Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with something which creates tons of .exe files


  • Please log in to reply
1 reply to this topic

#1 ch2163

ch2163

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 19 October 2010 - 05:18 PM

THANK YOU TEAM!!!!


DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by burak at 16:44:43.23 on Tue 10/19/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows Server 2008 R2 Standard 6.1.7600.0.1252.1.1033.18.4094.2521 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\PROGRA~2\Intuit\QUICKB~2.0\QBDBMgrN.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\System32\svchost.exe -k tapisrv
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\fxssvc.exe
C:\Windows\system32\svchost -k nvspwmi
C:\Windows\system32\svchost -k virtsvcs
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
C:\Windows\system32\vmms.exe
C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceRemoteDesktopHyperVAgent
C:\Windows\System32\svchost.exe -k termsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\TEMP\Gki.exe
C:\Windows\TEMP\Gkb.exe
C:\Windows\TEMP\Gkc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\oobe.exe
C:\Windows\Temp\xgy1k4k.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Temp\rdqj6v827.exe
C:\Windows\Temp\zbfbggvw.exe
C:\Windows\Temp\m45l6.exe
C:\Windows\Temp\ikwqpx.exe
C:\Windows\Temp\rseo5ter.exe
C:\Windows\Temp\eommh.exe
C:\Windows\Temp\hhko2.exe
C:\Windows\Temp\evlg0dnf.exe
C:\Windows\Temp\w1h3w.exe
C:\Windows\Temp\fsbiidv.exe
C:\Windows\Temp\cpd2et.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Temp\ionc04bz.exe
C:\Windows\Temp\qduff6pq.exe
C:\Windows\Temp\xu012c95.exe
C:\Windows\Temp\vc79d6fbv.exe
C:\Windows\Temp\ccm61.exe
C:\Windows\Temp\zsrmuyb915.exe
C:\Windows\Temp\tqnoqmvk.exe
C:\Users\burak\AppData\Roaming\Eshuy\tiudu.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Temp\fwrt2xc.exe
C:\Windows\Temp\ltm73l5is.exe
C:\Windows\Temp\r7e144.exe
C:\Windows\Temp\f8ey9jwqm.exe
C:\Windows\spoolsv.exe
C:\Windows\Temp\drweb.exe
C:\Windows\debug.exe
C:\Users\burak\AppData\Local\Temp\2\sysedit.exe
C:\Windows\winamp.exe
C:\Windows\Temp\avp32.exe
C:\Windows\avp.exe
C:\Users\burak\WINDOWS\win.exe
C:\Windows\Temp\2166838466.exe
C:\Users\burak\WINDOWS\drweb.exe
C:\Windows\Temp\762866805.exe
C:\Windows\Temp\uybl890wy0ei0.exe
C:\Windows\Temp\skzwwyfo5w.exe
C:\Windows\Temp\w5omkq8r62ce1d.exe
C:\Windows\Temp\hvu7brdazfgalt.exe
C:\Windows\mdm.exe
C:\Windows\Temp\sysedit.exe
C:\Windows\Temp\wininst.exe
C:\Users\burak\WINDOWS\debug.exe
"C:\Windows\svchost.exe"
C:\Users\burak\WINDOWS\taskmgr.exe
C:\Windows\install.exe
C:\Users\burak\WINDOWS\gdi32.exe
C:\Windows\avp32.exe
C:\Windows\taskmgr.exe
C:\Windows\Temp\login.exe
C:\Windows\wininst.exe
C:\Windows\setup.exe
C:\Windows\Temp\taskmgr.exe
C:\Windows\Temp\win16.exe
C:\Windows\Temp\gdi32.exe
C:\Users\burak\AppData\Local\Temp\2\win.exe
C:\Windows\Temp\mdm.exe
C:\Windows\iexplarer.exe
C:\Windows\user.exe
C:\Users\burak\AppData\Local\Temp\2\gdi32.exe
C:\Users\burak\AppData\Local\Temp\2\winamp.exe
C:\Users\burak\AppData\Local\Temp\2\hexdump.exe
C:\Users\burak\AppData\Local\Temp\2\avp32.exe
C:\Windows\drweb.exe
C:\Windows\Temp\win32.exe
"C:\Users\burak\WINDOWS\svchost.exe"
C:\Users\burak\AppData\Local\Temp\2\setup.exe
C:\Windows\nvsvc32.exe
C:\Windows\win32.exe
C:\Windows\Temp\spoolsv.exe
C:\Windows\Temp\system.exe
C:\Users\burak\WINDOWS\sysedit.exe
C:\Users\burak\WINDOWS\iexplarer.exe
C:\Users\burak\AppData\Local\Temp\2\mdm.exe
C:\Users\burak\WINDOWS\hexdump.exe
C:\Users\burak\AppData\Local\Temp\2\wininst.exe
C:\Users\burak\WINDOWS\system.exe
C:\Users\burak\AppData\Local\Temp\2\taskmgr.exe
C:\Windows\hexdump.exe
C:\Users\burak\WINDOWS\mdm.exe
C:\Windows\Temp\debug.exe
C:\Users\burak\AppData\Local\Temp\2\drweb.exe
C:\Users\burak\WINDOWS\install.exe
C:\Windows\Temp\setup.exe
C:\Users\burak\AppData\Local\Temp\2\spoolsv.exe
C:\Users\burak\AppData\Local\Temp\2\system.exe
C:\Users\burak\WINDOWS\win32.exe
C:\Users\burak\WINDOWS\setup.exe
C:\Users\burak\WINDOWS\user.exe
C:\Users\burak\AppData\Local\Temp\2\nvsvc32.exe
C:\Users\burak\AppData\Local\Temp\2\win16.exe
C:\Users\burak\WINDOWS\winamp.exe
C:\Users\burak\AppData\Local\Temp\2\iexplarer.exe
C:\Users\burak\WINDOWS\spoolsv.exe
C:\Users\burak\WINDOWS\nvsvc32.exe
C:\Users\burak\AppData\Local\Temp\2\login.exe
C:\Users\burak\WINDOWS\login.exe
C:\Users\burak\WINDOWS\avp32.exe
C:\Users\burak\AppData\Local\Temp\2\install.exe
C:\Users\burak\WINDOWS\avp.exe
"C:\Users\burak\AppData\Local\Temp\2\svchost.exe"
C:\Users\burak\AppData\Local\Temp\2\user.exe
C:\Users\burak\WINDOWS\wininst.exe
C:\Users\burak\AppData\Local\Temp\2\avp.exe
C:\Users\burak\AppData\Local\Temp\2\win32.exe
C:\Windows\login.exe
C:\Windows\Temp\user.exe
C:\Windows\Temp\iexplarer.exe
"C:\Windows\Temp\svchost.exe"
C:\Windows\win.exe
C:\Windows\Temp\install.exe
C:\Windows\system.exe
C:\Windows\Temp\nvsvc32.exe
C:\Windows\system32\tlsbln.exe
C:\Windows\gdi32.exe
C:\Windows\Temp\win.exe
C:\Windows\sysedit.exe
C:\PROGRA~2\Intuit\QUICKB~1.0\QBDBMgrN.exe
C:\Users\burak\AppData\Local\Temp\1\nvsvc32.exe
C:\Windows\Temp\qduff6pq.exe
C:\Windows\Temp\ionc04bz.exe
C:\Windows\Temp\vc79d6fbv.exe
C:\Windows\Temp\ccm61.exe
C:\Users\burak\AppData\Local\Temp\1\debug.exe
C:\Windows\Temp\zsrmuyb915.exe
C:\Windows\Temp\tqnoqmvk.exe
C:\Windows\Temp\xu012c95.exe
C:\Windows\Temp\user.exe
C:\Users\burak\AppData\Local\Temp\1\svchost.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\Temp\iexplarer.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\burak\AppData\Local\Temp\1\avp32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\Temp\zbfbggvw.exe
C:\Users\burak\AppData\Local\Temp\1\install.exe
C:\Windows\Temp\w1h3w.exe
C:\Windows\Temp\xgy1k4k.exe
C:\Windows\Temp\fsbiidv.exe
C:\Users\burak\AppData\Local\Temp\1\gdi32.exe
C:\Users\burak\AppData\Local\Temp\1\winamp.exe
C:\Windows\Temp\m45l6.exe
C:\Windows\Temp\fwrt2xc.exe
C:\Windows\Temp\ikwqpx.exe
C:\Windows\Temp\rdqj6v827.exe
C:\Users\burak\AppData\Local\Temp\1\setup.exe
C:\Windows\Temp\cpd2et.exe
C:\Users\burak\AppData\Local\Temp\1\win16.exe
C:\Windows\Temp\evlg0dnf.exe
C:\Windows\Temp\hhko2.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\burak\AppData\Local\Temp\1\taskmgr.exe
C:\Windows\Temp\eommh.exe
C:\Windows\Temp\rseo5ter.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\burak\AppData\Local\Temp\1\drweb.exe
C:\Users\burak\AppData\Local\Temp\1\iexplarer.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\burak\AppData\Local\Temp\1\spoolsv.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\burak\AppData\Local\Temp\1\win32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\Temp\drweb.exe
C:\Windows\Temp\win.exe
C:\Windows\Temp\install.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\burak2\AppData\Local\Temp\3\setup.exe
C:\Windows\system32\sppsvc.exe
C:\Users\burak\AppData\Local\Temp\1\wininst.exe
C:\Users\burak\AppData\Local\Temp\1\avp.exe
C:\Users\burak\AppData\Local\Temp\1\user.exe
C:\Users\burak\AppData\Local\Temp\1\login.exe
C:\Users\burak\AppData\Local\Temp\2\sysedit.exe
C:\Windows\Temp\avp32.exe
C:\Users\burak\WINDOWS\avp32.exe
C:\Windows\Temp\nvsvc32.exe
C:\Windows\gdi32.exe
C:\Users\burak\AppData\Local\Temp\2\iexplarer.exe
C:\Users\burak\WINDOWS\user.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\burak\AppData\Local\Temp\2\nvsvc32.exe
C:\Users\burak\AppData\Local\Temp\2\login.exe
C:\Users\burak\AppData\Local\Temp\1\mdm.exe
C:\Users\burak\AppData\Local\Temp\2\user.exe
C:\Windows\Temp\ltm73l5is.exe
C:\Users\burak\WINDOWS\nvsvc32.exe
C:\Windows\Temp\f8ey9jwqm.exe
C:\Users\burak\WINDOWS\spoolsv.exe
C:\Users\burak\AppData\Local\Temp\1\sysedit.exe
C:\Windows\sysedit.exe
C:\Users\burak\WINDOWS\avp.exe
C:\Users\burak\AppData\Local\Temp\2\win16.exe
C:\Users\burak\AppData\Local\Temp\2\avp.exe
C:\Users\burak\AppData\Local\Temp\1\win.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\Temp\r7e144.exe
C:\Users\burak\WINDOWS\winamp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\spoolsv.exe
C:\Windows\debug.exe
C:\Users\burak2\WINDOWS\hexdump.exe
C:\Windows\winamp.exe
"C:\Users\burak2\AppData\Local\Temp\3\svchost.exe"
C:\Windows\avp.exe
C:\Users\burak\WINDOWS\win.exe
C:\Windows\Temp\2166838466.exe
C:\Users\burak\WINDOWS\drweb.exe
C:\Windows\Temp\857992246.exe
C:\Windows\Temp\aiugdlm61.exe
C:\Windows\Temp\uybl890wy0ei0.exe
C:\Windows\Temp\sjci6fvyow.exe
C:\Windows\Temp\skzwwyfo5w.exe
C:\Windows\Temp\w5omkq8r62ce1d.exe
C:\Windows\Temp\1139358339.exe
C:\Windows\Temp\ptjym05rv66trln.exe
C:\Windows\Temp\1716721363.exe
C:\Windows\Temp\p51xeezwlg322wfg.exe
C:\Windows\Temp\cj4agde0gcx.exe
C:\Windows\Temp\1564142636.exe
C:\Users\burak\AppData\Local\Temp\1\system.exe
C:\Windows\Temp\2182177985.exe
C:\Users\burak2\WINDOWS\taskmgr.exe
C:\Users\burak2\AppData\Local\Temp\3\user.exe
C:\Users\burak2\WINDOWS\system.exe
C:\Users\burak2\WINDOWS\taskmgr.exe
C:\Windows\Temp\ojtb9j9ks2m8cbll.exe
C:\Users\burak2\WINDOWS\login.exe
C:\Windows\wininst.exe
C:\Windows\taskmgr.exe
"C:\Windows\svchost.exe"
"C:\Windows\Temp\svchost.exe"
C:\Windows\Temp\gdi32.exe
C:\Windows\Temp\sysedit.exe
C:\Windows\Temp\2037649285.exe
C:\Users\burak2\WINDOWS\win.exe
C:\Windows\mdm.exe
C:\Windows\setup.exe
C:\Windows\install.exe
C:\Windows\Temp\win32.exe
C:\Windows\avp32.exe
C:\Windows\iexplarer.exe
C:\Windows\Temp\wininst.exe
C:\Windows\Temp\win16.exe
C:\Users\burak\WINDOWS\taskmgr.exe
C:\Users\burak\WINDOWS\gdi32.exe
C:\Users\burak\WINDOWS\debug.exe
C:\Windows\Temp\taskmgr.exe
C:\Windows\Temp\login.exe
C:\Windows\Temp\mdm.exe
C:\Users\burak\AppData\Local\Temp\2\win.exe
C:\Users\burak\AppData\Local\Temp\2\gdi32.exe
C:\Users\burak\AppData\Local\Temp\2\hexdump.exe
C:\Users\burak\AppData\Local\Temp\2\winamp.exe
"C:\Users\burak\WINDOWS\svchost.exe"
C:\Users\burak\AppData\Local\Temp\2\avp32.exe
C:\Windows\drweb.exe
C:\Windows\nvsvc32.exe
C:\Users\burak\AppData\Local\Temp\1\hexdump.exe
C:\Windows\Temp\debug.exe
C:\Windows\Temp\spoolsv.exe
C:\Windows\user.exe
C:\Windows\Temp\system.exe
C:\Windows\Temp\setup.exe
C:\Windows\win32.exe
C:\Windows\hexdump.exe
C:\Users\burak\WINDOWS\win32.exe
C:\Windows\win.exe
C:\Users\burak2\AppData\Local\Temp\3\login.exe
C:\Users\burak\AppData\Local\Temp\2\wininst.exe
C:\Users\burak\WINDOWS\sysedit.exe
C:\Users\burak\WINDOWS\mdm.exe
C:\Users\burak\AppData\Local\Temp\2\drweb.exe
C:\Users\burak\WINDOWS\system.exe
C:\Users\burak2\WINDOWS\win16.exe
C:\Users\burak\AppData\Local\Temp\2\taskmgr.exe
C:\Windows\system.exe
C:\Users\burak2\WINDOWS\user.exe
C:\Users\burak2\AppData\Local\Temp\3\iexplarer.exe
C:\Users\burak2\AppData\Local\Temp\3\winamp.exe
C:\Windows\login.exe
C:\Users\burak\WINDOWS\iexplarer.exe
"C:\Users\burak\AppData\Local\Temp\2\svchost.exe"
C:\Users\burak\WINDOWS\install.exe
C:\Users\burak\WINDOWS\hexdump.exe
C:\Users\burak\AppData\Local\Temp\2\spoolsv.exe
C:\Users\burak\AppData\Local\Temp\2\system.exe
C:\Users\burak\AppData\Local\Temp\2\mdm.exe
C:\Users\burak\WINDOWS\setup.exe
C:\Users\burak\AppData\Local\Temp\2\install.exe
C:\Users\burak\WINDOWS\wininst.exe
C:\Users\burak\AppData\Local\Temp\2\setup.exe
C:\Users\burak2\WINDOWS\sysedit.exe
C:\Users\burak2\WINDOWS\nvsvc32.exe
C:\Windows\System32\msdtc.exe
C:\Users\burak2\WINDOWS\debug.exe
C:\Users\burak2\WINDOWS\win32.exe
C:\Users\burak2\WINDOWS\avp32.exe
C:\Users\burak2\WINDOWS\winamp.exe
C:\Users\burak2\AppData\Local\Temp\3\debug.exe
C:\Users\burak2\AppData\Local\Temp\3\hexdump.exe
C:\Users\burak2\WINDOWS\avp.exe
C:\Users\burak2\WINDOWS\spoolsv.exe
C:\Windows\Temp\avp.exe
C:\Users\burak2\AppData\Local\Temp\3\sysedit.exe
C:\Users\burak2\AppData\Local\Temp\3\gdi32.exe
C:\Users\burak2\WINDOWS\drweb.exe
C:\Users\burak2\AppData\Local\Temp\3\win.exe
C:\Users\burak2\AppData\Local\Temp\3\win32.exe
C:\Users\burak2\WINDOWS\gdi32.exe
C:\Users\burak2\AppData\Local\Temp\3\taskmgr.exe
C:\Users\burak2\AppData\Local\Temp\3\system.exe
C:\Users\burak2\WINDOWS\iexplarer.exe
C:\Users\burak2\WINDOWS\wininst.exe
C:\Users\burak2\AppData\Local\Temp\3\avp.exe
C:\Users\burak2\AppData\Local\Temp\3\nvsvc32.exe
C:\Users\burak\WINDOWS\login.exe
C:\Users\burak2\AppData\Local\Temp\3\drweb.exe
C:\Users\burak2\WINDOWS\install.exe
C:\Users\burak2\AppData\Local\Temp\3\avp32.exe
C:\Users\burak2\AppData\Local\Temp\3\install.exe
C:\Users\burak2\AppData\Local\Temp\3\mdm.exe
C:\Users\burak2\WINDOWS\mdm.exe
C:\Users\burak\AppData\Local\Temp\2\win32.exe
C:\Users\burak2\WINDOWS\setup.exe
"C:\Users\burak2\WINDOWS\svchost.exe"
C:\Users\burak2\AppData\Local\Temp\3\spoolsv.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\burak\Desktop\New folder\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = res://iesetup.dll/HardAdmin.htm
uDefault_Page_URL = res://iesetup.dll/HardAdmin.htm
mWinlogon: Userinit=userinit.exe
BHO: C:\Windows\SysWow64\s6cst08eb.dll: {d6ba40a1-a502-59bd-f413-04b03a2c8953} - C:\Windows\SysWow64\s6cst08eb.dll
uRun: [MqmniO] C:\Windows\Temp\xgy1k4k.exe
uRun: [uPc+kt0NQBaGuo] rundll32.exe C:\Windows\system32\x87l713.dll, SystemServer
uRun: [uPc+kt0NcAaXms] rundll32.exe C:\Windows\system32\rn51i8.dll, SystemServer
uRun: [uPc+kt0NjPkaXms] rundll32.exe C:\Windows\system32\bgid2v0wty.dll, SystemServer
uRun: [uPc+kt0NrRaGuo] rundll32.exe C:\Windows\system32\hpziw52.dll, SystemServer
uRun: [uPc+kt0NltJJsiv] rundll32.exe C:\Windows\system32\deppqpd2c.dll, SystemServer
uRun: [MqmnsFQ] C:\Windows\Temp\rdqj6v827.exe
uRun: [Mqmnpuc] C:\Windows\Temp\zbfbggvw.exe
uRun: [MqmnQQ] C:\Windows\Temp\m45l6.exe
uRun: [Mqmnve] C:\Windows\Temp\ikwqpx.exe
uRun: [Mqmnugc] C:\Windows\Temp\rseo5ter.exe
uRun: [Mqmnrc] C:\Windows\Temp\eommh.exe
uRun: [MqmnqP] C:\Windows\Temp\hhko2.exe
uRun: [Mqmnrac] C:\Windows\Temp\evlg0dnf.exe
uRun: [MqmnQg] C:\Windows\Temp\w1h3w.exe
uRun: [Mqmnpc] C:\Windows\Temp\fsbiidv.exe
uRun: [Mqmnab] C:\Windows\Temp\cpd2et.exe
uRun: [uPc+kt0NbcaGuo] rundll32.exe C:\Windows\system32\s1n6euc.dll, SystemServer
uRun: [uPc+kt0NrNJsiv] rundll32.exe C:\Windows\system32\nykj9.dll, SystemServer
uRun: [uPc+kt0NLvaGuo] rundll32.exe C:\Windows\system32\j62qnql.dll, SystemServer
uRun: [uPc+kt0NnkaGuo] rundll32.exe C:\Windows\system32\bhweded.dll, SystemServer
uRun: [uPc+kt0NeQaGuo] rundll32.exe C:\Windows\system32\qy3pa78.dll, SystemServer
uRun: [uPc+kt0NYycaXms] rundll32.exe C:\Windows\system32\c2rgwwtpil.dll, SystemServer
uRun: [uPc+kt0NnhaGuo] rundll32.exe C:\Windows\system32\ddxexr5.dll, SystemServer
uRun: [MqmnqQc] C:\Windows\Temp\ionc04bz.exe
uRun: [Mqmnsfc] C:\Windows\Temp\qduff6pq.exe
uRun: [MqmnTAc] C:\Windows\Temp\xu012c95.exe
uRun: [MqmnSYg] C:\Windows\Temp\vc79d6fbv.exe
uRun: [MqmnaP] C:\Windows\Temp\ccm61.exe
uRun: [Mqmnzi+] C:\Windows\Temp\zsrmuyb915.exe
uRun: [Mqmnwvc] C:\Windows\Temp\tqnoqmvk.exe
uRun: [uPc+kt0NlRDaXms] rundll32.exe C:\Windows\system32\ccus48g5y3.dll, SystemServer
uRun: [{56C1F9BC-10FC-2C91-14D3-716AB53CD6E8}] C:\Users\burak\AppData\Roaming\Eshuy\tiudu.exe
uRun: [uPc+kt0NlkcJsiv] rundll32.exe C:\Windows\system32\lkcts1ypq.dll, SystemServer
uRun: [uPc+kt0NMUaGuo] rundll32.exe C:\Windows\system32\h57t53v.dll, SystemServer
uRun: [uPc+kt0NaNJsiv] rundll32.exe C:\Windows\system32\e3u4n.dll, SystemServer
uRun: [uPc+kt0No3cCxl] rundll32.exe C:\Windows\system32\erovxzuu.dll, SystemServer
uRun: [uPc+kt0NpQaGuo] rundll32.exe C:\Windows\system32\xhhv1d5.dll, SystemServer
uRun: [uPc+kt0NafPaXms] rundll32.exe C:\Windows\system32\r2k6zhelo6.dll, SystemServer
uRun: [uPc+kt0NbNeJsiv] rundll32.exe C:\Windows\system32\l3r0em4ts.dll, SystemServer
uRun: [uPc+kt0NnfJsiv] rundll32.exe C:\Windows\system32\jcvrz.dll, SystemServer
uRun: [uPc+kt0NWfaCxl] rundll32.exe C:\Windows\system32\ge1oc7tm.dll, SystemServer
uRun: [uPc+kt0NkuOJsiv] rundll32.exe C:\Windows\system32\ehjgpky3v.dll, SystemServer
uRun: [MqmnwO] C:\Windows\Temp\fwrt2xc.exe
uRun: [MqmnhPf] C:\Windows\Temp\ltm73l5is.exe
uRun: [uPc+kt0NVgaGuo] rundll32.exe C:\Windows\system32\ai1k8oo.dll, SystemServer
uRun: [MqmnP+] C:\Windows\Temp\r7e144.exe
uRun: [Mqmnfie] C:\Windows\Temp\f8ey9jwqm.exe
uRun: [Mquuf] C:\Windows\spoolsv.exe
uRun: [Mqmnsb] C:\Windows\Temp\drweb.exe
uRun: [Mqug] C:\Windows\smss.exe
uRun: [Mqqoc] C:\Windows\debug.exe
uRun: [Mqmnuf] C:\Windows\Temp\csrss.exe
uRun: [Mqmnxc] C:\Windows\Temp\smss.exe
uRun: [LvpahfngWxb] C:\Users\burak\AppData\Local\Temp\1\sysedit.exe
uRun: [Mqvpe] C:\Windows\winamp.exe
uRun: [MqmneP] C:\Windows\Temp\avp32.exe
uRun: [Mqpe] C:\Windows\avp.exe
uRun: [LvpfKfa] C:\Users\burak\WINDOWS\win.exe
uRun: [Mqmnz1/ows\Temp\2166838466.exe] C:\Windows\Temp\2166838466.exe
uRun: [LvpfKasc] C:\Users\burak\WINDOWS\drweb.exe
uRun: [LvpahfngW0z+ak\AppData\Local\Temp\2\3916821425.exe] C:\Users\burak\AppData\Local\Temp\2\3916821425.exe
uRun: [Mqmn30Qows\Temp\857992246.exe] C:\Windows\Temp\857992246.exe
uRun: [Mqmn11Qows\Temp\762866805.exe] C:\Windows\Temp\762866805.exe
uRun: [MqmnpcPows\Temp\aiugdlm61.exe] C:\Windows\Temp\aiugdlm61.exe
uRun: [MqmnvGdOws\Temp\uybl890wy0ei0.exe] C:\Windows\Temp\uybl890wy0ei0.exe
uRun: [LvpahfngWzy/ak\AppData\Local\Temp\2\3343450157.exe] C:\Users\burak\AppData\Local\Temp\2\3343450157.exe
uRun: [Mqmny2+ows\Temp\1305657851.exe] C:\Windows\Temp\1305657851.exe
uRun: [Mqmnqieows\Temp\sjci6fvyow.exe] C:\Windows\Temp\sjci6fvyow.exe
uRun: [MqmnzxPows\Temp\skzwwyfo5w.exe] C:\Windows\Temp\skzwwyfo5w.exe
uRun: [MqmnihMKws\Temp\w5omkq8r62ce1d.exe] C:\Windows\Temp\w5omkq8r62ce1d.exe
uRun: [Mqmnz0/ows\Temp\1139358339.exe] C:\Windows\Temp\1139358339.exe
uRun: [MqmnxRVews\Temp\ptjym05rv66trln.exe] C:\Windows\Temp\ptjym05rv66trln.exe
uRun: [Mqmnzz/ows\Temp\1716721363.exe] C:\Windows\Temp\1716721363.exe
uRun: [MqmnN0eows\Temp\c6i5wtrum.exe] C:\Windows\Temp\c6i5wtrum.exe
uRun: [MqmnTuOdcs\Temp\p51xeezwlg322wfg.exe] C:\Windows\Temp\p51xeezwlg322wfg.exe
uRun: [MqmnYYcows\Temp\cj4agde0gcx.exe] C:\Windows\Temp\cj4agde0gcx.exe
uRun: [Mqmnimqcws\Temp\hvu7brdazfgalt.exe] C:\Windows\Temp\hvu7brdazfgalt.exe
uRun: [Mqmnz1Aows\Temp\2037649285.exe] C:\Windows\Temp\2037649285.exe
uRun: [LvpfKcuc] C:\Users\burak\WINDOWS\lsass.exe
uRun: [MqsZ] C:\Windows\mdm.exe
uRun: [Mqmnxb] C:\Windows\Temp\sysedit.exe
uRun: [Mqmntg] C:\Windows\Temp\wininst.exe
uRun: [LvpfKaoc] C:\Users\burak\WINDOWS\debug.exe
uRun: [Mquse] C:\Windows\svchost.exe
uRun: [LvpfKerb] C:\Users\burak\WINDOWS\taskmgr.exe
uRun: [Mqrta] C:\Windows\install.exe
uRun: [LvpfKbMc] C:\Users\burak\WINDOWS\gdi32.exe
uRun: [Mqvsc] C:\Windows\winlogon.exe
uRun: [MqpSc] C:\Windows\avp32.exe
uRun: [Mqurb] C:\Windows\taskmgr.exe
uRun: [Mqmnqe] C:\Windows\Temp\login.exe
uRun: [Mqvre] C:\Windows\wininst.exe
uRun: [Mquvc] C:\Windows\setup.exe
uRun: [Mqmnsd] C:\Windows\Temp\taskmgr.exe
uRun: [MqmnfQ] C:\Windows\Temp\win16.exe
uRun: [MqmnZP] C:\Windows\Temp\gdi32.exe
uRun: [LvpahfngWf] C:\Users\burak\AppData\Local\Temp\2\win.exe
uRun: [Mqmnb] C:\Windows\Temp\mdm.exe
uRun: [Mqruqc] C:\Windows\iexplarer.exe
uRun: [Mque] C:\Windows\user.exe
uRun: [LvpahfngWZP] C:\Users\burak\AppData\Local\Temp\2\gdi32.exe
uRun: [LvpahfngWrc] C:\Users\burak\AppData\Local\Temp\2\winamp.exe
uRun: [Mqqyc] C:\Windows\csrss.exe
uRun: [LvpahfngWqg] C:\Users\burak\AppData\Local\Temp\1\hexdump.exe
uRun: [LvpahfngWeP] C:\Users\burak\AppData\Local\Temp\2\avp32.exe
uRun: [Mqqsc] C:\Windows\drweb.exe
uRun: [MqmngP] C:\Windows\Temp\win32.exe
uRun: [LvpfKese] C:\Users\burak\WINDOWS\svchost.exe
uRun: [LvpahfngWwe] C:\Users\burak\AppData\Local\Temp\2\setup.exe
uRun: [Mqtw+] C:\Windows\nvsvc32.exe
uRun: [MqvPc] C:\Windows\win32.exe
uRun: [Mqmnusc] C:\Windows\Temp\winlogon.exe
uRun: [LvpahfngWsf] C:\Users\burak\AppData\Local\Temp\1\lsass.exe
uRun: [Mqmnwg] C:\Windows\Temp\spoolsv.exe
uRun: [Mqmn0Z] C:\Windows\Temp\system.exe
uRun: [Mquta] C:\Windows\services.exe
uRun: [LvpfKetc] C:\Users\burak\WINDOWS\sysedit.exe
uRun: [LvpfKbuqc] C:\Users\burak\WINDOWS\iexplarer.exe
uRun: [LvpahfngWb] C:\Users\burak\AppData\Local\Temp\2\mdm.exe
uRun: [LvpahfngWwpc] C:\Users\burak\AppData\Local\Temp\2\services.exe
uRun: [LvpfKbtc] C:\Users\burak\WINDOWS\hexdump.exe
uRun: [LvpahfngWtg] C:\Users\burak\AppData\Local\Temp\2\wininst.exe
uRun: [LvpfKexe] C:\Users\burak\WINDOWS\system.exe
uRun: [LvpahfngWsd] C:\Users\burak\AppData\Local\Temp\2\taskmgr.exe
uRun: [Mqrtc] C:\Windows\hexdump.exe
uRun: [LvpfKcZ] C:\Users\burak\WINDOWS\mdm.exe
uRun: [Mqmnoc] C:\Windows\Temp\debug.exe
uRun: [LvpahfngWsb] C:\Users\burak\AppData\Local\Temp\2\drweb.exe
uRun: [LvpfKbta] C:\Users\burak\WINDOWS\install.exe
uRun: [Mqmnwe] C:\Windows\Temp\setup.exe
uRun: [LvpahfngWwg] C:\Users\burak\AppData\Local\Temp\2\spoolsv.exe
uRun: [LvpahfngW0Z] C:\Users\burak\AppData\Local\Temp\2\system.exe
uRun: [LvpfKfPc] C:\Users\burak\WINDOWS\win32.exe
uRun: [LvpahfngWY] C:\Users\burak\AppData\Local\Temp\2\cmd.exe
uRun: [LvpfKevc] C:\Users\burak\WINDOWS\setup.exe
uRun: [LvpfKee] C:\Users\burak\WINDOWS\user.exe
uRun: [LvpahfngWxc] C:\Users\burak\AppData\Local\Temp\2\smss.exe
uRun: [LvpahfngWz9] C:\Users\burak\AppData\Local\Temp\2\nvsvc32.exe
uRun: [LvpahfngWfQ] C:\Users\burak\AppData\Local\Temp\2\win16.exe
uRun: [LvpfKfpe] C:\Users\burak\WINDOWS\winamp.exe
uRun: [LvpahfngWtpf] C:\Users\burak\AppData\Local\Temp\2\iexplarer.exe
uRun: [LvpfKeuf] C:\Users\burak\WINDOWS\spoolsv.exe
uRun: [LvpfKdw+] C:\Users\burak\WINDOWS\nvsvc32.exe
uRun: [LvpfKaZ] C:\Users\burak\WINDOWS\cmd.exe
uRun: [LvpahfngWuf] C:\Users\burak\AppData\Local\Temp\2\csrss.exe
uRun: [LvpahfngWqe] C:\Users\burak\AppData\Local\Temp\2\login.exe
uRun: [LvpfKcrc] C:\Users\burak\WINDOWS\login.exe
uRun: [LvpfKeta] C:\Users\burak\WINDOWS\services.exe
uRun: [LvpfKZSc] C:\Users\burak\WINDOWS\avp32.exe
uRun: [LvpahfngWvZ] C:\Users\burak\AppData\Local\Temp\2\install.exe
uRun: [LvpfKZe] C:\Users\burak\WINDOWS\avp.exe
uRun: [LvpahfngWth] C:\Users\burak\AppData\Local\Temp\2\svchost.exe
uRun: [LvpfKayc] C:\Users\burak\WINDOWS\csrss.exe
uRun: [LvpahfngWvc] C:\Users\burak\AppData\Local\Temp\2\user.exe
uRun: [LvpfKfre] C:\Users\burak\WINDOWS\wininst.exe
uRun: [LvpahfngWd] C:\Users\burak\AppData\Local\Temp\2\avp.exe
uRun: [LvpahfngWusc] C:\Users\burak\AppData\Local\Temp\2\winlogon.exe
uRun: [LvpfKfsc] C:\Users\burak\WINDOWS\winlogon.exe
uRun: [LvpahfngWgP] C:\Users\burak\AppData\Local\Temp\2\win32.exe
uRun: [MqmnY] C:\Windows\Temp\cmd.exe
uRun: [Mqmnwpc] C:\Windows\Temp\services.exe
uRun: [Mqsrc] C:\Windows\login.exe
uRun: [Mqmnvc] C:\Windows\Temp\user.exe
uRun: [Mqmntpf] C:\Windows\Temp\iexplarer.exe
uRun: [Mqmnth] C:\Windows\Temp\svchost.exe
uRun: [Mqva] C:\Windows\win.exe
uRun: [MqmnvZ] C:\Windows\Temp\install.exe
uRun: [Mquxe] C:\Windows\system.exe
uRun: [MqqZ] C:\Windows\cmd.exe
uRun: [Mqmnz9] C:\Windows\Temp\nvsvc32.exe
uRun: [MqrMc] C:\Windows\gdi32.exe
uRun: [Mqmnf] C:\Windows\Temp\win.exe
uRun: [Mqsuc] C:\Windows\lsass.exe
uRun: [Mqutc] C:\Windows\sysedit.exe
uRun: [LvpahfngWoc] C:\Users\burak\AppData\Local\Temp\1\debug.exe
uRun: [LvpWZkfgbqe] C:\Users\burak2\AppData\Local\Temp\3\setup.exe
uRun: [LvpWMVqg] C:\Users\burak2\WINDOWS\hexdump.exe
uRun: [LvpWZkfgbqvc] C:\Users\burak2\AppData\Local\Temp\3\svchost.exe
uRun: [LvpWMVuf] C:\Users\burak2\WINDOWS\csrss.exe
uRun: [LvpWMVusc] C:\Users\burak2\WINDOWS\winlogon.exe
uRun: [LvpWMVsd] C:\Users\burak2\WINDOWS\taskmgr.exe
uRun: [LvpWMV0Z] C:\Users\burak2\WINDOWS\system.exe
uRun: [LvpWMVqe] C:\Users\burak2\WINDOWS\login.exe
uRun: [LvpWZkfgbqf] C:\Users\burak2\AppData\Local\Temp\3\user.exe
uRun: [LvpWMVxc] C:\Users\burak2\WINDOWS\smss.exe
uRun: [LvpWMVf] C:\Users\burak2\WINDOWS\win.exe
uRun: [LvpfKeg] C:\Users\burak\WINDOWS\smss.exe
uRun: [Mqmn0z/ows\Temp\1564142636.exe] C:\Windows\Temp\1564142636.exe
uRun: [LvpWZkfgbna] C:\Users\burak2\AppData\Local\Temp\3\login.exe
uRun: [Mqmnz2Aows\Temp\2182177985.exe] C:\Windows\Temp\2182177985.exe
uRun: [LvpWMVvc] C:\Users\burak2\WINDOWS\user.exe
uRun: [LvpWMVfQ] C:\Users\burak2\WINDOWS\win16.exe
uRun: [LvpWZkfgbora] C:\Users\burak2\AppData\Local\Temp\3\iexplarer.exe
uRun: [LvpWZkfgbqb] C:\Users\burak2\AppData\Local\Temp\3\winamp.exe
uRun: [LvpWMVoc] C:\Users\burak2\WINDOWS\debug.exe
uRun: [LvpWMVxb] C:\Users\burak2\WINDOWS\sysedit.exe
uRun: [LvpWMVz9] C:\Users\burak2\WINDOWS\nvsvc32.exe
uRun: [LvpWMVsf] C:\Users\burak2\WINDOWS\lsass.exe
uRun: [LvpWMVgP] C:\Users\burak2\WINDOWS\win32.exe
uRun: [LvpWMVrc] C:\Users\burak2\WINDOWS\winamp.exe
uRun: [LvpWZkfgbotc] C:\Users\burak2\AppData\Local\Temp\3\hexdump.exe
uRun: [LvpWMVwg] C:\Users\burak2\WINDOWS\spoolsv.exe
uRun: [LvpWMVsb] C:\Users\burak2\WINDOWS\drweb.exe
uRun: [LvpWMVeP] C:\Users\burak2\WINDOWS\avp32.exe
uRun: [LvpWZkfgbupc] C:\Users\burak2\AppData\Local\Temp\3\sysedit.exe
uRun: [Mqmnd] C:\Windows\Temp\avp.exe
uRun: [LvpWZkfgbhb] C:\Users\burak2\AppData\Local\Temp\3\debug.exe
uRun: [LvpWZkfgbk+] C:\Users\burak2\AppData\Local\Temp\3\gdi32.exe
uRun: [LvpWMVd] C:\Users\burak2\WINDOWS\avp.exe
uRun: [LvpWMVZP] C:\Users\burak2\WINDOWS\gdi32.exe
uRun: [LvpWZkfgbud] C:\Users\burak2\AppData\Local\Temp\3\system.exe
uRun: [LvpWZkfgbqc] C:\Users\burak2\AppData\Local\Temp\3\win.exe
uRun: [LvpWMVtg] C:\Users\burak2\WINDOWS\wininst.exe
uRun: [LvpWZkfgbpsc] C:\Users\burak2\AppData\Local\Temp\3\taskmgr.exe
uRun: [MqmnrRSncs\Temp\ojtb9j9ks2m8cbll.exe] C:\Windows\Temp\ojtb9j9ks2m8cbll.exe
uRun: [LvpWZkfgbsPc] C:\Users\burak2\AppData\Local\Temp\3\nvsvc32.exe
uRun: [LvpWZkfgbq+] C:\Users\burak2\AppData\Local\Temp\3\win32.exe
uRun: [LvpWMVtpf] C:\Users\burak2\WINDOWS\iexplarer.exe
uRun: [LvpWZkfgboc] C:\Users\burak2\AppData\Local\Temp\3\avp.exe
uRun: [LvpWZkfgbne] C:\Users\burak2\AppData\Local\Temp\3\lsass.exe
uRun: [LvpWZkfgbkc] C:\Users\burak2\AppData\Local\Temp\3\cmd.exe
uRun: [LvpWMVwpc] C:\Users\burak2\WINDOWS\services.exe
uRun: [LvpWMVvZ] C:\Users\burak2\WINDOWS\install.exe
uRun: [LvpWZkfgbrf] C:\Users\burak2\AppData\Local\Temp\3\smss.exe
uRun: [LvpWZkfgbqW] C:\Users\burak2\AppData\Local\Temp\3\drweb.exe
uRun: [LvpWZkfgbo+] C:\Users\burak2\AppData\Local\Temp\3\avp32.exe
uRun: [LvpWZkfgbppf] C:\Users\burak2\AppData\Local\Temp\3\services.exe
uRun: [LvpWZkfgbmc] C:\Users\burak2\AppData\Local\Temp\3\mdm.exe
uRun: [LvpWZkfgbqse] C:\Users\burak2\AppData\Local\Temp\3\winlogon.exe
uRun: [LvpWZkfgbprc] C:\Users\burak2\AppData\Local\Temp\3\install.exe
uRun: [LvpWMVY] C:\Users\burak2\WINDOWS\cmd.exe
uRun: [LvpWMVb] C:\Users\burak2\WINDOWS\mdm.exe
uRun: [LvpWZkfgbpe] C:\Users\burak2\AppData\Local\Temp\3\csrss.exe
uRun: [LvpWMVth] C:\Users\burak2\WINDOWS\svchost.exe
uRun: [LvpWMVwe] C:\Users\burak2\WINDOWS\setup.exe
uRun: [LvpWZkfgbrxc] C:\Users\burak2\AppData\Local\Temp\3\spoolsv.exe
mRun: [Mqmnsfc] C:\Windows\Temp\qduff6pq.exe
mRun: [MqmnqQc] C:\Windows\Temp\ionc04bz.exe
mRun: [MqmnSYg] C:\Windows\Temp\vc79d6fbv.exe
mRun: [MqmnaP] C:\Windows\Temp\ccm61.exe
mRun: [Mqmnzi+] C:\Windows\Temp\zsrmuyb915.exe
mRun: [Mqmnwvc] C:\Windows\Temp\tqnoqmvk.exe
mRun: [MqmnTAc] C:\Windows\Temp\xu012c95.exe
mRun: [Mqmnvc] C:\Windows\Temp\user.exe
mRun: [uPc+kt0NMUaGuo] rundll32.exe C:\Windows\system32\h57t53v.dll, SystemServer
mRun: [uPc+kt0NrNJsiv] rundll32.exe C:\Windows\system32\nykj9.dll, SystemServer
mRun: [uPc+kt0NLvaGuo] rundll32.exe C:\Windows\system32\j62qnql.dll, SystemServer
mRun: [Mqmntpf] C:\Windows\Temp\iexplarer.exe
mRun: [uPc+kt0NpQaGuo] rundll32.exe C:\Windows\system32\xhhv1d5.dll, SystemServer
mRun: [uPc+kt0NnfJsiv] rundll32.exe C:\Windows\system32\jcvrz.dll, SystemServer
mRun: [uPc+kt0NWfaCxl] rundll32.exe C:\Windows\system32\ge1oc7tm.dll, SystemServer
mRun: [Mqmnpuc] C:\Windows\Temp\zbfbggvw.exe
mRun: [MqmnQg] C:\Windows\Temp\w1h3w.exe
mRun: [MqmniO] C:\Windows\Temp\xgy1k4k.exe
mRun: [Mqmnpc] C:\Windows\Temp\fsbiidv.exe
mRun: [MqmnQQ] C:\Windows\Temp\m45l6.exe
mRun: [MqmnwO] C:\Windows\Temp\fwrt2xc.exe
mRun: [Mqmnve] C:\Windows\Temp\ikwqpx.exe
mRun: [MqmnsFQ] C:\Windows\Temp\rdqj6v827.exe
mRun: [Mqmnab] C:\Windows\Temp\cpd2et.exe
mRun: [Mqmnrac] C:\Windows\Temp\evlg0dnf.exe
mRun: [MqmnqP] C:\Windows\Temp\hhko2.exe
mRun: [Mqmnrc] C:\Windows\Temp\eommh.exe
mRun: [Mqmnugc] C:\Windows\Temp\rseo5ter.exe
mRun: [uPc+kt0NltJJsiv] rundll32.exe C:\Windows\system32\deppqpd2c.dll, SystemServer
mRun: [uPc+kt0NnkaGuo] rundll32.exe C:\Windows\system32\bhweded.dll, SystemServer
mRun: [uPc+kt0NbNeJsiv] rundll32.exe C:\Windows\system32\l3r0em4ts.dll, SystemServer
mRun: [uPc+kt0NcAaXms] rundll32.exe C:\Windows\system32\rn51i8.dll, SystemServer
mRun: [uPc+kt0NrRaGuo] rundll32.exe C:\Windows\system32\hpziw52.dll, SystemServer
mRun: [uPc+kt0NbcaGuo] rundll32.exe C:\Windows\system32\s1n6euc.dll, SystemServer
mRun: [uPc+kt0NeQaGuo] rundll32.exe C:\Windows\system32\qy3pa78.dll, SystemServer
mRun: [uPc+kt0NYycaXms] rundll32.exe C:\Windows\system32\c2rgwwtpil.dll, SystemServer
mRun: [uPc+kt0NnhaGuo] rundll32.exe C:\Windows\system32\ddxexr5.dll, SystemServer
mRun: [uPc+kt0NQBaGuo] rundll32.exe C:\Windows\system32\x87l713.dll, SystemServer
mRun: [uPc+kt0NaNJsiv] rundll32.exe C:\Windows\system32\e3u4n.dll, SystemServer
mRun: [Mqmnsb] C:\Windows\Temp\drweb.exe
mRun: [Mqmnf] C:\Windows\Temp\win.exe
mRun: [MqmnvZ] C:\Windows\Temp\install.exe
mRun: [uPc+kt0NjPkaXms] rundll32.exe C:\Windows\system32\bgid2v0wty.dll, SystemServer
mRun: [uPc+kt0NafPaXms] rundll32.exe C:\Windows\system32\r2k6zhelo6.dll, SystemServer
mRun: [uPc+kt0NlkcJsiv] rundll32.exe C:\Windows\system32\lkcts1ypq.dll, SystemServer
mRun: [LvpWZkfgbqe] C:\Users\burak2\AppData\Local\Temp\3\setup.exe
mRun: [Mqug] C:\Windows\smss.exe
mRun: [LvpahfngWxb] C:\Users\burak\AppData\Local\Temp\1\sysedit.exe
mRun: [Mqmny2+ows\Temp\1305657851.exe] C:\Windows\Temp\1305657851.exe
mRun: [Mqmnuf] C:\Windows\Temp\csrss.exe
mRun: [MqmneP] C:\Windows\Temp\avp32.exe
mRun: [LvpfKZSc] C:\Users\burak\WINDOWS\avp32.exe
mRun: [Mqmnz9] C:\Windows\Temp\nvsvc32.exe
mRun: [MqrMc] C:\Windows\gdi32.exe
mRun: [LvpahfngWtpf] C:\Users\burak\AppData\Local\Temp\2\iexplarer.exe
mRun: [LvpfKee] C:\Users\burak\WINDOWS\user.exe
mRun: [uPc+kt0NlRDaXms] rundll32.exe C:\Windows\system32\ccus48g5y3.dll, SystemServer
mRun: [LvpahfngWz9] C:\Users\burak\AppData\Local\Temp\2\nvsvc32.exe
mRun: [LvpahfngWqe] C:\Users\burak\AppData\Local\Temp\2\login.exe
mRun: [LvpfKaZ] C:\Users\burak\WINDOWS\cmd.exe
mRun: [LvpahfngWvc] C:\Users\burak\AppData\Local\Temp\2\user.exe
mRun: [MqmnhPf] C:\Windows\Temp\ltm73l5is.exe
mRun: [LvpfKdw+] C:\Users\burak\WINDOWS\nvsvc32.exe
mRun: [Mqmnfie] C:\Windows\Temp\f8ey9jwqm.exe
mRun: [Mqsuc] C:\Windows\lsass.exe
mRun: [LvpfKayc] C:\Users\burak\WINDOWS\csrss.exe
mRun: [LvpfKeuf] C:\Users\burak\WINDOWS\spoolsv.exe
mRun: [LvpfKfsc] C:\Users\burak\WINDOWS\winlogon.exe
mRun: [Mqutc] C:\Windows\sysedit.exe
mRun: [LvpfKZe] C:\Users\burak\WINDOWS\avp.exe
mRun: [LvpahfngWfQ] C:\Users\burak\AppData\Local\Temp\2\win16.exe
mRun: [LvpfKeta] C:\Users\burak\WINDOWS\services.exe
mRun: [LvpahfngWd] C:\Users\burak\AppData\Local\Temp\2\avp.exe
mRun: [uPc+kt0NkuOJsiv] rundll32.exe C:\Windows\system32\ehjgpky3v.dll, SystemServer
mRun: [uPc+kt0NVgaGuo] rundll32.exe C:\Windows\system32\ai1k8oo.dll, SystemServer
mRun: [LvpahfngWuf] C:\Users\burak\AppData\Local\Temp\2\csrss.exe
mRun: [LvpahfngWY] C:\Users\burak\AppData\Local\Temp\2\cmd.exe
mRun: [MqmnP+] C:\Windows\Temp\r7e144.exe
mRun: [LvpfKfpe] C:\Users\burak\WINDOWS\winamp.exe
mRun: [LvpahfngWusc] C:\Users\burak\AppData\Local\Temp\2\winlogon.exe
mRun: [Fqazacos] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\ebikunodijipatax.dll",Startup
mRun: [uPc+kt0No3cCxl] rundll32.exe C:\Windows\system32\erovxzuu.dll, SystemServer
mRun: [Mquuf] C:\Windows\spoolsv.exe
mRun: [Mqqoc] C:\Windows\debug.exe
mRun: [Mqmnxc] C:\Windows\Temp\smss.exe
mRun: [LvpWMVqg] C:\Users\burak2\WINDOWS\hexdump.exe
mRun: [Mqvpe] C:\Windows\winamp.exe
mRun: [LvpWZkfgbqvc] C:\Users\burak2\AppData\Local\Temp\3\svchost.exe
mRun: [Mqpe] C:\Windows\avp.exe
mRun: [LvpfKfa] C:\Users\burak\WINDOWS\win.exe
mRun: [Mqmnz1/ows\Temp\2166838466.exe] C:\Windows\Temp\2166838466.exe
mRun: [LvpfKasc] C:\Users\burak\WINDOWS\drweb.exe
mRun: [LvpahfngW0z+ak\AppData\Local\Temp\2\3916821425.exe] C:\Users\burak\AppData\Local\Temp\2\3916821425.exe
mRun: [Mqmn30Qows\Temp\857992246.exe] C:\Windows\Temp\857992246.exe
mRun: [Mqmn11Qows\Temp\762866805.exe] C:\Windows\Temp\762866805.exe
mRun: [MqmnpcPows\Temp\aiugdlm61.exe] C:\Windows\Temp\aiugdlm61.exe
mRun: [MqmnvGdOws\Temp\uybl890wy0ei0.exe] C:\Windows\Temp\uybl890wy0ei0.exe
mRun: [LvpWMVusc] C:\Users\burak2\WINDOWS\winlogon.exe
mRun: [LvpahfngWzy/ak\AppData\Local\Temp\2\3343450157.exe] C:\Users\burak\AppData\Local\Temp\2\3343450157.exe
mRun: [Mqmnqieows\Temp\sjci6fvyow.exe] C:\Windows\Temp\sjci6fvyow.exe
mRun: [LvpWMVuf] C:\Users\burak2\WINDOWS\csrss.exe
mRun: [MqmnzxPows\Temp\skzwwyfo5w.exe] C:\Windows\Temp\skzwwyfo5w.exe
mRun: [MqmnihMKws\Temp\w5omkq8r62ce1d.exe] C:\Windows\Temp\w5omkq8r62ce1d.exe
mRun: [Mqmnz0/ows\Temp\1139358339.exe] C:\Windows\Temp\1139358339.exe
mRun: [MqmnxRVews\Temp\ptjym05rv66trln.exe] C:\Windows\Temp\ptjym05rv66trln.exe
mRun: [Mqmnzz/ows\Temp\1716721363.exe] C:\Windows\Temp\1716721363.exe
mRun: [MqmnTuOdcs\Temp\p51xeezwlg322wfg.exe] C:\Windows\Temp\p51xeezwlg322wfg.exe
mRun: [MqmnN0eows\Temp\c6i5wtrum.exe] C:\Windows\Temp\c6i5wtrum.exe
mRun: [MqmnYYcows\Temp\cj4agde0gcx.exe] C:\Windows\Temp\cj4agde0gcx.exe
mRun: [Mqmn0z/ows\Temp\1564142636.exe] C:\Windows\Temp\1564142636.exe
mRun: [Mqmnz2Aows\Temp\2182177985.exe] C:\Windows\Temp\2182177985.exe
mRun: [Mqmnimqcws\Temp\hvu7brdazfgalt.exe] C:\Windows\Temp\hvu7brdazfgalt.exe
mRun: [LvpWMVsd\burak2\WINDOWS\taskmgr.exe] C:\Users\burak2\WINDOWS\taskmgr.exe
mRun: [LvpWZkfgbqf] C:\Users\burak2\AppData\Local\Temp\3\user.exe
mRun: [LvpWMV0Z] C:\Users\burak2\WINDOWS\system.exe
mRun: [LvpWMVsd] C:\Users\burak2\WINDOWS\taskmgr.exe
mRun: [LvpWMVxc] C:\Users\burak2\WINDOWS\smss.exe
mRun: [MqmnrRSncs\Temp\ojtb9j9ks2m8cbll.exe] C:\Windows\Temp\ojtb9j9ks2m8cbll.exe
mRun: [LvpWMVqe] C:\Users\burak2\WINDOWS\login.exe
mRun: [Mqvre] C:\Windows\wininst.exe
mRun: [Mqurb] C:\Windows\taskmgr.exe
mRun: [Mquse] C:\Windows\svchost.exe
mRun: [Mqvsc] C:\Windows\winlogon.exe
mRun: [Mqmnth] C:\Windows\Temp\svchost.exe
mRun: [MqmnZP] C:\Windows\Temp\gdi32.exe
mRun: [Mqmnxb] C:\Windows\Temp\sysedit.exe
mRun: [Mqmnz1Aows\Temp\2037649285.exe] C:\Windows\Temp\2037649285.exe
mRun: [LvpWMVf] C:\Users\burak2\WINDOWS\win.exe
mRun: [MqsZ] C:\Windows\mdm.exe
mRun: [Mquvc] C:\Windows\setup.exe
mRun: [Mqrta] C:\Windows\install.exe
mRun: [MqmngP] C:\Windows\Temp\win32.exe
mRun: [MqpSc] C:\Windows\avp32.exe
mRun: [Mqruqc] C:\Windows\iexplarer.exe
mRun: [Mqmntg] C:\Windows\Temp\wininst.exe
mRun: [MqmnfQ] C:\Windows\Temp\win16.exe
mRun: [LvpfKerb] C:\Users\burak\WINDOWS\taskmgr.exe
mRun: [LvpfKbMc] C:\Users\burak\WINDOWS\gdi32.exe
mRun: [LvpfKaoc] C:\Users\burak\WINDOWS\debug.exe
mRun: [Mqmnsd] C:\Windows\Temp\taskmgr.exe
mRun: [Mqmnqe] C:\Windows\Temp\login.exe
mRun: [Mqmnb] C:\Windows\Temp\mdm.exe
mRun: [LvpahfngWf] C:\Users\burak\AppData\Local\Temp\2\win.exe
mRun: [Mqqyc] C:\Windows\csrss.exe
mRun: [LvpahfngWZP] C:\Users\burak\AppData\Local\Temp\2\gdi32.exe
mRun: [LvpahfngWqg] C:\Users\burak\AppData\Local\Temp\1\hexdump.exe
mRun: [LvpahfngWrc] C:\Users\burak\AppData\Local\Temp\2\winamp.exe
mRun: [LvpfKese] C:\Users\burak\WINDOWS\svchost.exe
mRun: [LvpahfngWeP] C:\Users\burak\AppData\Local\Temp\2\avp32.exe
mRun: [Mqqsc] C:\Windows\drweb.exe
mRun: [Mqtw+] C:\Windows\nvsvc32.exe
mRun: [Mqmnoc] C:\Windows\Temp\debug.exe
mRun: [Mquta] C:\Windows\services.exe
mRun: [Mqmnwg] C:\Windows\Temp\spoolsv.exe
mRun: [Mque] C:\Windows\user.exe
mRun: [Mqmnusc] C:\Windows\Temp\winlogon.exe
mRun: [Mqmn0Z] C:\Windows\Temp\system.exe
mRun: [Mqmnwe] C:\Windows\Temp\setup.exe
mRun: [MqvPc] C:\Windows\win32.exe
mRun: [Mqrtc] C:\Windows\hexdump.exe
mRun: [Mqmnwpc] C:\Windows\Temp\services.exe
mRun: [LvpfKfPc] C:\Users\burak\WINDOWS\win32.exe
mRun: [MqmnY] C:\Windows\Temp\cmd.exe
mRun: [Mqva] C:\Windows\win.exe
mRun: [LvpfKcuc] C:\Users\burak\WINDOWS\lsass.exe
mRun: [LvpWZkfgbna] C:\Users\burak2\AppData\Local\Temp\3\login.exe
mRun: [LvpahfngWtg] C:\Users\burak\AppData\Local\Temp\2\wininst.exe
mRun: [LvpahfngWwpc] C:\Users\burak\AppData\Local\Temp\2\services.exe
mRun: [LvpfKetc] C:\Users\burak\WINDOWS\sysedit.exe
mRun: [LvpfKcZ] C:\Users\burak\WINDOWS\mdm.exe
mRun: [LvpahfngWsf] C:\Users\burak\AppData\Local\Temp\1\lsass.exe
mRun: [LvpahfngWsb] C:\Users\burak\AppData\Local\Temp\2\drweb.exe
mRun: [LvpfKexe] C:\Users\burak\WINDOWS\system.exe
mRun: [LvpWMVfQ] C:\Users\burak2\WINDOWS\win16.exe
mRun: [LvpahfngWsd] C:\Users\burak\AppData\Local\Temp\2\taskmgr.exe
mRun: [Mquxe] C:\Windows\system.exe
mRun: [LvpWMVvc] C:\Users\burak2\WINDOWS\user.exe
mRun: [LvpWZkfgbora] C:\Users\burak2\AppData\Local\Temp\3\iexplarer.exe
mRun: [LvpWZkfgbqb] C:\Users\burak2\AppData\Local\Temp\3\winamp.exe
mRun: [Mqsrc] C:\Windows\login.exe
mRun: [LvpfKbuqc] C:\Users\burak\WINDOWS\iexplarer.exe
mRun: [LvpahfngWth] C:\Users\burak\AppData\Local\Temp\2\svchost.exe
mRun: [LvpfKbta] C:\Users\burak\WINDOWS\install.exe
mRun: [LvpfKbtc] C:\Users\burak\WINDOWS\hexdump.exe
mRun: [LvpahfngWwg] C:\Users\burak\AppData\Local\Temp\2\spoolsv.exe
mRun: [MqqZ] C:\Windows\cmd.exe
mRun: [LvpahfngW0Z] C:\Users\burak\AppData\Local\Temp\2\system.exe
mRun: [LvpahfngWb] C:\Users\burak\AppData\Local\Temp\2\mdm.exe
mRun: [LvpfKevc] C:\Users\burak\WINDOWS\setup.exe
mRun: [LvpahfngWvZ] C:\Users\burak\AppData\Local\Temp\2\install.exe
mRun: [LvpahfngWxc] C:\Users\burak\AppData\Local\Temp\2\smss.exe
mRun: [LvpfKfre] C:\Users\burak\WINDOWS\wininst.exe
mRun: [LvpahfngWwe] C:\Users\burak\AppData\Local\Temp\2\setup.exe
mRun: [LvpWMVxb] C:\Users\burak2\WINDOWS\sysedit.exe
mRun: [LvpWMVz9] C:\Users\burak2\WINDOWS\nvsvc32.exe
mRun: [LvpWMVoc] C:\Users\burak2\WINDOWS\debug.exe
mRun: [LvpWMVgP] C:\Users\burak2\WINDOWS\win32.exe
mRun: [LvpWMVsf] C:\Users\burak2\WINDOWS\lsass.exe
mRun: [LvpWMVeP] C:\Users\burak2\WINDOWS\avp32.exe
mRun: [LvpWMVrc] C:\Users\burak2\WINDOWS\winamp.exe
mRun: [LvpWZkfgbhb] C:\Users\burak2\AppData\Local\Temp\3\debug.exe
mRun: [LvpWZkfgbotc] C:\Users\burak2\AppData\Local\Temp\3\hexdump.exe
mRun: [LvpWMVd] C:\Users\burak2\WINDOWS\avp.exe
mRun: [LvpWMVwg] C:\Users\burak2\WINDOWS\spoolsv.exe
mRun: [Mqmnd] C:\Windows\Temp\avp.exe
mRun: [LvpWZkfgbupc] C:\Users\burak2\AppData\Local\Temp\3\sysedit.exe
mRun: [LvpWZkfgbk+] C:\Users\burak2\AppData\Local\Temp\3\gdi32.exe
mRun: [LvpWMVsb] C:\Users\burak2\WINDOWS\drweb.exe
mRun: [LvpWZkfgbqc] C:\Users\burak2\AppData\Local\Temp\3\win.exe
mRun: [LvpWZkfgbq+] C:\Users\burak2\AppData\Local\Temp\3\win32.exe
mRun: [LvpWMVZP] C:\Users\burak2\WINDOWS\gdi32.exe
mRun: [LvpWZkfgbpsc] C:\Users\burak2\AppData\Local\Temp\3\taskmgr.exe
mRun: [LvpWZkfgbud] C:\Users\burak2\AppData\Local\Temp\3\system.exe
mRun: [LvpWMVtpf] C:\Users\burak2\WINDOWS\iexplarer.exe
mRun: [LvpWMVtg] C:\Users\burak2\WINDOWS\wininst.exe
mRun: [LvpWZkfgboc] C:\Users\burak2\AppData\Local\Temp\3\avp.exe
mRun: [LvpWZkfgbsPc] C:\Users\burak2\AppData\Local\Temp\3\nvsvc32.exe
mRun: [LvpfKcrc] C:\Users\burak\WINDOWS\login.exe
mRun: [LvpWZkfgbne] C:\Users\burak2\AppData\Local\Temp\3\lsass.exe
mRun: [LvpWMVwpc] C:\Users\burak2\WINDOWS\services.exe
mRun: [LvpWZkfgbkc] C:\Users\burak2\AppData\Local\Temp\3\cmd.exe
mRun: [LvpWZkfgbqW] C:\Users\burak2\AppData\Local\Temp\3\drweb.exe
mRun: [LvpWMVvZ] C:\Users\burak2\WINDOWS\install.exe
mRun: [LvpWZkfgbppf] C:\Users\burak2\AppData\Local\Temp\3\services.exe
mRun: [LvpWZkfgbo+] C:\Users\burak2\AppData\Local\Temp\3\avp32.exe
mRun: [LvpWZkfgbqse] C:\Users\burak2\AppData\Local\Temp\3\winlogon.exe
mRun: [LvpWZkfgbrf] C:\Users\burak2\AppData\Local\Temp\3\smss.exe
mRun: [LvpWZkfgbprc] C:\Users\burak2\AppData\Local\Temp\3\install.exe
mRun: [LvpWZkfgbmc] C:\Users\burak2\AppData\Local\Temp\3\mdm.exe
mRun: [LvpWMVb] C:\Users\burak2\WINDOWS\mdm.exe
mRun: [LvpWMVY] C:\Users\burak2\WINDOWS\cmd.exe
mRun: [LvpahfngWgP] C:\Users\burak\AppData\Local\Temp\2\win32.exe
mRun: [LvpWMVwe] C:\Users\burak2\WINDOWS\setup.exe
mRun: [LvpWMVth] C:\Users\burak2\WINDOWS\svchost.exe
mRun: [LvpWZkfgbpe] C:\Users\burak2\AppData\Local\Temp\3\csrss.exe
mRun: [LvpWZkfgbrxc] C:\Users\burak2\AppData\Local\Temp\3\spoolsv.exe
mRun: [LvpahfngWoc] C:\Users\burak\AppData\Local\Temp\1\debug.exe
mRun: [LvpfKeg] C:\Users\burak\WINDOWS\smss.exe
dRun: [KOO9RV9K4Z] C:\Windows\TEMP\Gki.exe
dRun: [NtWqIVLZEWZU] C:\Windows\TEMP\Gkh.exe
dRun: [Dmaqoc] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\cashni.dll",Startup
dRun: [uPc+kt0No3cCxl] rundll32.exe C:\Windows\system32\erovxzuu.dll, SystemServer
dRun: [MqmPP+] C:\Windows\TEMP\r7e144.exe
dRun: [MqmPth] C:\Windows\TEMP\svchost.exe
dRun: [Mquse] C:\Windows\svchost.exe
dRun: [Mqvre] C:\Windows\wininst.exe
dRun: [Mqvsc] C:\Windows\winlogon.exe
dRun: [Mqurb] C:\Windows\taskmgr.exe
dRun: [MqmPfQ] C:\Windows\TEMP\win16.exe
dRun: [MqmPxb] C:\Windows\TEMP\sysedit.exe
dRun: [MqmPtg] C:\Windows\TEMP\wininst.exe
dRun: [MqmPZP] C:\Windows\TEMP\gdi32.exe
dRun: [Mquvc] C:\Windows\setup.exe
dRun: [exe.exe] C:\Windows\TEMP\exe.exe
dRun: [MqpSc] C:\Windows\avp32.exe
dRun: [MqmPsd] C:\Windows\TEMP\taskmgr.exe
dRun: [MqsZ] C:\Windows\mdm.exe
dRun: [MqmPqe] C:\Windows\TEMP\login.exe
dRun: [Mqrta] C:\Windows\install.exe
dRun: [322861697] C:\Windows\TEMP\322861697.exe
dRun: [Mqqyc] C:\Windows\csrss.exe
dRun: [Mqruqc] C:\Windows\iexplarer.exe
dRun: [MqmPb] C:\Windows\TEMP\mdm.exe
dRun: [MqmPgP] C:\Windows\TEMP\win32.exe
dRun: [uPc+kt0NVgaGuo] rundll32.exe C:\Windows\system32\ai1k8oo.dll, SystemServer
dRun: [MqmPhPf] C:\Windows\TEMP\ltm73l5is.exe
dRun: [uPc+kt0NkuOJsiv] rundll32.exe C:\Windows\system32\ehjgpky3v.dll, SystemServer
dRun: [MqmPfie] C:\Windows\TEMP\f8ey9jwqm.exe
dRun: [Mqtw+] C:\Windows\nvsvc32.exe
dRun: [MqmPoc] C:\Windows\TEMP\debug.exe
dRun: [Mqqsc] C:\Windows\drweb.exe
dRun: [Mque] C:\Windows\user.exe
dRun: [MqmPwe] C:\Windows\TEMP\setup.exe
dRun: [MqmPusc] C:\Windows\TEMP\winlogon.exe
dRun: [Mquta] C:\Windows\services.exe
dRun: [MqmPwg] C:\Windows\TEMP\spoolsv.exe
dRun: [Mqrtc] C:\Windows\hexdump.exe
dRun: [MqmP0Z] C:\Windows\TEMP\system.exe
dRun: [MqvPc] C:\Windows\win32.exe
dRun: [Mqva] C:\Windows\win.exe
dRun: [MqmPvZ] C:\Windows\TEMP\install.exe
dRun: [MqmPY] C:\Windows\TEMP\cmd.exe
dRun: [MqmPwpc] C:\Windows\TEMP\services.exe
dRun: [MqmPz1Aows\TEMP\2037649285.exe] C:\Windows\TEMP\2037649285.exe
dRun: [MqmPqg] C:\Windows\TEMP\w1h3w.exe
dRun: [MqmPvc] C:\Windows\TEMP\user.exe
dRun: [MqmPqP] C:\Windows\TEMP\hhko2.exe
dRun: [uPc+kt0NlRDaXms] rundll32.exe C:\Windows\system32\ccus48g5y3.dll, SystemServer
dRun: [Mquxe] C:\Windows\system.exe
dRun: [Mqsrc] C:\Windows\login.exe
dRun: [Mqsuc] C:\Windows\lsass.exe
dRun: [MqmPtpf] C:\Windows\TEMP\iexplarer.exe
dRun: [MqmPyycows\TEMP\10441440.exe] C:\Windows\TEMP\10441440.exe
dRun: [MqqZ] C:\Windows\cmd.exe
dRun: [MqmPz9] C:\Windows\TEMP\nvsvc32.exe
dRun: [MqmPz1/ows\TEMP\2166838466.exe] C:\Windows\TEMP\2166838466.exe
dRun: [MqrMc] C:\Windows\gdi32.exe
dRun: [MqmPf] C:\Windows\TEMP\win.exe
dRun: [Mqutc] C:\Windows\sysedit.exe
dRun: [uPc+kt0NlkcJsiv] rundll32.exe C:\Windows\system32\lkcts1ypq.dll, SystemServer
dRun: [uPc+kt0NYycaXms] rundll32.exe C:\Windows\system32\c2rgwwtpil.dll, SystemServer
dRun: [MqmPTAc] C:\Windows\TEMP\xu012c95.exe
dRun: [MqmPugc] C:\Windows\TEMP\rseo5ter.exe
dRun: [Mqug] C:\Windows\smss.exe
dRun: [uPc+kt0NnhaGuo] rundll32.exe C:\Windows\system32\ddxexr5.dll, SystemServer
dRun: [Mquuf] C:\Windows\spoolsv.exe
dRun: [MqmPrc] C:\Windows\TEMP\eommh.exe
dRun: [MqmPsb] C:\Windows\TEMP\drweb.exe
dRun: [Mqqoc] C:\Windows\debug.exe
dRun: [MqmPd] C:\Windows\TEMP\avp.exe
dRun: [MqmPpc] C:\Windows\TEMP\fsbiidv.exe
dRun: [uPc+kt0NafPaXms] rundll32.exe C:\Windows\system32\r2k6zhelo6.dll, SystemServer
dRun: [MqmPab] C:\Windows\TEMP\cpd2et.exe
dRun: [uPc+kt0NaNJsiv] rundll32.exe C:\Windows\system32\e3u4n.dll, SystemServer
dRun: [MqmPpuc] C:\Windows\TEMP\i00uuciy.exe
dRun: [MqmPvGdOws\TEMP\uybl890wy0ei0.exe] C:\Windows\TEMP\uybl890wy0ei0.exe
dRun: [uPc+kt0NltJJsiv] rundll32.exe C:\Windows\system32\deppqpd2c.dll, SystemServer
dRun: [uPc+kt0NbNeJsiv] rundll32.exe C:\Windows\system32\l3r0em4ts.dll, SystemServer
dRun: [MqmPiO] C:\Windows\TEMP\xgy1k4k.exe
dRun: [MqmPxc] C:\Windows\TEMP\smss.exe
dRun: [MqmPuf] C:\Windows\TEMP\csrss.exe
dRun: [MqmPqieows\TEMP\sjci6fvyow.exe] C:\Windows\TEMP\sjci6fvyow.exe
dRun: [MqmP11Qows\TEMP\762866805.exe] C:\Windows\TEMP\762866805.exe
dRun: [uPc+kt0NcAaXms] rundll32.exe C:\Windows\system32\rn51i8.dll, SystemServer
dRun: [MqmP30Qows\TEMP\857992246.exe] C:\Windows\TEMP\857992246.exe
dRun: [MqmPQQ] C:\Windows\TEMP\m45l6.exe
dRun: [MqmPaP] C:\Windows\TEMP\ccm61.exe
dRun: [uPc+kt0NnkaGuo] rundll32.exe C:\Windows\system32\bhweded.dll, SystemServer
dRun: [MqmPpcPows\TEMP\aiugdlm61.exe] C:\Windows\TEMP\aiugdlm61.exe
dRun: [uPc+kt0NeQaGuo] rundll32.exe C:\Windows\system32\qy3pa78.dll, SystemServer
dRun: [Mqvpe] C:\Windows\winamp.exe
dRun: [uPc+kt0NrRaGuo] rundll32.exe C:\Windows\system32\hpziw52.dll, SystemServer
dRun: [MqmPzi+] C:\Windows\TEMP\zsrmuyb915.exe
dRun: [uPc+kt0NQBaGuo] rundll32.exe C:\Windows\system32\x87l713.dll, SystemServer
dRun: [MqmPqQc] C:\Windows\TEMP\ionc04bz.exe
dRun: [MqmPrac] C:\Windows\TEMP\evlg0dnf.exe
dRun: [MqmPwvc] C:\Windows\TEMP\tqnoqmvk.exe
dRun: [uPc+kt0NrNJsiv] rundll32.exe C:\Windows\system32\nykj9.dll, SystemServer
dRun: [uPc+kt0NWfaCxl] rundll32.exe C:\Windows\system32\ge1oc7tm.dll, SystemServer
dRun: [MqmPihMKws\TEMP\w5omkq8r62ce1d.exe] C:\Windows\TEMP\w5omkq8r62ce1d.exe
dRun: [MqmPSYg] C:\Windows\TEMP\vc79d6fbv.exe
dRun: [MqmPTuOdcs\TEMP\p51xeezwlg322wfg.exe] C:\Windows\TEMP\p51xeezwlg322wfg.exe
dRun: [MqmPeP] C:\Windows\TEMP\avp32.exe
dRun: [MqmPz0/ows\TEMP\1139358339.exe] C:\Windows\TEMP\1139358339.exe
dRun: [MqmPzxPows\TEMP\skzwwyfo5w.exe] C:\Windows\TEMP\skzwwyfo5w.exe
dRun: [MqmPimqcws\TEMP\hvu7brdazfgalt.exe] C:\Windows\TEMP\hvu7brdazfgalt.exe
dRun: [MqmPy2+ows\TEMP\1305657851.exe] C:\Windows\TEMP\1305657851.exe
dRun: [uPc+kt0NLvaGuo] rundll32.exe C:\Windows\system32\j62qnql.dll, SystemServer
dRun: [uPc+kt0NnfJsiv] rundll32.exe C:\Windows\system32\jcvrz.dll, SystemServer
dRun: [MqmPwO] C:\Windows\TEMP\fwrt2xc.exe
dRun: [uPc+kt0NpQaGuo] rundll32.exe C:\Windows\system32\xhhv1d5.dll, SystemServer
dRun: [MqmPve] C:\Windows\TEMP\ikwqpx.exe
dRun: [Mqpe] C:\Windows\avp.exe
dRun: [MqmPYYcows\TEMP\cj4agde0gcx.exe] C:\Windows\TEMP\cj4agde0gcx.exe
dRun: [MqmP0z/ows\TEMP\1564142636.exe] C:\Windows\TEMP\1564142636.exe
dRun: [MqmPzz/ows\TEMP\1716721363.exe] C:\Windows\TEMP\1716721363.exe
dRun: [MqmPxRVews\TEMP\ptjym05rv66trln.exe] C:\Windows\TEMP\ptjym05rv66trln.exe
dRun: [uPc+kt0NjPkaXms] rundll32.exe C:\Windows\system32\bgid2v0wty.dll, SystemServer
dRun: [MqmPsfc] C:\Windows\TEMP\qduff6pq.exe
dRun: [MqmPN0eows\TEMP\c6i5wtrum.exe] C:\Windows\TEMP\c6i5wtrum.exe
dRun: [MqmPzz+ows\TEMP\1914242660.exe] C:\Windows\TEMP\1914242660.exe
dRun: [uPc+kt0NbcaGuo] rundll32.exe C:\Windows\system32\s1n6euc.dll, SystemServer
dRun: [MqmPz2Aows\TEMP\2182177985.exe] C:\Windows\TEMP\2182177985.exe
dRun: [MqmPrRSncs\TEMP\ojtb9j9ks2m8cbll.exe] C:\Windows\TEMP\ojtb9j9ks2m8cbll.exe
dRun: [uPc+kt0NMUaGuo] rundll32.exe C:\Windows\system32\h57t53v.dll, SystemServer
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ShowSuperHidden = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll/2000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
TCP: {5337B11F-AC5E-4DD2-8AC4-085E25CD49CA} = 68.87.72.130,68.87.77.130
TCP: {5B4049AD-F343-49A8-BBB0-1053BBC0838A} = 68.87.72.130,68.87.77.130
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 8.0\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 10.0\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli rassfm
mASetup: {A509B1A7-37EF-4b3f-8CFC-4F3A74704073} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iesetup.dll",IEHardenAdmin
mASetup: {A509B1A8-37EF-4b3f-8CFC-4F3A74704073} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iesetup.dll",IEHardenUser

================= FIREFOX ===================

FF - ProfilePath - C:\Users\burak\AppData\Roaming\Mozilla\Firefox\Profiles\9j0decej.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - HiddenExtension: XULRunner: {24988321-00DE-4D47-9DB6-15E822FF471F} - C:\Windows\system32\config\systemprofile\AppData\Local\{24988321-00DE-4D47-9DB6-15E822FF471F}
FF - HiddenExtension: XULRunner: {022B1235-DA84-45EE-BA9C-C631D62A7917} - C:\Users\burak\AppData\Local\{022B1235-DA84-45EE-BA9C-C631D62A7917}
FF - HiddenExtension: XULRunner: {A069C95B-44CB-4ED4-88FA-4CD6982672A0} - C:\Users\burak2\AppData\Local\{A069C95B-44CB-4ED4-88FA-4CD6982672A0}\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 hvboot;Hypervisor/Virtual Machine Support Driver;C:\Windows\System32\drivers\hvboot.sys [2009-7-13 118864]
R2 DynDNS Updater;DynDNS Updater;C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe [2010-4-16 103800]
R2 ftpsvc;Microsoft FTP Service;C:\Windows\system32\svchost.exe -k ftpsvc [2009-7-13 27136]
R2 GVVIDEO;GVVIDEO;C:\Windows\System32\drivers\GVVideo.sys [2010-9-2 65896]
R2 nvspwmi;Hyper-V Networking Management Service;C:\Windows\system32\svchost -k nvspwmi --> C:\Windows\system32\svchost -k nvspwmi [?]
R2 QuickBooksDB18;QuickBooksDB18;C:\PROGRA~2\Intuit\QUICKB~2.0\QBDBMgrN.exe -hvQuickBooksDB18 --> C:\PROGRA~2\Intuit\QUICKB~2.0\QBDBMgrN.exe -hvQuickBooksDB18 [?]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-7-6 173352]
R2 vhdsvc;Hyper-V Image Management Service;C:\Windows\system32\svchost -k virtsvcs --> C:\Windows\system32\svchost -k virtsvcs [?]
R2 VmHostAgent;Remote Desktop Virtualization Host Agent;C:\Windows\system32\svchost.exe -k NetworkServiceRemoteDesktopHyperVAgent [2009-7-13 27136]
R2 vmms;Hyper-V Virtual Machine Management;C:\Windows\System32\vmms.exe [2009-7-13 4492288]
R3 GVAUDIO;GVAUDIO;C:\Windows\System32\drivers\GVAudio.sys [2010-9-2 25320]
R3 IntelS61;Intel® 536EP Modem;C:\Windows\System32\drivers\IntelS61.sys [2010-9-7 1338624]
R3 passthruparser;PassthroughParser;C:\Windows\System32\drivers\passthruparser.sys [2009-7-14 20480]
R3 QuickBooksDB20;QuickBooksDB20;C:\PROGRA~2\Intuit\QUICKB~1.0\QBDBMgrN.exe -hvQuickBooksDB20 --> C:\PROGRA~2\Intuit\QUICKB~1.0\QBDBMgrN.exe -hvQuickBooksDB20 [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
R3 storvsp;storvsp;C:\Windows\System32\drivers\storvsp.sys [2009-7-14 121856]
R3 vhdparser;vhdparser;C:\Windows\System32\drivers\vhdparser.sys [2009-7-14 17408]
R3 Vid;Vid;C:\Windows\System32\drivers\Vid.sys [2010-9-8 182272]
R3 VMSMP;VMSMP;C:\Windows\System32\drivers\vmswitch.sys [2009-7-14 406016]
S0 sacdrv;sacdrv;C:\Windows\System32\drivers\sacdrv.sys [2009-7-13 96320]
S3 FCRegSvc;Microsoft Fibre Channel Platform Registration Service;C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-9-6 30192]
S3 ioatdma;Intel® QuickData Technology Device;C:\Windows\System32\drivers\qd260x64.sys [2009-6-10 35328]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSoPProv;Resultant Set of Policy Provider;C:\Windows\System32\rsopprov.exe [2009-7-13 91648]
S3 sacsvr;Special Administration Console Helper;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 VMSP;VMSP;C:\Windows\System32\drivers\vmswitch.sys [2009-7-14 406016]

=============== Created Last 30 ================

2010-10-19 21:25:30 -------- d-----w- C:\KAV
2010-10-19 21:03:03 -------- d-----w- C:\Windows\pss
2010-10-19 20:49:46 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files
2010-10-19 18:10:18 -------- d-----w- C:\Users\burak\AppData\Roaming\Weox
2010-10-19 18:10:18 -------- d-----w- C:\Users\burak\AppData\Roaming\Ukamec
2010-10-19 18:10:15 -------- d-----w- C:\Users\burak\AppData\Roaming\Yvfo
2010-10-19 18:10:15 -------- d-----w- C:\Users\burak\AppData\Roaming\Cayss
2010-10-19 18:01:24 30000 ----a-w- C:\Windows\SysWow64\h57t53v.dll
2010-10-19 18:01:24 30000 ----a-w- C:\Windows\SysWow64\btt4v9.dll
2010-10-19 18:00:25 30000 ----a-w- C:\Windows\SysWow64\s1n6euc.dll
2010-10-19 18:00:25 30000 ----a-w- C:\Windows\SysWow64\kvkzu2yxbb.dll
2010-10-19 17:59:59 30000 ----a-w- C:\Windows\SysWow64\w5vodratf0.dll
2010-10-19 17:59:59 30000 ----a-w- C:\Windows\SysWow64\bgid2v0wty.dll
2010-10-19 17:59:38 30000 ----a-w- C:\Windows\SysWow64\xx5ry1ph.dll
2010-10-19 17:59:38 30000 ----a-w- C:\Windows\SysWow64\xhhv1d5.dll
2010-10-19 17:59:38 30000 ----a-w- C:\Windows\SysWow64\jcvrz.dll
2010-10-19 17:59:38 30000 ----a-w- C:\Windows\SysWow64\e0k2iiscw.dll
2010-10-19 17:59:24 30000 ----a-w- C:\Windows\SysWow64\ojm78vwc.dll
2010-10-19 17:59:24 30000 ----a-w- C:\Windows\SysWow64\j62qnql.dll
2010-10-19 17:59:07 30000 ----a-w- C:\Windows\SysWow64\ira3a26c.dll
2010-10-19 17:59:07 30000 ----a-w- C:\Windows\SysWow64\ge1oc7tm.dll
2010-10-19 17:57:51 30000 ----a-w- C:\Windows\SysWow64\ddxexr5.dll
2010-10-19 17:57:51 30000 ----a-w- C:\Windows\SysWow64\a7bzo.dll
2010-10-19 17:57:46 30000 ----a-w- C:\Windows\SysWow64\t5s1v.dll
2010-10-19 17:57:46 30000 ----a-w- C:\Windows\SysWow64\c2rgwwtpil.dll
2010-10-19 17:57:45 30000 ----a-w- C:\Windows\SysWow64\t5yzfy3z.dll
2010-10-19 17:57:45 30000 ----a-w- C:\Windows\SysWow64\lkcts1ypq.dll
2010-10-19 16:14:09 21636 ---h--w- C:\Windows\spoolsv.exe
2010-10-19 16:14:08 60004 ---h--w- C:\Windows\debug.exe
2010-10-19 14:26:52 60004 ---h--w- C:\Windows\avp.exe
2010-10-19 12:54:06 60004 ---h--w- C:\Windows\win16.exe
2010-10-19 12:54:05 60004 ---h--w- C:\Windows\smss.exe
2010-10-19 12:43:43 21636 ---h--w- C:\Windows\winamp.exe
2010-10-19 07:41:57 21636 ---h--w- C:\Windows\sysedit.exe
2010-10-19 06:34:31 21636 ---h--w- C:\Windows\gdi32.exe
2010-10-19 05:57:13 21636 ---h--w- C:\Windows\cmd.exe
2010-10-19 04:37:50 21636 ---h--w- C:\Windows\lsass.exe
2010-10-19 04:37:49 60004 ---h--w- C:\Windows\system.exe
2010-10-19 04:37:49 21636 ---h--w- C:\Windows\login.exe
2010-10-19 04:37:42 30000 ----a-w- C:\Windows\SysWow64\juxfj.dll
2010-10-19 04:37:42 30000 ----a-w- C:\Windows\SysWow64\ccus48g5y3.dll
2010-10-19 02:28:58 21636 ---h--w- C:\Windows\win.exe
2010-10-19 02:18:37 21636 ---h--w- C:\Windows\win32.exe
2010-10-19 02:18:36 21636 ---h--w- C:\Windows\hexdump.exe
2010-10-19 02:01:03 60004 ---h--w- C:\Windows\services.exe
2010-10-19 02:01:01 60004 ---h--w- C:\Windows\user.exe
2010-10-19 02:00:53 21636 ---h--w- C:\Windows\drweb.exe
2010-10-19 02:00:50 60004 ---h--w- C:\Windows\nvsvc32.exe
2010-10-19 02:00:47 30000 ----a-w- C:\Windows\SysWow64\ehjgpky3v.dll
2010-10-19 02:00:47 30000 ----a-w- C:\Windows\SysWow64\ebm6u.dll
2010-10-19 02:00:46 30000 ----a-w- C:\Windows\SysWow64\hqrc4asq8.dll
2010-10-19 02:00:46 30000 ----a-w- C:\Windows\SysWow64\ai1k8oo.dll
2010-10-18 15:23:44 0 ----a-w- C:\Users\burak\AppData\Local\Rbojokog.bin
2010-10-18 15:23:36 -------- d-----w- C:\Users\burak\AppData\Local\{022B1235-DA84-45EE-BA9C-C631D62A7917}
2010-10-18 03:50:01 21636 ---h--w- C:\Windows\iexplarer.exe
2010-10-18 03:50:00 21636 ---h--w- C:\Windows\csrss.exe
2010-10-18 02:10:03 21636 ---h--w- C:\Windows\install.exe
2010-10-18 02:10:02 21636 ---h--w- C:\Windows\mdm.exe
2010-10-18 02:10:00 21636 ---h--w- C:\Windows\avp32.exe
2010-10-18 02:01:44 21636 ---h--w- C:\Windows\setup.exe
2010-10-18 02:01:42 60004 ---h--w- C:\Windows\winlogon.exe
2010-10-18 02:01:42 60004 ---h--w- C:\Windows\taskmgr.exe
2010-10-18 02:01:42 21636 ---h--w- C:\Windows\wininst.exe
2010-10-18 02:01:42 -------- d-----w- C:\PROGRA~3\Update
2010-10-18 02:01:41 21636 ---h--w- C:\Windows\svchost.exe
2010-10-18 02:01:34 30000 ----a-w- C:\Windows\SysWow64\jtf8q3.dll
2010-10-18 02:01:34 30000 ----a-w- C:\Windows\SysWow64\erovxzuu.dll
2010-10-18 02:01:34 -------- d-----w- C:\Users\burak\AppData\Roaming\Eshuy
2010-10-18 02:01:34 -------- d-----w- C:\Users\burak\AppData\Roaming\Axquo
2010-10-07 20:53:40 -------- d-----w- C:\Program Files (x86)\DynDNS Updater
2010-10-07 20:53:40 -------- d-----w- C:\PROGRA~3\DynDNS
2010-10-02 16:15:47 -------- d-----w- C:\Windows\System32\restore
2010-09-29 08:00:11 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-09-28 22:58:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-28 22:58:34 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-28 22:58:31 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-09-28 22:58:31 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-09-20 05:23:20 -------- d-----w- C:\Program Files (x86)\FileZilla Server

==================== Find3M ====================

2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

============= FINISH: 16:46:28.65 ===============

Other tool you guys recommended (GRE) I was unable to generate a report from. I have Kaspersky running and found ton of infections but the system does not seem to be fully cleaned.

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 21 October 2010 - 04:07 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:29 AM

Posted 29 October 2010 - 07:06 AM

Hello ch2163

Welcome to BleepingComputer :)
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users