Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

harmfull site connection


  • This topic is locked This topic is locked
6 replies to this topic

#1 carannir

carannir

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 06 August 2011 - 09:26 AM

malwarebytes always says i block a harmfull site connection

ComboFix 11-08-05.03 - NiR 06.08.2011 17:10:23.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1254.90.1055.18.4094.2276 [GMT 3:00]
Running from: c:\users\NiR\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-06 to 2011-08-06 )))))))))))))))))))))))))))))))
.
.
2011-08-05 19:18 . 2011-08-06 14:00 -------- d-----w- c:\program files\Doctus
2011-08-05 16:33 . 2011-07-12 18:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{422165D4-7F63-4ADB-A99B-C88B0D6A2500}\mpengine.dll
2011-08-05 08:23 . 2011-08-05 08:23 -------- d-----w- c:\users\Guest
2011-07-31 17:23 . 2011-07-31 17:23 -------- d-----w- c:\windows\USB Vibration
2011-07-31 17:23 . 2011-07-31 17:23 -------- d-----w- c:\program files (x86)\USB Vibration
2011-07-31 16:21 . 2011-07-31 16:21 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-07-31 15:48 . 2011-07-31 15:48 -------- d-----w- c:\windows\system32\SPReview
2011-07-31 15:47 . 2011-07-31 15:47 -------- d-----w- c:\windows\system32\EventProviders
2011-07-31 15:46 . 2010-11-20 13:43 3584 ----a-w- c:\windows\system32\drivers\tr-TR\tsusbflt.sys.mui
2011-07-31 15:46 . 2010-11-20 13:41 2560 ----a-w- c:\windows\system32\drivers\tr-TR\rdpwd.sys.mui
2011-07-31 15:46 . 2010-11-20 13:40 6144 ----a-w- c:\windows\system32\drivers\tr-TR\rdvgkmd.sys.mui
2011-07-31 15:46 . 2010-11-20 13:33 4096 ----a-w- c:\windows\system32\drivers\tr-TR\tsusbhub.sys.mui
2011-07-31 15:46 . 2010-11-20 13:39 2560 ----a-w- c:\windows\system32\drivers\tr-TR\vwifibus.sys.mui
2011-07-31 15:46 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-31 15:46 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-07-31 15:46 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-07-31 15:44 . 2010-11-20 13:33 75136 ----a-w- c:\windows\system32\drivers\partmgr.sys
2011-07-31 15:43 . 2010-11-20 13:27 47104 ----a-w- c:\windows\system32\wshbth.dll
2011-07-31 15:42 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-07-31 14:58 . 2011-07-31 14:58 -------- d-----w- c:\windows\SysWow64\Wat
2011-07-31 14:58 . 2011-07-31 14:58 -------- d-----w- c:\windows\system32\Wat
2011-07-31 10:06 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-07-31 10:05 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-07-31 10:05 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-07-31 10:05 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-07-31 10:05 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-07-31 10:01 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-07-31 10:01 . 2011-02-19 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2011-07-31 10:01 . 2011-02-19 06:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-07-31 10:01 . 2011-02-19 04:34 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-07-31 10:01 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2011-07-31 10:01 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2011-07-31 10:01 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-07-31 10:01 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-07-31 10:01 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-07-31 10:01 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-07-31 10:00 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-07-31 10:00 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-07-31 10:00 . 2010-11-20 13:26 321024 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-07-31 10:00 . 2010-11-20 12:18 219136 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-07-31 10:00 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-07-31 10:00 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-07-31 10:00 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-07-31 09:58 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-07-31 09:52 . 2009-08-17 16:20 1235968 ----a-w- c:\windows\system32\drivers\viahduaa.sys
2011-07-31 09:52 . 2009-08-17 14:58 529920 ----a-w- c:\windows\system32\VIASysFx.dll
2011-07-31 09:52 . 2009-08-17 11:18 1011712 ----a-w- c:\windows\system32\VIAPropPageExt.dll
2011-07-31 09:52 . 2009-06-01 07:10 242176 ----a-w- c:\windows\system32\Dts2APO.dll
2011-07-31 09:52 . 2009-03-04 13:42 84992 ----a-w- c:\windows\system32\Dts2PropPageExt.dll
2011-07-31 09:52 . 2009-01-19 18:32 76288 ----a-w- c:\windows\system32\ViaMicArrayPropPageExt.dll
2011-07-31 09:52 . 2009-01-19 18:32 193024 ----a-w- c:\windows\system32\ViaMicArrayAPO.dll
2011-07-31 09:52 . 2007-12-04 08:28 86016 ----a-w- c:\windows\system32\nQPropPageExt.dll
2011-07-31 09:52 . 2007-12-04 08:28 82432 ----a-w- c:\windows\system32\nQAPO.dll
2011-07-31 09:52 . 2011-07-31 09:52 -------- d-----w- c:\program files (x86)\VIA
2011-07-31 09:52 . 2007-04-11 12:35 414632 ------w- c:\windows\difxapi.dll
2011-07-31 09:46 . 2011-07-31 09:46 -------- d-----w- c:\windows\Sun
2011-07-30 22:46 . 2011-07-30 22:46 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-07-30 22:44 . 2011-07-30 22:44 -------- d-----w- c:\programdata\Solidshield
2011-07-30 22:44 . 2011-07-30 22:44 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-07-30 22:44 . 2011-07-30 22:44 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-07-30 22:42 . 2011-03-19 12:16 1417216 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2011-07-30 22:42 . 2010-09-22 10:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
2011-07-30 22:42 . 2011-07-30 22:42 -------- d-----w- c:\program files (x86)\BRS
2011-07-30 22:42 . 2011-07-30 22:42 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-07-30 22:42 . 2011-07-30 22:42 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-07-30 22:42 . 2011-07-30 22:42 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-07-30 22:42 . 2011-07-30 22:42 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-07-30 22:42 . 2011-07-30 22:42 -------- d-----w- c:\program files (x86)\OpenAL
2011-07-30 22:42 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmp9158.tmp
2011-07-30 22:32 . 2011-07-30 22:32 -------- d-----w- c:\program files (x86)\Codemasters
2011-07-30 22:26 . 2011-07-30 22:26 -------- d-----w- c:\program files (x86)\Fifa Master
2011-07-30 22:16 . 2011-07-30 22:16 -------- d-----w- c:\program files (x86)\EA Sports
2011-07-30 22:16 . 2008-10-15 03:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-07-30 22:16 . 2008-10-15 03:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2011-07-30 22:16 . 2008-10-15 03:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-07-30 22:16 . 2008-10-15 03:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2011-07-30 22:16 . 2008-10-15 03:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-07-30 22:16 . 2008-10-15 03:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2011-07-30 22:10 . 2009-02-24 15:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2011-07-30 22:10 . 2009-02-24 15:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2011-07-30 22:10 . 2011-07-30 22:11 -------- d-----w- c:\program files (x86)\MagicDisc
2011-07-30 21:52 . 2011-07-30 21:52 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-07-30 21:46 . 2011-07-30 22:02 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-30 21:46 . 2011-07-30 21:46 -------- d-----w- c:\windows\SysWow64\Macromed
2011-07-30 21:45 . 2011-07-12 18:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-30 21:41 . 2011-07-30 21:41 -------- d-----w- c:\windows\tr
2011-07-30 21:34 . 2011-07-30 21:34 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-07-30 21:13 . 2011-07-30 21:29 -------- d-----w- c:\program files (x86)\Windows Live
2011-07-30 21:13 . 2011-07-30 21:13 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F7AFA92-D4A4-492A-8E9F-C1C264560064}\gapaengine.dll
2011-07-30 21:11 . 2011-07-30 21:11 -------- d-----w- c:\program files\Windows Live
2011-07-30 21:11 . 2011-07-30 21:11 -------- d-----w- c:\windows\PCHEALTH
2011-07-30 21:02 . 2011-07-31 10:30 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-07-30 20:51 . 2011-05-04 01:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-07-30 20:51 . 2011-07-30 21:52 -------- d-----w- c:\program files (x86)\Java
2011-07-30 20:51 . 2011-07-30 20:51 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-07-30 20:50 . 2011-07-30 20:51 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-07-30 20:50 . 2011-07-30 20:51 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-30 20:48 . 2011-07-30 20:48 -------- d-----w- c:\programdata\Malwarebytes
2011-07-30 20:48 . 2011-07-06 16:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-30 20:48 . 2011-07-30 20:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-30 20:48 . 2011-07-06 16:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-30 20:48 . 2011-07-30 20:00 -------- d-----w- c:\windows\Panther
2011-07-30 20:47 . 2011-07-30 20:52 -------- d-----w- c:\program files (x86)\JDownloader
2011-07-30 20:45 . 2011-07-30 20:45 -------- d-----w- c:\programdata\Apple
2011-07-30 20:43 . 2011-07-30 20:43 -------- d-----w- c:\program files\Babylon
2011-07-30 20:43 . 2011-07-30 20:43 -------- d-----w- c:\program files (x86)\Babylon
2011-07-30 20:42 . 2011-08-06 13:36 -------- d-----w- c:\programdata\Babylon
2011-07-30 20:35 . 2011-07-30 20:35 -------- d-----w- c:\programdata\ATI
2011-07-30 20:34 . 2011-07-30 20:34 0 ----a-w- c:\windows\ativpsrm.bin
2011-07-30 20:33 . 2011-07-30 20:33 -------- d-----w- c:\program files (x86)\AMD APP
2011-07-30 20:33 . 2011-07-30 20:33 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-07-30 20:33 . 2011-07-30 20:33 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-07-30 20:33 . 2011-07-30 20:33 -------- d-----w- c:\programdata\AMD
2011-07-30 20:33 . 2010-02-18 06:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2011-07-30 20:33 . 2011-07-30 20:33 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-07-30 20:33 . 2011-07-30 20:33 -------- d-----w- c:\program files\ATI
2011-07-30 20:32 . 2011-07-30 20:33 -------- d-----w- c:\program files\ATI Technologies
2011-07-30 20:32 . 2011-07-30 20:32 -------- d-----w- C:\ATI
2011-07-30 20:26 . 2011-07-20 06:44 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51B32F06-FB4F-45D1-9D8E-FD8C2B35507C}\mpengine.dll
2011-07-30 20:26 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-07-30 20:09 . 2009-04-06 07:24 13368 ----a-r- c:\windows\SysWow64\drivers\AsIO.sys
2011-07-30 20:09 . 2006-01-10 08:50 24576 ----a-r- c:\windows\SysWow64\AsIO.dll
2011-07-30 20:09 . 2008-01-04 10:34 11832 ----a-w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2011-07-30 20:09 . 2008-01-04 10:34 10216 ----a-w- c:\windows\SysWow64\drivers\AsInsHelp32.sys
2011-07-30 20:09 . 2011-07-31 17:23 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-31 15:54 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-31 15:54 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-30 21:11 . 2011-03-28 15:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-27 13:23 . 2011-06-27 13:23 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-06-27 13:23 . 2011-06-27 13:23 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-06-27 13:22 . 2011-06-27 13:22 13904896 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-06-16 00:34 . 2011-06-16 00:34 2971648 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-16 00:34 . 2011-06-16 00:34 105984 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-03 05:57 . 2011-07-31 09:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-13 13:03 . 2011-05-13 13:03 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2011-05-13 12:42 . 2011-05-13 12:42 302448 ----a-w- c:\windows\WLXPGSS.SCR
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 336384]
"Babylon Client"="c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe" [2011-06-20 3302512]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 2252800]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\NiR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-7-31 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-07 365568]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Ağ Denetlemesi;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [x]
S3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\Drivers\usbVM303.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: DhcpNameServer = 62.248.80.162 62.248.80.161
FF - ProfilePath - c:\users\NiR\AppData\Roaming\Mozilla\Firefox\Profiles\zawdfmmd.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-HijackThis - c:\program files\Doctus\HijackThis.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3461625995-2885147556-332480049-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3461625995-2885147556-332480049-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe
.
**************************************************************************
.
Completion time: 2011-08-06 17:18:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-06 14:18
.
Pre-Run: 149.960.269.824 bayt boş
Post-Run: 149.922.918.400 bayt boş
.
- - End Of File - - 92622F2BBED28429FF5A76914B86A87E

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19:03, on 05.08.2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Windows\vmsnap3.exe
C:\Windows\Domino.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Doctus\Doctus.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Windows Live ID Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Local Service')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Local Service')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8490 bytes

DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by NiR at 20:26:50 on 2011-08-05
Microsoft Windows 7 Ultimate 6.1.7601.1.1254.90.1055.18.4094.2070 [GMT 3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Windows\vmsnap3.exe
C:\Windows\Domino.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe
C:\Program Files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Windows Live ID Oturum Açma Yardım Aracı: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\NiR\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 62.248.80.162 62.248.80.161
TCP: Interfaces\{9F5E7099-F6B9-4AE7-8F86-B5CF5EA3D61B} : DhcpNameServer = 62.248.80.162 62.248.80.161
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\NiR\AppData\Roaming\Mozilla\Firefox\Profiles\zawdfmmd.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-7 365568]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-30 366640]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Ağ Denetlemesi;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
R3 vvftav303;vvftav303;C:\Windows\system32\drivers\vvftav303.sys --> C:\Windows\system32\drivers\vvftav303.sys [?]
R3 ZSMC0303;A4 TECH PC Camera H;C:\Windows\system32\Drivers\usbVM303.sys --> C:\Windows\system32\Drivers\usbVM303.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-05 16:59:21 -------- d-----w- C:\Users\NiR\AppData\Local\Babylon
2011-08-05 16:59:18 142336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\BabyFox.dll
2011-08-05 16:33:58 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{422165D4-7F63-4ADB-A99B-C88B0D6A2500}\mpengine.dll
2011-08-05 15:56:34 -------- d-----w- C:\Users\NiR\AppData\Local\{8E8C6CA1-8859-43A8-9A63-CAAC8EB4569B}
2011-08-05 15:55:45 -------- d-----w- C:\Users\NiR\AppData\Local\{FD79C22F-45AE-424E-B816-FEF1E077C3A0}
2011-08-05 15:55:32 -------- d-----w- C:\Users\NiR\AppData\Local\{AF52867E-78E0-4E78-A529-67AFF50F72CE}
2011-08-05 15:55:32 -------- d-----w- C:\Users\NiR\AppData\Local\{8DE273F3-B415-401C-B674-FC2CE17ACF39}
2011-07-31 17:23:53 -------- d-----w- C:\Windows\USB Vibration
2011-07-31 17:23:37 634880 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKernel.dll
2011-07-31 17:23:37 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ctor.dll
2011-07-31 17:23:37 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\DotNetInstaller.exe
2011-07-31 17:23:37 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-07-31 17:23:37 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iscript.dll
2011-07-31 17:23:37 151552 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iuser.dll
2011-07-31 17:23:36 270468 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\Setup.dll
2011-07-31 17:23:36 159876 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\IGdi.dll
2011-07-31 17:23:35 -------- d-----w- C:\Program Files (x86)\USB Vibration
2011-07-31 15:48:30 -------- d-----w- C:\Windows\System32\SPReview
2011-07-31 15:47:47 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-31 15:46:13 6144 ----a-w- C:\Windows\System32\drivers\tr-TR\rdvgkmd.sys.mui
2011-07-31 15:46:13 4096 ----a-w- C:\Windows\System32\drivers\tr-TR\tsusbhub.sys.mui
2011-07-31 15:46:13 3584 ----a-w- C:\Windows\System32\drivers\tr-TR\tsusbflt.sys.mui
2011-07-31 15:46:13 2560 ----a-w- C:\Windows\System32\drivers\tr-TR\rdpwd.sys.mui
2011-07-31 15:46:09 2560 ----a-w- C:\Windows\System32\drivers\tr-TR\vwifibus.sys.mui
2011-07-31 15:46:08 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2011-07-31 15:46:08 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-07-31 15:46:02 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-07-31 15:44:59 98304 ----a-w- C:\Program Files\Common Files\System\msadc\msadcs.dll
2011-07-31 15:43:59 47104 ----a-w- C:\Windows\System32\wshbth.dll
2011-07-31 15:42:00 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-07-31 14:58:25 -------- d-----w- C:\Windows\SysWow64\Wat
2011-07-31 14:58:25 -------- d-----w- C:\Windows\System32\Wat
2011-07-31 10:06:55 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-07-31 10:05:42 -------- d-----w- C:\Users\NiR\AppData\Roaming\Windows Live Writer
2011-07-31 10:05:42 -------- d-----w- C:\Users\NiR\AppData\Local\Windows Live Writer
2011-07-31 10:05:24 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-07-31 10:05:24 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-07-31 10:05:23 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-07-31 10:05:23 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-07-31 10:01:45 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-07-31 10:01:45 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-07-31 10:01:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-07-31 10:01:45 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-07-31 10:01:45 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-07-31 10:01:45 100864 ----a-w- C:\Windows\System32\fontsub.dll
2011-07-31 10:01:41 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-07-31 10:01:07 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-07-31 10:01:06 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-07-31 10:01:06 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-07-31 10:00:37 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-07-31 10:00:37 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-07-31 10:00:37 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-07-31 10:00:37 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-07-31 10:00:33 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-07-31 10:00:33 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-07-31 10:00:33 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-07-31 09:58:59 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-07-31 09:52:41 86016 ----a-w- C:\Windows\System32\nQPropPageExt.dll
2011-07-31 09:52:41 84992 ----a-w- C:\Windows\System32\Dts2PropPageExt.dll
2011-07-31 09:52:41 82432 ----a-w- C:\Windows\System32\nQAPO.dll
2011-07-31 09:52:41 76288 ----a-w- C:\Windows\System32\ViaMicArrayPropPageExt.dll
2011-07-31 09:52:41 529920 ----a-w- C:\Windows\System32\VIASysFx.dll
2011-07-31 09:52:41 242176 ----a-w- C:\Windows\System32\Dts2APO.dll
2011-07-31 09:52:41 193024 ----a-w- C:\Windows\System32\ViaMicArrayAPO.dll
2011-07-31 09:52:41 1235968 ----a-w- C:\Windows\System32\drivers\viahduaa.sys
2011-07-31 09:52:41 1011712 ----a-w- C:\Windows\System32\VIAPropPageExt.dll
2011-07-31 09:52:23 414632 ------w- C:\Windows\difxapi.dll
2011-07-31 09:52:23 -------- d-----w- C:\Program Files (x86)\VIA
2011-07-31 09:50:46 -------- d-----w- C:\Users\NiR\AppData\Local\{699701D4-8FCD-4917-99B3-FBC5A2B5DCFB}
2011-07-30 22:44:52 -------- d-----w- C:\ProgramData\Solidshield
2011-07-30 22:44:26 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-07-30 22:44:21 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-07-30 22:42:38 19087360 ----a-w- C:\Windows\SysWow64\mkl_blueripple.dll
2011-07-30 22:42:38 1417216 ----a-w- C:\Windows\SysWow64\rapture3d_oal.dll
2011-07-30 22:42:37 809496 ----a-r- C:\Windows\SysWow64\tmp9158.tmp
2011-07-30 22:42:37 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-07-30 22:42:37 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-07-30 22:42:37 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-07-30 22:42:37 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-07-30 22:42:37 -------- d-----w- C:\Program Files (x86)\OpenAL
2011-07-30 22:42:37 -------- d-----w- C:\Program Files (x86)\BRS
2011-07-30 22:32:39 -------- d-----w- C:\Program Files (x86)\Codemasters
2011-07-30 22:26:54 -------- d-----w- C:\Program Files (x86)\Fifa Master
2011-07-30 22:16:26 -------- d-----w- C:\Program Files (x86)\EA Sports
2011-07-30 22:16:22 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2011-07-30 22:16:22 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2011-07-30 22:16:22 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2011-07-30 22:16:22 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2011-07-30 22:16:21 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2011-07-30 22:16:21 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2011-07-30 22:10:52 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
2011-07-30 22:10:52 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2011-07-30 22:10:51 -------- d-----w- C:\Program Files (x86)\MagicDisc
2011-07-30 21:50:17 -------- d-----w- C:\Users\NiR\AppData\Local\{E286C0A1-A40B-4C5C-9F53-9314CF730A8E}
2011-07-30 21:50:03 -------- d-----w- C:\Users\NiR\Tracing
2011-07-30 21:46:25 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-30 21:45:04 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-30 21:41:08 -------- d-----w- C:\Windows\tr
2011-07-30 21:34:57 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-07-30 21:13:36 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6F7AFA92-D4A4-492A-8E9F-C1C264560064}\gapaengine.dll
2011-07-30 21:11:39 -------- d-----w- C:\Windows\PCHEALTH
2011-07-30 21:07:01 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9fe603d51cc4efc05\DSETUP.dll
2011-07-30 21:07:01 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9fe603d51cc4efc05\DXSETUP.exe
2011-07-30 21:07:01 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9fe603d51cc4efc05\dsetup32.dll
2011-07-30 21:06:01 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7c01c43b1cc4efc04\DSETUP.dll
2011-07-30 21:06:01 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7c01c43b1cc4efc04\DXSETUP.exe
2011-07-30 21:06:01 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7c01c43b1cc4efc04\dsetup32.dll
2011-07-30 21:02:47 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\86b52661cc4efc03\Silverlight.4.0.exe
2011-07-30 20:51:58 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-07-30 20:51:14 -------- d-----w- C:\Users\NiR\AppData\Local\Windows Live
2011-07-30 20:51:13 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-07-30 20:50:54 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-07-30 20:50:36 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-07-30 20:49:15 -------- d-----w- C:\Users\NiR\AppData\Roaming\Malwarebytes
2011-07-30 20:48:19 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-30 20:48:19 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-30 20:48:16 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-30 20:48:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-30 20:48:01 -------- d-----w- C:\Windows\Panther
2011-07-30 20:47:31 -------- d-----w- C:\Program Files (x86)\JDownloader
2011-07-30 20:45:16 -------- d-----w- C:\Windows\SysWow64\directx
2011-07-30 20:43:10 -------- d-----w- C:\Program Files\Babylon
2011-07-30 20:43:10 -------- d-----w- C:\Program Files (x86)\Babylon
2011-07-30 20:42:38 -------- d-----w- C:\Users\NiR\AppData\Roaming\Babylon
2011-07-30 20:42:38 -------- d-----w- C:\ProgramData\Babylon
2011-07-30 20:35:16 -------- d-----w- C:\Users\NiR\AppData\Local\AMD
2011-07-30 20:35:06 -------- d-----w- C:\Users\NiR\AppData\Local\ATI
2011-07-30 20:34:43 0 ----a-w- C:\Windows\ativpsrm.bin
2011-07-30 20:33:54 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-07-30 20:33:51 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-07-30 20:33:51 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-07-30 20:33:42 -------- d-----w- C:\ProgramData\AMD
2011-07-30 20:33:41 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2011-07-30 20:33:26 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-07-30 20:33:23 -------- d-----w- C:\Program Files\ATI
2011-07-30 20:32:50 -------- d-----w- C:\Program Files\ATI Technologies
2011-07-30 20:32:23 -------- d-----w- C:\ATI
2011-07-30 20:26:47 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{51B32F06-FB4F-45D1-9D8E-FD8C2B35507C}\mpengine.dll
2011-07-30 20:26:46 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-07-30 20:09:20 24576 ----a-r- C:\Windows\SysWow64\AsIO.dll
2011-07-30 20:09:20 13368 ----a-r- C:\Windows\SysWow64\drivers\AsIO.sys
2011-07-30 20:09:18 11832 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2011-07-30 20:09:18 10216 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
2011-07-30 20:09:17 -------- d-----w- C:\Program Files (x86)\ASUS
2011-07-30 20:08:44 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-07-30 20:08:44 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-07-30 20:08:44 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-07-30 20:08:44 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-07-30 20:07:53 -------- d-sh--w- C:\Windows\Installer
2011-07-30 20:07:39 -------- d-----w- C:\Users\NiR\AppData\Local\Downloaded Installations
2011-07-12 08:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 08:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 08:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-07-12 08:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-07-12 08:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 08:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-12 08:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-07-12 08:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-07-08 04:15:50 9884672 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-07-08 03:54:26 23385600 ----a-w- C:\Windows\System32\atio6axx.dll
2011-07-08 03:33:28 17940992 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-07-08 03:29:54 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-07-08 03:29:44 689152 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-07-08 03:28:26 814592 ----a-w- C:\Windows\System32\aticfx64.dll
2011-07-08 03:25:48 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-07-08 03:25:38 485376 ----a-w- C:\Windows\System32\atieclxx.exe
2011-07-08 03:25:02 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-07-08 03:23:48 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-07-08 03:23:32 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-07-08 03:23:26 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-07-08 03:23:14 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-07-08 03:23:08 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-07-08 03:23:04 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-07-08 03:22:58 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-07-08 03:19:50 4275712 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-07-08 03:10:38 5072896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-07-08 03:06:10 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-07-08 03:05:46 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-07-08 03:05:34 3848704 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-07-08 03:02:08 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-07-08 03:02:06 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-07-08 03:01:58 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-07-08 03:01:58 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-07-08 03:01:46 8134656 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-07-08 03:00:34 4367360 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-07-08 02:58:52 6740480 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-07-08 02:55:56 4039680 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-07-08 02:54:30 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-07-08 02:54:22 5540864 ----a-w- C:\Windows\System32\atiumd64.dll
2011-07-08 02:47:42 375808 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-07-08 02:47:34 266240 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-07-08 02:47:24 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-07-08 02:47:20 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-07-08 02:47:20 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-07-08 02:47:18 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-07-08 02:47:10 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-07-08 02:47:04 307712 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-07-08 02:46:20 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-07-08 02:46:14 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-07-08 02:46:06 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-07-08 02:45:58 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-07-08 02:45:10 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-07-08 02:41:02 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-07-08 02:41:02 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-07-08 02:40:48 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-07-08 02:40:48 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-07-07 20:37:30 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-07-07 20:37:10 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-07-07 20:36:58 16907776 ----a-w- C:\Windows\System32\amdocl64.dll
.
==================== Find3M ====================
.
2011-07-31 15:54:20 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-31 15:54:20 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-27 13:23:20 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-06-27 13:23:02 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-06-27 13:22:40 13904896 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-06-16 00:34:06 2971648 ----a-w- C:\Windows\System32\SlotMaximizerBe.dll
2011-06-16 00:34:06 105984 ----a-w- C:\Windows\System32\SlotMaximizerAg.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-13 13:03:34 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2011-05-13 12:42:24 302448 ----a-w- C:\Windows\WLXPGSS.SCR
.
============= FINISH: 20:27:05,34 ===============

Edited by hamluis, 06 August 2011 - 10:08 AM.
Merged posts, moved from Am I Infected to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,926 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:36 PM

Posted 12 August 2011 - 10:24 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 carannir

carannir
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 19 August 2011 - 02:31 PM

DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by NiR at 22:29:00 on 2011-08-19
Microsoft Windows 7 Ultimate 6.1.7601.1.1254.90.1055.18.4094.1986 [GMT 3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Windows\vmsnap3.exe
C:\Windows\Domino.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe
C:\Program Files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Oturum Açma Yardım Aracı: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\NiR\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Microsoft Excel'e &Ver - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: OneNote'a G&önder - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 62.248.80.161 62.248.80.162
TCP: Interfaces\{9F5E7099-F6B9-4AE7-8F86-B5CF5EA3D61B} : DhcpNameServer = 62.248.80.161 62.248.80.162
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\NiR\AppData\Roaming\Mozilla\Firefox\Profiles\zawdfmmd.default\
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-7 365568]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-30 366640]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Ağ Denetlemesi;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
R3 vvftav303;vvftav303;C:\Windows\system32\drivers\vvftav303.sys --> C:\Windows\system32\drivers\vvftav303.sys [?]
R3 ZSMC0303;A4 TECH PC Camera H;C:\Windows\system32\Drivers\usbVM303.sys --> C:\Windows\system32\Drivers\usbVM303.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-08-19 17:30:04 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{470CC3CB-F49E-4668-9AD2-5186929D0A18}\mpengine.dll
2011-08-19 16:19:29 -------- d-----w- C:\Users\NiR\AppData\Local\{0EE90F02-2D14-478B-905F-FFC10C5455D9}
2011-08-19 16:19:16 -------- d-----w- C:\Users\NiR\AppData\Local\{CB5B379E-D659-4D2C-8EAA-661E5CBDE536}
2011-08-19 16:18:58 -------- d-----w- C:\Users\NiR\AppData\Local\{C0A8632F-2CEE-400E-9AC0-F49511C3FB2B}
2011-08-14 08:28:17 -------- d-----w- C:\Users\NiR\AppData\Local\{8159DF2B-3513-40E0-B31F-4C8FECAC3F90}
2011-08-14 08:28:04 -------- d-----w- C:\Users\NiR\AppData\Local\{05309902-8CA4-4386-B082-B6D8E09C717D}
2011-08-14 08:27:50 -------- d-----w- C:\Users\NiR\AppData\Local\{03CA76A8-4AC9-42E5-8470-5FA398035DD0}
2011-08-14 08:26:59 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-13 17:12:42 -------- d-----w- C:\ComboFix
2011-08-13 16:47:04 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-08-13 16:47:04 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-08-13 16:47:03 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-08-13 16:34:51 -------- d-----w- C:\Users\NiR\AppData\Local\{2FCB1C1B-394D-4ECD-A46E-B32E41462DFC}
2011-08-13 16:34:34 -------- d-----w- C:\Users\NiR\AppData\Local\{B823E191-9FEE-4E98-9139-AFD7656D7A29}
2011-08-13 16:34:19 -------- d-----w- C:\Users\NiR\AppData\Local\{084A154A-5C1E-4D5A-B460-57873BB5680C}
2011-08-07 20:19:46 -------- d-----w- C:\Users\NiR\AppData\Local\{FA1C69AD-5E10-4AC5-B1D0-55753FD07BF5}
2011-08-07 20:19:30 -------- d-----w- C:\Users\NiR\AppData\Local\{FFD9CF46-AF01-40A0-A425-F768DE498A58}
2011-08-07 13:16:21 -------- d-----w- C:\Program Files (x86)\OTK2010
2011-08-07 13:09:35 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2011-08-07 13:09:17 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2011-08-07 12:58:40 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-08-07 12:54:41 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2011-08-07 12:54:41 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-08-07 12:54:29 -------- d-----w- C:\Users\NiR\AppData\Local\Microsoft Help
2011-08-07 09:56:46 -------- d-----w- C:\Windows\SysWow64\xlive
2011-08-07 09:56:37 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-08-07 09:56:23 809496 ----a-r- C:\Windows\SysWow64\tmp27BE.tmp
2011-08-07 08:18:57 -------- d-----w- C:\Users\NiR\AppData\Local\{736B9B40-F6D2-4F54-B438-A8F5EF19C056}
2011-08-07 08:18:39 -------- d-----w- C:\Users\NiR\AppData\Local\{DA51197F-6163-4191-B13E-26406BE0B6D9}
2011-08-06 19:31:23 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-08-06 14:09:43 98816 ----a-w- C:\Windows\sed.exe
2011-08-06 14:09:43 518144 ----a-w- C:\Windows\SWREG.exe
2011-08-06 14:09:43 256000 ----a-w- C:\Windows\PEV.exe
2011-08-06 14:09:43 208896 ----a-w- C:\Windows\MBR.exe
2011-08-06 13:36:20 -------- d-----w- C:\Users\NiR\AppData\Local\{6C87F7B2-9308-4CDA-AE84-5FE9A6B87769}
2011-08-06 13:36:07 -------- d-----w- C:\Users\NiR\AppData\Local\{E4FE5CE7-9B8F-4BD5-ADFD-4B2CF080D7F0}
2011-08-06 13:35:54 -------- d-----w- C:\Users\NiR\AppData\Local\{DC2827B9-1702-4D16-8F8D-0769CB289475}
2011-08-05 19:18:53 -------- d-----w- C:\Program Files\Doctus
2011-08-05 16:59:21 -------- d-----w- C:\Users\NiR\AppData\Local\Babylon
2011-08-05 16:59:18 142336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\BabyFox.dll
2011-08-05 15:56:34 -------- d-----w- C:\Users\NiR\AppData\Local\{8E8C6CA1-8859-43A8-9A63-CAAC8EB4569B}
2011-08-05 15:55:45 -------- d-----w- C:\Users\NiR\AppData\Local\{FD79C22F-45AE-424E-B816-FEF1E077C3A0}
2011-08-05 15:55:32 -------- d-----w- C:\Users\NiR\AppData\Local\{AF52867E-78E0-4E78-A529-67AFF50F72CE}
2011-08-05 15:55:32 -------- d-----w- C:\Users\NiR\AppData\Local\{8DE273F3-B415-401C-B674-FC2CE17ACF39}
2011-07-31 17:23:53 -------- d-----w- C:\Windows\USB Vibration
2011-07-31 17:23:37 634880 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKernel.dll
2011-07-31 17:23:37 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ctor.dll
2011-07-31 17:23:37 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\DotNetInstaller.exe
2011-07-31 17:23:37 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-07-31 17:23:37 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iscript.dll
2011-07-31 17:23:37 151552 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iuser.dll
2011-07-31 17:23:36 270468 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\Setup.dll
2011-07-31 17:23:36 159876 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\IGdi.dll
2011-07-31 17:23:35 -------- d-----w- C:\Program Files (x86)\USB Vibration
2011-07-31 15:48:30 -------- d-----w- C:\Windows\System32\SPReview
2011-07-31 15:47:47 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-31 15:46:13 6144 ----a-w- C:\Windows\System32\drivers\tr-TR\rdvgkmd.sys.mui
2011-07-31 15:46:13 4096 ----a-w- C:\Windows\System32\drivers\tr-TR\tsusbhub.sys.mui
2011-07-31 15:46:13 3584 ----a-w- C:\Windows\System32\drivers\tr-TR\tsusbflt.sys.mui
2011-07-31 15:46:13 2560 ----a-w- C:\Windows\System32\drivers\tr-TR\rdpwd.sys.mui
2011-07-31 15:46:09 2560 ----a-w- C:\Windows\System32\drivers\tr-TR\vwifibus.sys.mui
2011-07-31 15:46:08 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2011-07-31 15:46:08 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-07-31 15:46:02 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-07-31 15:44:59 98304 ----a-w- C:\Program Files\Common Files\System\msadc\msadcs.dll
2011-07-31 15:43:59 47104 ----a-w- C:\Windows\System32\wshbth.dll
2011-07-31 15:42:00 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-07-31 14:58:25 -------- d-----w- C:\Windows\SysWow64\Wat
2011-07-31 14:58:25 -------- d-----w- C:\Windows\System32\Wat
2011-07-31 10:06:55 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-07-31 10:06:55 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-07-31 10:06:50 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-07-31 10:06:50 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-07-31 10:06:49 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-07-31 10:06:49 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-07-31 10:06:37 2871808 ----a-w- C:\Windows\explorer.exe
2011-07-31 10:06:37 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-07-31 10:06:36 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-07-31 10:06:36 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-07-31 10:06:32 715776 ----a-w- C:\Windows\System32\kerberos.dll
2011-07-31 10:06:32 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-07-31 10:05:42 -------- d-----w- C:\Users\NiR\AppData\Roaming\Windows Live Writer
2011-07-31 10:05:42 -------- d-----w- C:\Users\NiR\AppData\Local\Windows Live Writer
2011-07-31 10:05:24 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-07-31 10:05:24 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-07-31 10:05:23 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-07-31 10:05:23 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-07-31 10:01:45 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-07-31 10:01:45 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-07-31 10:01:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-07-31 10:01:45 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-07-31 10:01:45 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-07-31 10:01:45 100864 ----a-w- C:\Windows\System32\fontsub.dll
2011-07-31 10:01:41 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-07-31 10:01:07 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-07-31 10:01:06 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-07-31 10:01:06 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-07-31 10:00:37 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-07-31 10:00:37 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-07-31 10:00:37 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-07-31 10:00:37 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-07-31 10:00:33 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-07-31 10:00:33 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-07-31 10:00:33 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-07-31 09:59:04 642944 ----a-w- C:\Windows\System32\winload.efi
2011-07-31 09:59:04 605552 ----a-w- C:\Windows\System32\winload.exe
2011-07-31 09:59:04 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-07-31 09:59:04 518672 ----a-w- C:\Windows\System32\winresume.exe
2011-07-31 09:59:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2011-07-31 09:59:03 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-07-31 09:59:03 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-07-31 09:59:03 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-07-31 09:59:00 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-07-31 09:52:41 86016 ----a-w- C:\Windows\System32\nQPropPageExt.dll
2011-07-31 09:52:41 84992 ----a-w- C:\Windows\System32\Dts2PropPageExt.dll
2011-07-31 09:52:41 82432 ----a-w- C:\Windows\System32\nQAPO.dll
2011-07-31 09:52:41 76288 ----a-w- C:\Windows\System32\ViaMicArrayPropPageExt.dll
2011-07-31 09:52:41 529920 ----a-w- C:\Windows\System32\VIASysFx.dll
2011-07-31 09:52:41 242176 ----a-w- C:\Windows\System32\Dts2APO.dll
2011-07-31 09:52:41 193024 ----a-w- C:\Windows\System32\ViaMicArrayAPO.dll
2011-07-31 09:52:41 1235968 ----a-w- C:\Windows\System32\drivers\viahduaa.sys
2011-07-31 09:52:41 1011712 ----a-w- C:\Windows\System32\VIAPropPageExt.dll
2011-07-31 09:52:23 414632 ------w- C:\Windows\difxapi.dll
2011-07-31 09:52:23 -------- d-----w- C:\Program Files (x86)\VIA
2011-07-31 09:50:46 -------- d-----w- C:\Users\NiR\AppData\Local\{699701D4-8FCD-4917-99B3-FBC5A2B5DCFB}
2011-07-30 22:44:52 -------- d-----w- C:\ProgramData\Solidshield
2011-07-30 22:44:26 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-07-30 22:44:21 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-07-30 22:42:38 19087360 ----a-w- C:\Windows\SysWow64\mkl_blueripple.dll
2011-07-30 22:42:38 1417216 ----a-w- C:\Windows\SysWow64\rapture3d_oal.dll
2011-07-30 22:42:37 809496 ----a-r- C:\Windows\SysWow64\tmp9158.tmp
2011-07-30 22:42:37 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-07-30 22:42:37 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-07-30 22:42:37 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-07-30 22:42:37 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-07-30 22:42:37 -------- d-----w- C:\Program Files (x86)\OpenAL
2011-07-30 22:42:37 -------- d-----w- C:\Program Files (x86)\BRS
2011-07-30 22:32:39 -------- d-----w- C:\Program Files (x86)\Codemasters
2011-07-30 22:26:54 -------- d-----w- C:\Program Files (x86)\Fifa Master
2011-07-30 22:16:26 -------- d-----w- C:\Program Files (x86)\EA Sports
2011-07-30 22:16:22 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2011-07-30 22:16:22 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2011-07-30 22:16:22 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2011-07-30 22:16:22 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2011-07-30 22:16:21 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2011-07-30 22:16:21 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2011-07-30 22:10:52 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
2011-07-30 22:10:52 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2011-07-30 22:10:51 -------- d-----w- C:\Program Files (x86)\MagicDisc
2011-07-30 21:50:17 -------- d-----w- C:\Users\NiR\AppData\Local\{E286C0A1-A40B-4C5C-9F53-9314CF730A8E}
2011-07-30 21:50:03 -------- d-----w- C:\Users\NiR\Tracing
2011-07-30 21:46:25 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-30 21:45:04 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-30 21:41:08 -------- d-----w- C:\Windows\tr
2011-07-30 21:34:57 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-07-30 21:11:39 -------- d-----w- C:\Windows\PCHEALTH
2011-07-30 21:07:01 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9fe603d51cc4efc05\DSETUP.dll
2011-07-30 21:07:01 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9fe603d51cc4efc05\DXSETUP.exe
2011-07-30 21:07:01 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9fe603d51cc4efc05\dsetup32.dll
2011-07-30 21:06:01 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7c01c43b1cc4efc04\DSETUP.dll
2011-07-30 21:06:01 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7c01c43b1cc4efc04\DXSETUP.exe
2011-07-30 21:06:01 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7c01c43b1cc4efc04\dsetup32.dll
2011-07-30 21:02:47 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\86b52661cc4efc03\Silverlight.4.0.exe
2011-07-30 20:51:58 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-07-30 20:51:14 -------- d-----w- C:\Users\NiR\AppData\Local\Windows Live
2011-07-30 20:51:13 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-07-30 20:50:54 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-07-30 20:50:36 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-07-30 20:49:15 -------- d-----w- C:\Users\NiR\AppData\Roaming\Malwarebytes
2011-07-30 20:48:19 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-30 20:48:19 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-30 20:48:16 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-30 20:48:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-30 20:48:01 -------- d-----w- C:\Windows\Panther
2011-07-30 20:47:31 -------- d-----w- C:\Program Files (x86)\JDownloader
2011-07-30 20:45:16 -------- d-----w- C:\Windows\SysWow64\directx
2011-07-30 20:43:10 -------- d-----w- C:\Program Files\Babylon
2011-07-30 20:43:10 -------- d-----w- C:\Program Files (x86)\Babylon
2011-07-30 20:42:38 -------- d-----w- C:\Users\NiR\AppData\Roaming\Babylon
2011-07-30 20:42:38 -------- d-----w- C:\ProgramData\Babylon
2011-07-30 20:35:16 -------- d-----w- C:\Users\NiR\AppData\Local\AMD
2011-07-30 20:35:06 -------- d-----w- C:\Users\NiR\AppData\Local\ATI
2011-07-30 20:34:43 0 ----a-w- C:\Windows\ativpsrm.bin
2011-07-30 20:33:54 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-07-30 20:33:51 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-07-30 20:33:51 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-07-30 20:33:42 -------- d-----w- C:\ProgramData\AMD
2011-07-30 20:33:41 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2011-07-30 20:33:26 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-07-30 20:33:23 -------- d-----w- C:\Program Files\ATI
2011-07-30 20:32:50 -------- d-----w- C:\Program Files\ATI Technologies
2011-07-30 20:32:23 -------- d-----w- C:\ATI
2011-07-30 20:26:47 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{51B32F06-FB4F-45D1-9D8E-FD8C2B35507C}\mpengine.dll
2011-07-30 20:26:46 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-07-30 20:09:20 24576 ----a-r- C:\Windows\SysWow64\AsIO.dll
2011-07-30 20:09:20 13368 ----a-r- C:\Windows\SysWow64\drivers\AsIO.sys
2011-07-30 20:09:18 11832 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2011-07-30 20:09:18 10216 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
2011-07-30 20:09:17 -------- d-----w- C:\Program Files (x86)\ASUS
2011-07-30 20:08:44 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-07-30 20:08:44 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-07-30 20:08:44 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-07-30 20:08:44 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-07-30 20:07:53 -------- d-sh--w- C:\Windows\Installer
2011-07-30 20:07:39 -------- d-----w- C:\Users\NiR\AppData\Local\Downloaded Installations
.
==================== Find3M ====================
.
2011-07-31 15:54:20 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-31 15:54:20 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 08:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 08:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 08:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-07-12 08:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-07-12 08:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 08:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-12 08:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-07-12 08:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-08 04:15:50 9884672 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-07-08 03:54:26 23385600 ----a-w- C:\Windows\System32\atio6axx.dll
2011-07-08 03:33:28 17940992 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-07-08 03:29:54 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-07-08 03:29:44 689152 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-07-08 03:28:26 814592 ----a-w- C:\Windows\System32\aticfx64.dll
2011-07-08 03:25:48 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-07-08 03:25:38 485376 ----a-w- C:\Windows\System32\atieclxx.exe
2011-07-08 03:25:02 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-07-08 03:23:48 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-07-08 03:23:32 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-07-08 03:23:26 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-07-08 03:23:14 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-07-08 03:23:08 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-07-08 03:23:04 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-07-08 03:22:58 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-07-08 03:19:50 4275712 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-07-08 03:10:38 5072896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-07-08 03:06:10 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-07-08 03:05:46 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-07-08 03:05:34 3848704 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-07-08 03:02:08 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-07-08 03:02:06 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-07-08 03:01:58 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-07-08 03:01:58 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-07-08 03:01:46 8134656 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-07-08 03:00:34 4367360 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-07-08 02:58:52 6740480 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-07-08 02:55:56 4039680 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-07-08 02:54:30 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-07-08 02:54:22 5540864 ----a-w- C:\Windows\System32\atiumd64.dll
2011-07-08 02:47:42 375808 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-07-08 02:47:34 266240 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-07-08 02:47:24 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-07-08 02:47:20 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-07-08 02:47:20 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-07-08 02:47:18 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-07-08 02:47:10 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-07-08 02:47:04 307712 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-07-08 02:46:20 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-07-08 02:46:14 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-07-08 02:46:06 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-07-08 02:45:58 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-07-08 02:45:10 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-07-08 02:41:02 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-07-08 02:41:02 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-07-08 02:40:48 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-07-08 02:40:48 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-07-07 20:37:30 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-07-07 20:37:10 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-07-07 20:36:58 16907776 ----a-w- C:\Windows\System32\amdocl64.dll
2011-06-27 13:23:20 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-06-27 13:23:02 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-06-27 13:22:40 13904896 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-16 00:34:06 2971648 ----a-w- C:\Windows\System32\SlotMaximizerBe.dll
2011-06-16 00:34:06 105984 ----a-w- C:\Windows\System32\SlotMaximizerAg.dll
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
.
============= FINISH: 22:29:34,54 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 30.07.2011 23:00:07
System Uptime: 19.08.2011 19:17:27 (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A785TD-V EVO
Processor: AMD Phenom™ II X2 550 Processor | AM3 | 3100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 195 GiB total, 126,512 GiB free.
D: is FIXED (NTFS) - 270 GiB total, 123,587 GiB free.
E: is CDROM ()
F: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP37: 07.08.2011 12:55:22 - Installed DirectX
RP38: 07.08.2011 12:56:49 - Installed DirectX
RP39: 07.08.2011 15:53:37 - Installed Microsoft Office Professional Plus 2010
RP40: 07.08.2011 16:24:58 - Microsoft Visual C++ 2005 Redistributable Yüklendi
RP41: 07.08.2011 16:26:31 - Installed Battlefield Bad Company 2
RP42: 07.08.2011 20:59:19 - Windows Update
RP43: 13.08.2011 19:48:41 - Windows Update
RP44: 13.08.2011 20:42:19 - Windows Update
RP45: 19.08.2011 20:29:35 - Windows Update
.
==== Installed Programs ======================
.
A4 TECH PC Camera H
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
Babylon
Battlefield: Bad Company™ 2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
Creation Master 11 Release 11.0
D3DX10
DiRT 3
EPU-4 Engine
FIFA 11
HijackThis 2.0.2
Java Auto Updater
Java™ 6 Update 26
JDownloader
Junk Mail filter update
MagicDisc 2.7.106
Malwarebytes' Anti-Malware 1.51.1.1800 sürümü
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 5.0.1 (x86 tr)
MSVCRT
MSVCRT_amd64
NVIDIA PhysX
OpenAL
Platform
QuickTime
Rapture3D 2.4.8 Game
Security Update for Microsoft .NET Framework 4 İstemci Profili TRK Dil Paketi (KB2478663)
Security Update for Microsoft .NET Framework 4 İstemci Profili TRK Dil Paketi (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
SHIFT 2 UNLEASHED™
Usb Lan Zheng Electronics Vibration Joystick
VIA Platform Aygıt Yöneticisi
VLC media player 1.1.11
Windows Live Communications Platform
Windows Live Fotoğraf Galerisi
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,926 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:36 PM

Posted 19 August 2011 - 02:38 PM

Can you give me the exact message from MBAM and also when it appears (look in MBAM, on the Logs tab, and post the Protection log).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 carannir

carannir
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 20 August 2011 - 07:43 AM

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Veritabanı sürümü: 7463

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

20.08.2011 15:42:15
mbam-log-2011-08-20 (15-42-10).txt

Tarama kipi: Derin tarama (C:\|)
Taranmış öğeler: 313663
Geçen süre: 39 dakika, 23 saniye

Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 0
Etkilenmiş Kayıt Değerleri: 0
Etkilenmiş Veri Öğeleri: 0
Etkilenmiş Klasörler: 0
Etkilenmiş Dosyalar: 1

Etkilenmiş Hafıza İşlemleri:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Hafıza Modülleri:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Kayıt Anahtarları:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Kayıt Değerleri:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Veri Öğeleri:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Klasörler:
(Zararlı öğe tespit edilmedi)

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,926 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:36 PM

Posted 20 August 2011 - 09:09 AM

That is a normal MBAM scan log. Don't you see something called protection log there which contains a list of IP blocks?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,926 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:36 PM

Posted 28 August 2011 - 04:20 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users