hang | ID = 1002
Description = Skype.exe programının 5.3.0.111 sürümü, Windows ile birlikte çalışmayı
durdurdu ve kapatıldı. Sorun hakkında daha fazla bilgi olup olmadığını görmek için
Eylem Merkezi denetim masasında sorunun geçmişini denetleyin. İşlem Kimlik No: 3924
Başlatma
Saati: 01cc1736fc32640e Sona Erdirme Saati: 22 Uygulama Yolu: C:\Program Files\Skype\Phone\Skype.exe
Rapor
Kimliği: 57deb97b-832a-11e0-958c-00158315a310
Error - 20.05.2011 17:45:22 | Computer Name = Kargi-EXPER | Source = Application Error | ID = 1000
Description = Hatalı uygulama adı: Skype.exe, sürüm: 5.3.0.111, zaman damgası: 0x4dac4a84
Hatalı
modül adı: SISGRUMD.dll, sürüm: 8.14.10.5260, zaman damgası: 0x4b289064 Özel durum
kodu: 0xc000008e Hata uzaklığı 0x0019306d Hatalı işlem kimliği: 0x1418 Uygulama başlangıç
zamanı: 0x01cc17370fece192 Hatalı uygulama yolu: C:\Program Files\Skype\Phone\Skype.exe
Hatalı
modül yolu: C:\Windows\system32\SISGRUMD.dll Rapor kimliği: 76086b2b-832a-11e0-958c-00158315a310
Error - 20.05.2011 17:45:48 | Computer Name = Kargi-EXPER | Source = Application Error | ID = 1000
Description = Hatalı uygulama adı: Skype.exe, sürüm: 5.3.0.111, zaman damgası: 0x4dac4a84
Hatalı
modül adı: SISGRUMD.dll, sürüm: 8.14.10.5260, zaman damgası: 0x4b289064 Özel durum
kodu: 0xc000008e Hata uzaklığı 0x0019306d Hatalı işlem kimliği: 0x15f4 Uygulama başlangıç
zamanı: 0x01cc17373d619815 Hatalı uygulama yolu: C:\Program Files\Skype\Phone\Skype.exe
Hatalı
modül yolu: C:\Windows\system32\SISGRUMD.dll Rapor kimliği: 85df5e5b-832a-11e0-958c-00158315a310
Error - 21.05.2011 03:40:03 | Computer Name = Kargi-EXPER | Source = Application Hang | ID = 1002
Description = firefox.exe programının 2.0.1.4120 sürümü, Windows ile birlikte çalışmayı
durdurdu ve kapatıldı. Sorun hakkında daha fazla bilgi olup olmadığını görmek için
Eylem Merkezi denetim masasında sorunun geçmişini denetleyin. İşlem Kimlik No: db8
Başlatma
Saati: 01cc1789f703ced9 Sona Erdirme Saati: 20 Uygulama Yolu: C:\Program Files\Mozilla
Firefox\firefox.exe Rapor Kimliği: 84b9d686-837d-11e0-97ff-00158315a310
[ System Events ]
Error - 09.05.2011 16:49:05 | Computer Name = Kargi-EXPER | Source = volsnap | ID = 393252
Description = Gölge kopya depolama ortamı kullanıcı tarafından tanımlanan bir sınır
nedeniyle büyütülemediğinden C: biriminin gölge kopyaları durduruldu.
Error - 10.05.2011 02:01:28 | Computer Name = Kargi-EXPER | Source = Service Control Manager | ID = 7011
Description = N360 hizmetinden işlem yanıtı beklenirken zaman aşımı (30000 milisaniye)
oluştu.
Error - 13.05.2011 02:15:26 | Computer Name = Kargi-EXPER | Source = Service Control Manager | ID = 7011
Description = Netman hizmetinden işlem yanıtı beklenirken zaman aşımı (30000 milisaniye)
oluştu.
Error - 13.05.2011 11:54:17 | Computer Name = Kargi-EXPER | Source = volsnap | ID = 393252
Description = Gölge kopya depolama ortamı kullanıcı tarafından tanımlanan bir sınır
nedeniyle büyütülemediğinden C: biriminin gölge kopyaları durduruldu.
Error - 14.05.2011 01:57:49 | Computer Name = Kargi-EXPER | Source = Service Control Manager | ID = 7011
Description = ShellHWDetection hizmetinden işlem yanıtı beklenirken zaman aşımı
(30000 milisaniye) oluştu.
Error - 14.05.2011 01:57:58 | Computer Name = Kargi-EXPER | Source = Server | ID = 2505
Description = Sunucu, aynı ağda bir başka bilgisayarın aynı ada sahip olması nedeniyle
\Device\NetBT_Tcpip_{2517F5CC-3BF6-4A0B-B44F-96ECB922E593} ulaşım hizmetine bağlanamadı.
Sunucu başlayamadı.
Error - 14.05.2011 13:45:03 | Computer Name = Kargi-EXPER | Source = Disk | ID = 262151
Description = \Device\Harddisk0\DR0 aygıtında bozuk bir blok oluştu.
Error - 14.05.2011 13:53:03 | Computer Name = Kargi-EXPER | Source = Disk | ID = 262151
Description = \Device\Harddisk0\DR0 aygıtında bozuk bir blok oluştu.
Error - 16.05.2011 08:06:58 | Computer Name = Kargi-EXPER | Source = DCOM | ID = 10010
Description =
Error - 19.05.2011 03:34:53 | Computer Name = Kargi-EXPER | Source = Service Control Manager | ID = 7011
Description = Netman hizmetinden işlem yanıtı beklenirken zaman aşımı (30000 milisaniye)
oluştu.
< End of report >
|
|
21.05.2011, 15:46
| #5 |
| /// Malware-holic | Yahoo Search Redirect Virus bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.05.2011, 17:08
| #6 |
| | Yahoo Search Redirect Virus Combofix Logfile: Code:
ATTFilter ComboFix 11-05-19.02 - Kargi 21.05.2011 18:48:11.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1254.90.1055.18.1789.867 [GMT 3:00]
Running from: c:\users\Kargi\Downloads\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Clip Extractor Toolbar\tbHElper.dll
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
C:\test.txt
c:\windows\system32\muzapp.exe
.
----- BITS: Possible infected sites -----
.
hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2011-04-21 to 2011-05-21 )))))))))))))))))))))))))))))))
.
.
2011-05-21 15:56 . 2011-05-21 15:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-21 10:11 . 2010-12-20 15:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-21 10:11 . 2011-05-21 10:11 -------- d-----w- c:\programdata\Malwarebytes
2011-05-21 10:11 . 2010-12-20 15:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-21 10:11 . 2011-05-21 10:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-18 23:53 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 06:33 . 2011-05-11 06:34 -------- d-----w- C:\TEMP
2011-05-10 19:23 . 2011-03-25 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-10 19:23 . 2011-03-25 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-10 19:23 . 2011-03-25 03:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-10 19:23 . 2011-03-25 03:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-10 19:23 . 2011-03-25 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-10 19:23 . 2011-03-25 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-10 19:23 . 2011-03-25 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-10 19:23 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-10 19:23 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-09 16:22 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-05-09 16:22 . 2011-02-28 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-05-09 16:22 . 2010-12-07 18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2011-05-09 16:22 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll
2011-05-08 10:06 . 2011-05-08 10:06 -------- d-----w- c:\programdata\Pinnacle
2011-05-08 09:14 . 2011-05-08 09:14 -------- d-----w- c:\windows\de
2011-05-02 12:46 . 2006-01-24 08:31 209608 ----a-w- c:\windows\system32\TABCTL32.OCX
2011-05-02 12:46 . 2000-10-01 21:00 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2011-05-02 12:46 . 1998-06-23 21:00 67376 ----a-w- c:\windows\system32\SYSINFO.OCX
2011-05-02 12:46 . 2004-05-04 09:53 1645320 ----a-w- c:\program files\Common Files\Microsoft Shared\VFP\gdiplus.dll
2011-05-01 16:10 . 2011-05-07 21:04 -------- d-----w- C:\tmp
2011-04-30 19:06 . 2011-04-30 19:06 -------- d-----w- c:\windows\system32\QuickTime
2011-04-30 18:34 . 2011-04-30 18:34 -------- d-----w- c:\program files\Blender Foundation
2011-04-30 18:07 . 2011-04-30 18:16 -------- d-----w- c:\program files\backburner 2
2011-04-30 10:37 . 2004-06-02 10:19 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-04-30 10:37 . 2004-05-30 09:13 106609 ----a-w- c:\windows\system32\MaJUtilLib.dll
2011-04-30 10:37 . 2004-03-22 06:14 49152 ----a-r- c:\windows\system32\MaJGUILib.dll
2011-04-30 09:59 . 2002-08-19 07:25 373760 ----a-w- c:\windows\system32\xwpdlx20.ocx
2011-04-30 09:59 . 2001-03-13 10:51 1066176 ----a-w- c:\windows\system32\Mscomctl.ocx
2011-04-30 09:59 . 2000-08-21 08:22 1388544 ----a-w- c:\windows\system32\temp.000
2011-04-30 09:32 . 2011-04-30 09:29 737280 ----a-w- c:\windows\iun6002.exe
2011-04-24 20:51 . 2011-04-30 10:02 -------- d-----w- c:\program files\Opera
2011-04-24 20:50 . 2011-04-24 20:50 -------- d-----w- c:\program files\Google
2011-04-24 20:50 . 2011-04-24 20:50 -------- d-----w- c:\program files\Foxit Software
2011-04-24 20:50 . 2011-05-11 06:36 -------- d-----w- c:\program files\7-Zip
2011-04-24 20:48 . 2009-04-29 11:01 516096 ----a-w- c:\windows\system32\VMUVC.ax
2011-04-24 20:48 . 2008-09-18 11:28 98304 ----a-w- c:\windows\system32\VMCtrl.ax
2011-04-24 20:48 . 2008-07-01 06:16 188416 ----a-w- c:\windows\system32\vvftUVC.ax
2011-04-24 20:48 . 2009-05-25 12:31 252416 ----a-w- c:\windows\system32\drivers\VMUVC.sys
2011-04-24 20:48 . 2008-07-01 06:12 398720 ----a-w- c:\windows\system32\drivers\vvftUVC.sys
2011-04-24 20:48 . 2007-04-12 17:59 73728 ----a-w- c:\windows\system32\exvmuvc.ax
2011-04-24 20:48 . 2008-09-02 12:47 94208 ----a-w- c:\windows\system32\VvFtCtrl.dll
2011-04-24 20:48 . 2008-02-29 05:11 11776 ----a-w- c:\windows\system32\VMUVC.dll
2011-04-24 20:48 . 2011-04-24 20:48 -------- d-----w- c:\program files\Apoint2K
2011-04-24 20:46 . 2011-04-24 20:46 -------- d-----w- c:\program files\Realtek
2011-04-24 20:45 . 2009-08-01 16:10 58400 ----a-w- c:\windows\system32\drivers\sisagpx.sys
2011-04-24 20:45 . 2007-05-01 19:21 14128 ----a-w- c:\windows\system32\drivers\vmmouse.sys
2011-04-24 20:28 . 2011-04-24 20:28 -------- d-----w- c:\program files\MSXML 4.0
2011-04-24 11:08 . 2009-07-29 23:36 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2011-04-24 11:07 . 2011-04-24 11:07 -------- d-----w- C:\NVIDIA
2011-04-24 09:18 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-04-24 09:13 . 2009-11-25 09:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-04-24 09:13 . 2009-11-25 09:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-04-24 09:13 . 2009-11-25 09:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-04-24 09:13 . 2009-11-25 09:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-04-24 09:13 . 2009-11-25 09:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-04-24 09:01 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-04-24 09:01 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-04-24 09:00 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-04-24 00:16 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2011-04-24 00:15 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
2011-04-24 00:14 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2011-04-24 00:08 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-04-24 00:08 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-04-24 00:08 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll
2011-04-23 20:53 . 2011-04-23 20:58 -------- d-----w- C:\ttt
2011-04-23 20:52 . 2011-04-23 20:49 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-23 20:52 . 2011-04-23 20:52 -------- d-----w- c:\program files\MarkAny
2011-04-23 20:52 . 2011-04-23 20:52 -------- d-----w- c:\program files\InstallShield Installation Information
2011-04-23 20:52 . 2011-04-23 20:52 -------- d-----w- c:\program files\Samsung
2011-04-23 16:01 . 2011-04-23 16:01 -------- d-----w- c:\program files\NVIDIA Corporation
2011-04-23 16:00 . 2011-04-23 16:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-04-23 15:47 . 2011-04-30 13:53 -------- dc-h--w- c:\programdata\~0
2011-04-23 15:33 . 2011-04-23 15:33 -------- d-----w- c:\windows\tr
2011-04-23 15:31 . 2011-04-23 15:31 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-04-23 15:29 . 2011-04-23 15:29 -------- d-----w- c:\windows\PCHEALTH
2011-04-23 15:28 . 2011-04-23 15:31 -------- d-----w- c:\program files\Windows Live
2011-04-23 15:27 . 2009-09-04 14:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-04-23 15:27 . 2009-09-04 14:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-04-23 15:27 . 2009-09-04 14:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-04-23 15:26 . 2006-11-29 10:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-04-23 15:24 . 2011-04-25 06:18 -------- d-----w- c:\program files\Microsoft Silverlight
2011-04-23 15:24 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2011-04-23 15:24 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-04-23 15:23 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-04-23 15:23 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2011-04-23 15:23 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-04-23 15:21 . 2011-04-23 15:21 -------- d-----w- c:\program files\Common Files\Windows Live
2011-04-23 15:19 . 2011-05-21 15:56 -------- d-----w- c:\program files\Clip Extractor Toolbar
2011-04-23 15:19 . 2011-04-25 06:25 -------- d-----w- c:\program files\Microsoft.NET
2011-04-23 15:18 . 2011-04-23 15:19 -------- d-----w- c:\program files\Clip Extractor
2011-04-23 15:01 . 2011-05-21 07:47 -------- d-----w- c:\programdata\Skype Extras
2011-04-23 15:00 . 2011-04-23 15:00 -------- d-----w- c:\program files\FileZilla FTP Client
2011-04-23 14:59 . 2011-04-23 14:59 -------- d-----w- c:\program files\Common Files\Skype
2011-04-23 14:59 . 2011-04-23 14:59 -------- d-----r- c:\program files\Skype
2011-04-23 14:58 . 2011-05-09 16:16 -------- d-sh--w- c:\windows\Installer
2011-04-23 14:58 . 2011-04-23 14:59 -------- d-----w- c:\programdata\Skype
2011-04-23 14:57 . 2011-04-23 14:57 -------- dc----w- c:\windows\system32\DRVSTORE
2011-04-23 14:57 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-23 14:57 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-04-23 14:57 . 2011-04-23 17:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-04-23 14:57 . 2011-04-23 14:57 -------- d-----w- c:\program files\Symantec
2011-04-23 14:57 . 2011-04-23 14:57 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-04-23 14:56 . 2011-04-23 14:56 -------- d-----w- c:\program files\CCleaner
2011-04-23 14:55 . 2011-04-24 20:40 -------- d-----w- c:\windows\system32\drivers\N360
2011-04-23 14:55 . 2011-04-23 14:55 -------- d-----w- c:\program files\Norton 360
2011-04-23 14:54 . 2011-04-23 14:55 -------- d-----w- c:\programdata\Norton
2011-04-23 14:50 . 2011-04-23 14:54 -------- d-----w- c:\program files\NortonInstaller
2011-04-23 14:42 . 2011-04-23 14:42 -------- d-----w- c:\windows\system32\Macromed
2011-04-23 14:41 . 2011-04-23 14:42 -------- d--h--w- c:\windows\AxInstSV
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-23 15:28 . 2010-06-24 08:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-14 16:40 . 2011-05-20 08:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-09 4240760]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-24 10025576]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-04-13 548744]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-06-09 251248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-04-18 14:30 15146376 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
2009-04-16 10:23 479232 ----a-w- c:\program files\Samsung\EmoDio\SMSTray.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Güncelleme Hizmeti (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 136176]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 109960]
R3 gupdatem;Google Güncelleme Hizmeti (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 136176]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110518.001\BHDrvx86.sys [2011-04-18 802936]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110518.001\IDSvix86.sys [2011-03-29 353912]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-09 105592]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-12-15 376832]
S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2009-12-16 465920]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Aygıtı NDIS 6.0 Sürücüsü;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-05-25 252416]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 398720]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 20:50]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 20:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.bigseekpro.com/clipextractor/{1F44E312-6FE2-490D-87E9-5492257F1953}
FF - ProfilePath - c:\users\Kargi\AppData\Roaming\Mozilla\Firefox\Profiles\sd0pdf2u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-21 18:59:14
ComboFix-quarantined-files.txt 2011-05-21 15:59
.
Pre-Run: 35.289.419.776 bayt boş
Post-Run: 35.275.149.312 bayt boş
.
- - End Of File - - E91C80E2457F9E9BC5668C28A764A545
|
|
21.05.2011, 17:19
| #7 |
| /// Malware-holic | Yahoo Search Redirect Virus poste einen GMER report bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.05.2011, 18:14
| #8 |
| | Yahoo Search Redirect Virus GMER Logfile: Code:
ATTFilter GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-21 20:12:08
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MJA2250BH_G2 rev.00000018
Running: 86fumc3h.exe; Driver: C:\Users\Kargi\AppData\Local\Temp\pgdyaaod.sys
---- System - GMER 1.0.15 ----
SSDT 85EABA10 ZwAlertResumeThread
SSDT 85EB3B88 ZwAlertThread
SSDT 85FE6EB8 ZwAllocateVirtualMemory
SSDT 85620528 ZwAlpcConnectPort
SSDT 85EFF490 ZwAssignProcessToJobObject
SSDT 85FEC008 ZwCreateMutant
SSDT 85FEFA98 ZwCreateSymbolicLinkObject
SSDT 85FE60B8 ZwCreateThread
SSDT 85FEFE68 ZwCreateThreadEx
SSDT 85F00F50 ZwDebugActiveProcess
SSDT 85FE5850 ZwDuplicateObject
SSDT 85FE6858 ZwFreeVirtualMemory
SSDT 85EE2048 ZwImpersonateAnonymousToken
SSDT 85ECD048 ZwImpersonateThread
SSDT 85627EA0 ZwLoadDriver
SSDT 85FE6738 ZwMapViewOfSection
SSDT 85EE37A8 ZwOpenEvent
SSDT 85FE5AB0 ZwOpenProcess
SSDT 85E68768 ZwOpenProcessToken
SSDT 85EDC048 ZwOpenSection
SSDT 85FE59A0 ZwOpenThread
SSDT 85FEE578 ZwProtectVirtualMemory
SSDT 85EA9048 ZwResumeThread
SSDT 85727048 ZwSetContextThread
SSDT 85FE4E78 ZwSetInformationProcess
SSDT 85EE78E8 ZwSetSystemInformation
SSDT 85EE2CD8 ZwSuspendProcess
SSDT 85EA6048 ZwSuspendThread
SSDT 85E64048 ZwTerminateProcess
SSDT 85E6A048 ZwTerminateThread
SSDT 85E68C50 ZwUnmapViewOfSection
SSDT 85FE6B68 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82A45569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A6A092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 224 82A71834 8 Bytes JMP EB3B8885
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82A7184C 4 Bytes [B8, 6E, FE, 85]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82A71858 4 Bytes [28, 05, 62, 85]
.text ntkrnlpa.exe!RtlSidHashLookup + 29C 82A718AC 4 Bytes [90, F4, EF, 85]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 82A71928 4 Bytes [08, C0, FE, 85]
.text ...
? C:\Windows\system32\Drivers\PROCEXP113.SYS Sistem belirtilen dosyayı bulamıyor. !
? C:\Users\Kargi\AppData\Local\Temp\catchme.sys Sistem belirtilen dosyayı bulamıyor. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4404] USER32.dll!SetWindowLongA 76CAB1E3 5 Bytes JMP 641D8DD9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4404] USER32.dll!SetWindowLongW 76CB6614 5 Bytes JMP 641D8D6B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4404] USER32.dll!GetWindowInfo 76CB6A82 5 Bytes JMP 64007187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4404] USER32.dll!TrackPopupMenu 76CD4B3B 5 Bytes JMP 64007781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4640] ntdll.dll!LdrLoadDll 76F9F5B5 5 Bytes JMP 00101410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5192] USER32.dll!TrackPopupMenu 76CD4B3B 5 Bytes JMP 64007781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000071 bthport.sys (Bluetooth Veriyolu Sürücüsü/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000073 bthport.sys (Bluetooth Veriyolu Sürücüsü/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a310
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet)
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 1.0.15 ----
|
|
22.05.2011, 15:55
| #9 |
| /// Malware-holic | Yahoo Search Redirect Virus lade cureit http://www.trojaner-board.de/59299-a...eb-cureit.html anders als beschrieben, scan im normalen modus ausführen, schalte alle laufenden programme ab, nutze den schnell scan, poste die csv datei, mit den funden.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Yahoo Search Redirect Virus |
| folge, folgendes, gefunde, hijack, hijackthis, inter, interne, internet, laufe, laufen, malware, nervt, nichts, redirect, schei, search, surfe, unterstützung, virus, woche, wochen, yahoo, yahoo search, öfter |
Linear-Darstellung
