Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected, creating "anyfoldername".exe looks like folder


  • This topic is locked This topic is locked
26 replies to this topic

#1 goksav

goksav

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 03 September 2011 - 12:58 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Casper at 18:48:27 on 2011-09-03
Microsoft Windows XP Home Edition 5.1.2600.3.1254.90.1055.18.1013.195 [GMT 3:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
svchost.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Casper\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Realtek\8187SE Wireless LAN Utility\RtWLan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = file://localhost/C:/www.google.com.htm
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mWinlogon: Userinit=C:/windows/system32/userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live Oturum Açma Yardım Aracı: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\casper\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\casper\startm~1\progra~1\balang~1\wordweb.lnk - c:\program files\wordweb\wweb32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\progra~1\balang~1\airtie~1.lnk - c:\program files\airties\adsl hizmet programı\AirTies_util3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\progra~1\balang~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\progra~1\balang~1\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\progra~1\balang~1\nokian~1.lnk - c:\program files\nokia\nnpcs\RunLauncher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\progra~1\balang~1\realte~1.lnk - c:\program files\realtek\8187se wireless lan utility\RtWLan.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6A913735-B30C-47E6-BB4D-996F7AE86B42} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{CE7866CF-A42B-4BAD-B0DF-C239A36B29FF} : NameServer = 195.175.39.39,195.175.39.40
TCP: Interfaces\{CE7866CF-A42B-4BAD-B0DF-C239A36B29FF} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2008-9-15 156160]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-27 136176]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-16 1684736]
S3 gupdatem;Google Güncelleme Hizmeti (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-27 136176]
.
=============== Created Last 30 ================
.
2011-09-01 14:13:46 -------- d-----w- c:\documents and settings\casper\local settings\application data\IsolatedStorage
2011-09-01 14:13:28 -------- d-----w- c:\documents and settings\casper\local settings\application data\HP
2011-09-01 13:56:14 -------- d-----w- c:\program files\common files\Sonic Shared
2011-09-01 13:55:26 -------- d-----w- c:\program files\common files\HP
2011-09-01 13:52:19 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-09-01 13:50:25 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2011-09-01 13:50:25 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2011-09-01 13:50:25 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2011-09-01 13:50:25 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2011-09-01 13:50:25 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2011-09-01 13:50:25 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2011-09-01 13:49:26 -------- d-----w- c:\program files\HP
2011-09-01 13:48:58 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2011-09-01 13:47:36 606208 ----a-w- c:\windows\system32\hpotscl.dll
2011-09-01 13:47:36 258122 ----a-w- c:\windows\system32\hpovst08.dll
2011-09-01 13:47:35 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2011-09-01 13:47:33 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2011-09-01 13:47:33 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2011-09-01 13:47:33 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2011-09-01 13:47:29 180315 ----a-w- c:\windows\system32\hpzsnt12.dll
2011-09-01 13:47:28 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2011-09-01 13:47:22 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2011-09-01 13:47:16 274432 ----a-w- c:\windows\system32\HPZc3212.dll
2011-08-22 15:57:20 -------- d-----w- c:\documents and settings\casper\local settings\application data\McAfee Anti-Theft
2011-08-17 10:23:44 -------- d-----w- c:\documents and settings\all users\application data\Protexis
2011-08-17 10:20:03 348256 ----a-w- c:\documents and settings\all users\application data\microsoft\vstahost\corelphotopaint\9.0\1033\ResourceCache.dll
2011-08-17 10:19:15 348256 ----a-w- c:\documents and settings\all users\application data\microsoft\vstahost\coreldraw\9.0\1033\ResourceCache.dll
2011-08-17 10:17:55 416 ----a-w- c:\documents and settings\all users\application data\microsoft\msdn\9.0\1033\ResourceCache.dll
2011-08-17 10:13:56 -------- d-----w- c:\program files\common files\Corel
2011-08-17 10:13:13 -------- d-----w- c:\program files\common files\Protexis
2011-08-17 10:13:11 -------- d-----w- c:\documents and settings\all users\application data\Corel
2011-08-17 10:06:06 -------- d-----w- c:\program files\Corel
2011-08-04 20:26:17 -------- d-----w- c:\program files\DriverInstall
2011-08-04 20:26:15 -------- d-----w- c:\documents and settings\casper\local settings\application data\Turkcell_Teknoloji
2011-08-04 20:26:02 -------- d-----w- c:\program files\Turkcell
.
==================== Find3M ====================
.
2011-06-23 10:25:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 18:49:40,00 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,701 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 PM

Posted 08 September 2011 - 01:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/417273 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:04 PM

Posted 08 September 2011 - 01:08 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

This is a bad virus that speads via a network and or Removable drives.

Other than the McAfee side advisor what other virus protection software do you have on this computer?

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

#4 goksav

goksav
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 10 September 2011 - 05:12 PM

hi nasdaq,
many thanks for your help already,
i do not have any antivirus program, only spybot and I have closed it before combofix.
here is the combofix log:

ComboFix 11-09-10.03 - Casper 11.09.2011 0:47.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1254.90.1055.18.1013.456 [GMT 3:00]
Running from: c:\documents and settings\Casper\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Casper\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Casper\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Casper\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini
c:\documents and settings\Casper\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse
c:\documents and settings\Casper\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.a935d1e0.ini
c:\documents and settings\Casper\Local Settings\Application Data\ApplicationHistory\MSI2C.tmp.5a6d18b.ini
c:\documents and settings\Casper\Local Settings\Application Data\ApplicationHistory\MSI735.tmp.6225eef1.ini
c:\documents and settings\Casper\Local Settings\Application Data\ApplicationHistory\MSIE0.tmp.e86743e5.ini
c:\documents and settings\Casper\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Casper\ProductContext5600.log
c:\documents and settings\Casper\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-08-10 to 2011-09-10 )))))))))))))))))))))))))))))))
.
.
2011-09-10 22:00 . 2011-09-10 22:01 -------- d-----w- c:\documents and settings\Casper\Local Settings\Application Data\ApplicationHistory
2011-09-01 14:13 . 2011-09-01 14:13 -------- d-----w- c:\documents and settings\Casper\Local Settings\Application Data\IsolatedStorage
2011-09-01 14:13 . 2011-09-01 14:13 -------- d-----w- c:\documents and settings\Casper\Local Settings\Application Data\HP
2011-09-01 13:48 . 2005-02-04 11:58 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2011-09-01 13:48 . 2011-09-01 14:07 -------- d-----w- c:\documents and settings\Casper\Application Data\HP
2011-09-01 13:47 . 2005-04-08 01:51 258122 ----a-w- c:\windows\system32\hpovst08.dll
2011-09-01 13:47 . 2005-04-08 01:51 606208 ----a-w- c:\windows\system32\hpotscl.dll
2011-09-01 13:47 . 2005-04-08 01:51 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2011-09-01 13:47 . 2005-03-08 04:43 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2011-09-01 13:47 . 2005-03-08 04:43 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2011-09-01 13:47 . 2005-03-08 04:43 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2011-09-01 13:47 . 2005-03-18 03:32 180315 ----a-w- c:\windows\system32\hpzsnt12.dll
2011-09-01 13:47 . 2005-03-08 04:41 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2011-09-01 13:47 . 2005-03-08 04:41 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2011-09-01 13:47 . 2005-03-08 04:39 274432 ----a-w- c:\windows\system32\HPZc3212.dll
2011-08-22 15:57 . 2011-08-22 15:57 -------- d-----w- c:\documents and settings\Casper\Local Settings\Application Data\McAfee Anti-Theft
2011-08-17 10:23 . 2011-08-17 10:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Protexis
2011-08-17 10:23 . 2011-08-17 10:23 -------- d-----w- c:\documents and settings\Casper\Application Data\Corel
2011-08-17 10:20 . 2011-08-17 10:20 348256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2011-08-17 10:19 . 2011-08-17 10:19 348256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2011-08-17 10:17 . 2011-08-17 10:17 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-08-17 10:15 . 2011-08-17 10:15 -------- d-----w- c:\program files\Microsoft SDKs
2011-08-17 10:15 . 2011-08-17 10:15 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2011-08-17 10:13 . 2011-08-17 10:13 -------- d-----w- c:\program files\Common Files\Corel
2011-08-17 10:13 . 2011-08-17 10:13 -------- d-----w- c:\program files\Common Files\Protexis
2011-08-17 10:13 . 2011-08-17 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2011-08-17 10:06 . 2011-08-17 10:06 -------- d-----w- c:\program files\Corel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-23 10:25 . 2011-06-23 10:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-12 1028096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
c:\documents and settings\Casper\Start Menu\Programlar\BaŸlang‡\
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2010-8-5 42168]
.
c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
AirTies ADSL Hizmet Program.lnk - c:\program files\AirTies\ADSL Hizmet Program\AirTies_util3.exe [2011-3-8 3655168]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Hzl BaŸlang‡.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Nokia Nseries PC Suite.lnk - c:\program files\Nokia\NNPCS\RunLauncher.exe [2008-5-8 943568]
REALTEK RTL8187SE Wireless LAN Utility.lnk - c:\program files\Realtek\8187SE Wireless LAN Utility\RtWLan.exe [2008-9-15 880640]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Realtek\\8187SE Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AirTies\\ADSL Hizmet Programı\\AirTies_util3.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\548f4d34\\jusched.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
.
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [15.09.2008 13:41 156160]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27.04.2011 16:11 136176]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe --> c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16.03.2010 19:25 1684736]
S3 gupdatem;Google Güncelleme Hizmeti (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27.04.2011 16:11 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-10 c:\windows\Tasks\User_Feed_Synchronization-{1547716F-EE33-494E-93AE-C0334C0EB2C5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.tr/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6A913735-B30C-47E6-BB4D-996F7AE86B42}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{CE7866CF-A42B-4BAD-B0DF-C239A36B29FF}: NameServer = 195.175.39.39,195.175.39.40
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-ppldggas453652 - c:\documents and settings\Casper\Application Data\zzupdatezz.exe
AddRemove-AP Guitar Tuner - c:\program files\Audio Phonics
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-11 01:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2720)
c:\windows\system32\WININET.dll
c:\documents and settings\Casper\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\AirTies\ADSL Hizmet Programc:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2011-09-11 01:05:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-10 22:05
.
Pre-Run: 39.313.121.280 bayt boş
Post-Run: 40.069.873.664 bayt boş
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - 4BFD32F9E41BAFC442DA4086C382F3B7

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:04 PM

Posted 11 September 2011 - 10:24 AM

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free versions of commercial antiviruses. Be sure to only install one.
avast!.
AntiVir

Run the downloaded program and submit a log if you can.

=*=

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know what problem persists.

#6 goksav

goksav
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 11 September 2011 - 12:51 PM

i am downlading the avira and i will let you know the results.
if you need i can do another one after avire scan but in case you need it first Here is the security check log:
Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#7 goksav

goksav
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 11 September 2011 - 01:14 PM

just after download avira made a scan but it was very quick ı beşlieve it is only registry or else. here is that one and i am posting the full scan result after:

Avira AntiVir Personal
Report file date: 11 Eylül 2011 Pazar 21:01

Scanning for 3353763 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Casper
Computer name : MINIBOOK

Version information:
BUILD.DAT : 10.2.0.700 35934 Bytes 21.07.2011 17:12:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 21.07.2011 09:12:28
AVSCAN.DLL : 10.0.5.0 47464 Bytes 21.07.2011 09:15:00
LUKE.DLL : 10.3.0.5 45416 Bytes 21.07.2011 09:13:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 10.02.2010 21:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 21.07.2011 09:12:28
AVREG.DLL : 10.3.0.9 90472 Bytes 21.07.2011 09:12:21
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 07:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 04:53:55
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 04:53:56
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 09:14:25
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 09:14:28
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 09:14:29
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 18:00:05
VBASE007.VDF : 7.11.13.61 2048 Bytes 16.08.2011 18:00:05
VBASE008.VDF : 7.11.13.62 2048 Bytes 16.08.2011 18:00:05
VBASE009.VDF : 7.11.13.63 2048 Bytes 16.08.2011 18:00:05
VBASE010.VDF : 7.11.13.64 2048 Bytes 16.08.2011 18:00:05
VBASE011.VDF : 7.11.13.65 2048 Bytes 16.08.2011 18:00:06
VBASE012.VDF : 7.11.13.66 2048 Bytes 16.08.2011 18:00:06
VBASE013.VDF : 7.11.13.95 166400 Bytes 17.08.2011 18:00:07
VBASE014.VDF : 7.11.13.125 209920 Bytes 18.08.2011 18:00:08
VBASE015.VDF : 7.11.13.157 184832 Bytes 22.08.2011 18:00:09
VBASE016.VDF : 7.11.13.201 128000 Bytes 24.08.2011 18:00:10
VBASE017.VDF : 7.11.13.234 160768 Bytes 25.08.2011 18:00:11
VBASE018.VDF : 7.11.14.16 141312 Bytes 30.08.2011 18:00:12
VBASE019.VDF : 7.11.14.48 133120 Bytes 31.08.2011 18:00:13
VBASE020.VDF : 7.11.14.78 156160 Bytes 02.09.2011 18:00:14
VBASE021.VDF : 7.11.14.109 126976 Bytes 06.09.2011 18:00:15
VBASE022.VDF : 7.11.14.137 131584 Bytes 08.09.2011 18:00:16
VBASE023.VDF : 7.11.14.138 2048 Bytes 08.09.2011 18:00:16
VBASE024.VDF : 7.11.14.139 2048 Bytes 08.09.2011 18:00:16
VBASE025.VDF : 7.11.14.140 2048 Bytes 08.09.2011 18:00:16
VBASE026.VDF : 7.11.14.141 2048 Bytes 08.09.2011 18:00:16
VBASE027.VDF : 7.11.14.142 2048 Bytes 08.09.2011 18:00:16
VBASE028.VDF : 7.11.14.143 2048 Bytes 08.09.2011 18:00:16
VBASE029.VDF : 7.11.14.144 2048 Bytes 08.09.2011 18:00:16
VBASE030.VDF : 7.11.14.145 2048 Bytes 08.09.2011 18:00:17
VBASE031.VDF : 7.11.14.161 119296 Bytes 09.09.2011 18:00:17
Engineversion : 8.2.6.60
AEVDF.DLL : 8.1.2.1 106868 Bytes 21.04.2011 04:53:28
AESCRIPT.DLL : 8.1.3.76 1626490 Bytes 11.09.2011 18:00:39
AESCN.DLL : 8.1.7.2 127349 Bytes 21.04.2011 04:53:27
AESBX.DLL : 8.2.1.34 323957 Bytes 21.07.2011 09:11:50
AERDL.DLL : 8.1.9.15 639348 Bytes 11.09.2011 18:00:37
AEPACK.DLL : 8.2.10.10 684407 Bytes 11.09.2011 18:00:35
AEOFFICE.DLL : 8.1.2.13 201083 Bytes 11.09.2011 18:00:32
AEHEUR.DLL : 8.1.2.167 3690871 Bytes 11.09.2011 18:00:32
AEHELP.DLL : 8.1.17.7 254327 Bytes 11.09.2011 18:00:22
AEGEN.DLL : 8.1.5.9 401780 Bytes 11.09.2011 18:00:21
AEEMU.DLL : 8.1.3.0 393589 Bytes 21.04.2011 04:53:14
AECORE.DLL : 8.1.23.0 196983 Bytes 11.09.2011 18:00:19
AEBB.DLL : 8.1.1.0 53618 Bytes 21.04.2011 04:53:14
AVWINLL.DLL : 10.0.0.0 19304 Bytes 21.04.2011 04:53:36
AVPREF.DLL : 10.0.3.2 44904 Bytes 21.07.2011 09:12:20
AVREP.DLL : 10.0.0.10 174120 Bytes 21.07.2011 09:12:22
AVARKT.DLL : 10.0.26.1 255336 Bytes 21.07.2011 09:12:00
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 21.07.2011 09:12:10
SQLITE3.DLL : 3.6.19.0 355688 Bytes 21.07.2011 12:12:31
AVSMTP.DLL : 10.0.0.17 63848 Bytes 21.04.2011 04:53:36
NETNT.DLL : 10.0.0.0 11624 Bytes 21.04.2011 04:53:46
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 21.07.2011 09:15:09
RCTEXT.DLL : 10.0.64.0 97640 Bytes 21.07.2011 09:15:09

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Advanced

Start of the scan: 11 Eylül 2011 Pazar 21:01

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hprblog.exe' - '1' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'wweb32.exe' - '1' Module(s) have been scanned
Scan process 'RtWLan.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'AirTies_util3.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'Acrotray.exe' - '1' Module(s) have been scanned
Scan process 'FLVSrvc.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NokiaMServer.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'PsiService_2.exe' - '1' Module(s) have been scanned
Scan process 'Brmfrmps.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'brss01a.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'brsvc01a.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '525' files ).



End of the scan: 11 Eylül 2011 Pazar 21:02
Used time: 00:46 Minute(s)

The scan has been done completely.

0 Scanned directories
1186 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1186 Files not concerned
5 Archives were scanned
0 Warnings
0 Notes

#8 goksav

goksav
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 11 September 2011 - 04:04 PM

Hi nasdaq; here is avira report but ı feel like it is not complete scanning all the files:



Avira AntiVir Personal
Report file date: 11 Eylül 2011 Pazar 21:06

Scanning for 3353763 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MINIBOOK

Version information:
BUILD.DAT : 10.2.0.700 35934 Bytes 21.07.2011 17:12:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 21.07.2011 09:12:28
AVSCAN.DLL : 10.0.5.0 47464 Bytes 21.07.2011 09:15:00
LUKE.DLL : 10.3.0.5 45416 Bytes 21.07.2011 09:13:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 10.02.2010 21:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 21.07.2011 09:12:28
AVREG.DLL : 10.3.0.9 90472 Bytes 21.07.2011 09:12:21
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 07:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 04:53:55
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 04:53:56
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 09:14:25
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 09:14:28
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 09:14:29
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 18:00:05
VBASE007.VDF : 7.11.13.61 2048 Bytes 16.08.2011 18:00:05
VBASE008.VDF : 7.11.13.62 2048 Bytes 16.08.2011 18:00:05
VBASE009.VDF : 7.11.13.63 2048 Bytes 16.08.2011 18:00:05
VBASE010.VDF : 7.11.13.64 2048 Bytes 16.08.2011 18:00:05
VBASE011.VDF : 7.11.13.65 2048 Bytes 16.08.2011 18:00:06
VBASE012.VDF : 7.11.13.66 2048 Bytes 16.08.2011 18:00:06
VBASE013.VDF : 7.11.13.95 166400 Bytes 17.08.2011 18:00:07
VBASE014.VDF : 7.11.13.125 209920 Bytes 18.08.2011 18:00:08
VBASE015.VDF : 7.11.13.157 184832 Bytes 22.08.2011 18:00:09
VBASE016.VDF : 7.11.13.201 128000 Bytes 24.08.2011 18:00:10
VBASE017.VDF : 7.11.13.234 160768 Bytes 25.08.2011 18:00:11
VBASE018.VDF : 7.11.14.16 141312 Bytes 30.08.2011 18:00:12
VBASE019.VDF : 7.11.14.48 133120 Bytes 31.08.2011 18:00:13
VBASE020.VDF : 7.11.14.78 156160 Bytes 02.09.2011 18:00:14
VBASE021.VDF : 7.11.14.109 126976 Bytes 06.09.2011 18:00:15
VBASE022.VDF : 7.11.14.137 131584 Bytes 08.09.2011 18:00:16
VBASE023.VDF : 7.11.14.138 2048 Bytes 08.09.2011 18:00:16
VBASE024.VDF : 7.11.14.139 2048 Bytes 08.09.2011 18:00:16
VBASE025.VDF : 7.11.14.140 2048 Bytes 08.09.2011 18:00:16
VBASE026.VDF : 7.11.14.141 2048 Bytes 08.09.2011 18:00:16
VBASE027.VDF : 7.11.14.142 2048 Bytes 08.09.2011 18:00:16
VBASE028.VDF : 7.11.14.143 2048 Bytes 08.09.2011 18:00:16
VBASE029.VDF : 7.11.14.144 2048 Bytes 08.09.2011 18:00:16
VBASE030.VDF : 7.11.14.145 2048 Bytes 08.09.2011 18:00:17
VBASE031.VDF : 7.11.14.161 119296 Bytes 09.09.2011 18:00:17
Engineversion : 8.2.6.60
AEVDF.DLL : 8.1.2.1 106868 Bytes 21.04.2011 04:53:28
AESCRIPT.DLL : 8.1.3.76 1626490 Bytes 11.09.2011 18:00:39
AESCN.DLL : 8.1.7.2 127349 Bytes 21.04.2011 04:53:27
AESBX.DLL : 8.2.1.34 323957 Bytes 21.07.2011 09:11:50
AERDL.DLL : 8.1.9.15 639348 Bytes 11.09.2011 18:00:37
AEPACK.DLL : 8.2.10.10 684407 Bytes 11.09.2011 18:00:35
AEOFFICE.DLL : 8.1.2.13 201083 Bytes 11.09.2011 18:00:32
AEHEUR.DLL : 8.1.2.167 3690871 Bytes 11.09.2011 18:00:32
AEHELP.DLL : 8.1.17.7 254327 Bytes 11.09.2011 18:00:22
AEGEN.DLL : 8.1.5.9 401780 Bytes 11.09.2011 18:00:21
AEEMU.DLL : 8.1.3.0 393589 Bytes 21.04.2011 04:53:14
AECORE.DLL : 8.1.23.0 196983 Bytes 11.09.2011 18:00:19
AEBB.DLL : 8.1.1.0 53618 Bytes 21.04.2011 04:53:14
AVWINLL.DLL : 10.0.0.0 19304 Bytes 21.04.2011 04:53:36
AVPREF.DLL : 10.0.3.2 44904 Bytes 21.07.2011 09:12:20
AVREP.DLL : 10.0.0.10 174120 Bytes 21.07.2011 09:12:22
AVARKT.DLL : 10.0.26.1 255336 Bytes 21.07.2011 09:12:00
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 21.07.2011 09:12:10
SQLITE3.DLL : 3.6.19.0 355688 Bytes 21.07.2011 12:12:31
AVSMTP.DLL : 10.0.0.17 63848 Bytes 21.04.2011 04:53:36
NETNT.DLL : 10.0.0.0 11624 Bytes 21.04.2011 04:53:46
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 21.07.2011 09:15:09
RCTEXT.DLL : 10.0.64.0 97640 Bytes 21.07.2011 09:15:09

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Advanced

Start of the scan: 11 Eylül 2011 Pazar 21:06

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '59' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '69' Module(s) have been scanned
Scan process 'avcenter.exe' - '63' Module(s) have been scanned
Scan process 'iexplore.exe' - '116' Module(s) have been scanned
Scan process 'iexplore.exe' - '99' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '28' Module(s) have been scanned
Scan process 'avgnt.exe' - '52' Module(s) have been scanned
Scan process 'sched.exe' - '53' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'avguard.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'hprblog.exe' - '26' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '68' Module(s) have been scanned
Scan process 'wscntfy.exe' - '20' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '101' Module(s) have been scanned
Scan process 'wweb32.exe' - '30' Module(s) have been scanned
Scan process 'RtWLan.exe' - '49' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '57' Module(s) have been scanned
Scan process 'AirTies_util3.exe' - '52' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '38' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '20' Module(s) have been scanned
Scan process 'Acrotray.exe' - '29' Module(s) have been scanned
Scan process 'FLVSrvc.exe' - '20' Module(s) have been scanned
Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '29' Module(s) have been scanned
Scan process 'pptd40nt.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'NokiaMServer.exe' - '29' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '45' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '39' Module(s) have been scanned
Scan process 'igfxpers.exe' - '29' Module(s) have been scanned
Scan process 'hkcmd.exe' - '28' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '28' Module(s) have been scanned
Scan process 'SeaPort.exe' - '46' Module(s) have been scanned
Scan process 'PsiService_2.exe' - '17' Module(s) have been scanned
Scan process 'Brmfrmps.exe' - '9' Module(s) have been scanned
Scan process 'Explorer.EXE' - '167' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'brss01a.exe' - '14' Module(s) have been scanned
Scan process 'spoolsv.exe' - '68' Module(s) have been scanned
Scan process 'brsvc01a.exe' - '10' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '165' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '36' Module(s) have been scanned
Scan process 'winlogon.exe' - '66' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '527' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PWSGamemaniagen3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\Casper\Belgelerim\Resimlerim\02-07-2011, ali emir avcılarda\opucuklu olan 002.7z.001
[WARNING] The file could not be read!
C:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP270\A0078799.exe
[DETECTION] Contains recognition pattern of the WORM/Palevo.EP worm
C:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP276\A0081730.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP280\A0083174.inf
[DETECTION] Is the TR/Autorun.AIX Trojan
C:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP280\A0083175.inf
[DETECTION] Is the TR/Autorun.AIX Trojan
C:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP280\A0083176.inf
[DETECTION] Is the TR/Autorun.AIX Trojan
C:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP280\A0083178.inf
[DETECTION] Is the TR/Autorun.AIX Trojan
C:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP280\A0083217.inf
[DETECTION] Is the TR/Autorun.AIX Trojan
C:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP280\A0083218.inf
[DETECTION] Is the TR/Autorun.AIX Trojan
Begin scan in 'D:\'
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\2.5.1.26f5a\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\2.5.1.26f5a\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\2.5.1.26f5x\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\2.5.1.26f5x\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\2.5.1.26f6\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\2.5.1.26f6\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\2.5.1.26f6b\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\2.5.1.26f6b\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\2.5.1.26f6c\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\2.5.1.26f6c\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\newinstall\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\newinstall\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\RunnerCode\SW\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\RunnerCode\SW\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\SW\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\SW\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f5a\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f5a\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f5x\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f5x\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6b\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6b\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6c\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6c\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\newinstall\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\newinstall\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\RunnerCode\SW\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\RunnerCode\SW\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\SW\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\SW\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f5a\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f5a\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f5x\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f5x\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6b\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6b\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6c\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6c\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\newinstall\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\newinstall\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\RunnerCode\SW\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\RunnerCode\SW\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\SW\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\SW\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
D:\SEN\sene 3\Ziya-pasa.doc
[DETECTION] Contains code of the W2000M/Thus.AH macro virus
D:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP276\A0081731.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
D:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP280\A0083374.exe
[DETECTION] Is the TR/Gendal.kdv.67732 Trojan
D:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP280\A0083375.exe
[DETECTION] Is the TR/Dropper.Gen Trojan

Beginning disinfection:
D:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP280\A0083375.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '446d851f.qua'.
D:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP280\A0083374.exe
[DETECTION] Is the TR/Gendal.kdv.67732 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5cfaaab8.qua'.
D:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP276\A0081731.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0ea5f050.qua'.
D:\SEN\sene 3\Ziya-pasa.doc
[DETECTION] Contains code of the W2000M/Thus.AH macro virus
[NOTE] A backup was created as '68e9bfa3.qua' ( QUARANTINE )
[WARNING] The file could not be repaired!
[NOTE] The file is scheduled for deleting after reboot.
[NOTE] For the final repair, a restart of the computer is instigated.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\SW\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2d6b929a.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\SW\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5245a08d.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\RunnerCode\SW\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1ec88cb0.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\RunnerCode\SW\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '62e5cc96.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\newinstall\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4f8ae3d2.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\newinstall\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '56d7d841.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6c\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '3abef478.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6c\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4b32cde4.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6b\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '451dfd2a.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6b\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '00018461.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '093f80c2.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '514b99a0.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f5x\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7d8ae067.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f5x\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '434180b6.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f5a\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '207aabce.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\Yeni Klasör\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f5a\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0687ebd8.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\SW\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '34269075.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\SW\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '3e56bb02.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\RunnerCode\SW\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0130df4e.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\RunnerCode\SW\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7f29d367.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\newinstall\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2a64d7a3.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\newinstall\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '27c7a684.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6c\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '3bafb282.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6c\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0a49ff43.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6b\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '662aeb7a.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6b\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2f85ce73.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7425c6ab.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f6\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '12a2ca4b.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f5x\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4519b8ea.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f5x\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '675cef97.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f5a\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0f799508.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\xpr ler\Yeni Klasör (4)\dpi\backup\2.5.1.26f5a\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2f3a9187.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\SW\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7a2bd73b.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\SW\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1b3ef68d.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\RunnerCode\SW\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7ea7b40e.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\RunnerCode\SW\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1b45c0b8.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\newinstall\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0894fc3c.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\newinstall\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1a188096.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\2.5.1.26f6c\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0d7de33c.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\2.5.1.26f6c\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '576ad1b5.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\2.5.1.26f6b\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7252abb8.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\2.5.1.26f6b\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '063cb3d1.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\2.5.1.26f6\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '240be146.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\2.5.1.26f6\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '51ad9944.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\2.5.1.26f5x\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7acfc55f.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\2.5.1.26f5x\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1d9d8dfb.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\2.5.1.26f5a\runnercode\RestoreRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '56d8b4f6.qua'.
D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\dpi\backup\2.5.1.26f5a\runnercode\EnhanceRip.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.204052
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5613bebd.qua'.
C:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP280\A0083218.inf
[DETECTION] Is the TR/Autorun.AIX Trojan
[NOTE] The file was moved to the quarantine directory under the name '1cf4ebeb.qua'.
C:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP280\A0083217.inf
[DETECTION] Is the TR/Autorun.AIX Trojan
[NOTE] The file was moved to the quarantine directory under the name '72ddc423.qua'.
C:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP280\A0083178.inf
[DETECTION] Is the TR/Autorun.AIX Trojan
[NOTE] The file was moved to the quarantine directory under the name '3ffd9a53.qua'.
C:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP280\A0083176.inf
[DETECTION] Is the TR/Autorun.AIX Trojan
[NOTE] The file was moved to the quarantine directory under the name '57d9bd68.qua'.
C:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP280\A0083175.inf
[DETECTION] Is the TR/Autorun.AIX Trojan
[NOTE] The file was moved to the quarantine directory under the name '2d6887a1.qua'.
C:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP280\A0083174.inf
[DETECTION] Is the TR/Autorun.AIX Trojan
[NOTE] The file was moved to the quarantine directory under the name '5c3adbe4.qua'.
C:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP276\A0081730.bat
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '2cddf1f7.qua'.
C:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP270\A0078799.exe
[DETECTION] Contains recognition pattern of the WORM/Palevo.EP worm
[NOTE] The file was moved to the quarantine directory under the name '57ad8da2.qua'.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '19b0fe91.qua'.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PWSGamemaniagen3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '67d085c5.qua'.

#9 goksav

goksav
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 11 September 2011 - 04:09 PM

and this is security check after avira scan
Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Avira AntiVir Personal - Free Antivirus
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:04 PM

Posted 12 September 2011 - 07:47 AM

That was a good run.

Just to complete the cleaning please run this tool.

Download the latest version of Kaspersky Virus Removal Tool
  • Close all other applications and double-click and run the installer.
  • When AVPTool starts, select all the scanable items except for CD-ROM drives.
  • Then please choose Security level: Recommended and perform the following actions.
    Posted Image
  • Click the Start scan button.
  • If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button
  • In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
  • In the Scan window click the Reports button and select Save to file.
  • Name the report AVPT.txt, and save it to the Desktop.
  • Close AVPTool.
  • You will be prompted if you want to uninstall the program; click Yes.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.
===

Let me know what problem persists on this computer.

#11 goksav

goksav
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 15 September 2011 - 03:03 PM

hi nasdaq,
sorry for late reply, i had connection problems.
here is kaspersky log

Status: Quarantined (events: 4)
15.09.2011 12:57:21 Quarantined virus HEUR:Trojan.Script.Iframer C:\Documents and Settings\Casper\Belgelerim\Downloads\Writing\mitta - kino mezhdu adom i raem.html High
15.09.2011 12:57:21 Quarantined virus HEUR:Trojan.Script.Iframer C:\Documents and Settings\Casper\Belgelerim\Downloads\Writing\Writing Popular Fiction - Dean Koontz (v1.0, html).html High
15.09.2011 13:11:27 Quarantined virus HEUR:Worm.Win32.Generic C:\Program Files\548f4d34\jusched.exe High
15.09.2011 14:09:15 Quarantined virus HEUR:Worm.Win32.Generic C:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP289\A0092480.exe High
Status: Deleted (events: 10)
15.09.2011 18:38:00 Deleted Trojan program Trojan.Win32.Pakes.pcp C:\Documents and Settings\Casper\Belgelerim\Downloads\Tipard iPhone Transfer 3.3.46\Tipard iPhone Transfer 3.3.46.part01.rar//Tipard iPhone Transfer.exe//data0027.res//services64.exe High
15.09.2011 15:37:01 Deleted Trojan program Trojan.Win32.Buzus.hcqv D:\Programlar\virus set uplar\USB Disk Security 5.2.0.5 TR.exe High
15.09.2011 15:37:01 Deleted Trojan program Trojan.Win32.Buzus.hcqv D:\Programlar\virus set uplar\USB Disk Security 5.2.0.5 TR.exe//C:/Documents and Settings/Administrator/Desktop/setup.exe High
15.09.2011 15:37:01 Deleted Trojan program Trojan.Win32.Buzus.hcqv D:\Programlar\virus set uplar\USB Disk Security 5.2.0.5 TR.exe//C:/Documents and Settings/Administrator/Desktop/setup.exe/Program Files/USB Disk Security/USBGuard.exe High
15.09.2011 16:05:35 Deleted Trojan program Trojan.Win32.Buzus.hcqv D:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP289\A0092481.exe High
15.09.2011 16:05:35 Deleted Trojan program Trojan.Win32.Buzus.hcqv D:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP289\A0092481.exe//C:/Documents and Settings/Administrator/Desktop/setup.exe High
15.09.2011 16:05:35 Deleted Trojan program Trojan.Win32.Buzus.hcqv D:\System Volume Information\_restore{1081D3B5-92E7-4D26-92C8-0AB881D266D3}\RP289\A0092481.exe//C:/Documents and Settings/Administrator/Desktop/setup.exe/Program Files/USB Disk Security/USBGuard.exe High
15.09.2011 18:38:00 Deleted Trojan program Trojan.Win32.Pakes.pcp C:\Documents and Settings\Casper\Belgelerim\Downloads\Tipard iPhone Transfer 3.3.46\Tipard iPhone Transfer 3.3.46.part01.rar//Tipard iPhone Transfer.exe//data0027.res High
15.09.2011 18:38:00 Deleted Trojan program Trojan.Win32.Pakes.pcp C:\Documents and Settings\Casper\Belgelerim\Downloads\Tipard iPhone Transfer 3.3.46\Tipard iPhone Transfer 3.3.46.part01.rar//Tipard iPhone Transfer.exe High
15.09.2011 18:38:00 Deleted Trojan program Trojan.Win32.Pakes.pcp C:\Documents and Settings\Casper\Belgelerim\Downloads\Tipard iPhone Transfer 3.3.46\Tipard iPhone Transfer 3.3.46.part01.rar High
Status: Vulnerability (events: 8)
15.09.2011 13:21:10 Vulnerability vulnerability http://www.securelist.com/en/advisories/43269 C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.dll Low
15.09.2011 13:21:19 Vulnerability vulnerability http://www.securelist.com/en/advisories/43269 C:\Program Files\Adobe\Reader 8.0\Reader\RdLang32.TUR Low
15.09.2011 13:26:44 Vulnerability vulnerability http://www.securelist.com/en/advisories/31744 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL Low
15.09.2011 14:26:54 Vulnerability vulnerability http://www.securelist.com/en/advisories/23655 C:\WINDOWS\system32\msxml4.dll Low
15.09.2011 15:03:25 Vulnerability vulnerability http://www.securelist.com/en/advisories/41917 D:\MASA ÜSTÜ\SDL TUM\ARSIV SDL\SDL 2D\okuyacak mı\VirtualExpander_WW\VE_Readme_flashdemo_WW\Flashdemo_VE_WW_v122.exe Low
15.09.2011 16:08:12 Vulnerability vulnerability http://www.securelist.com/en/advisories/31744 c:\Program Files\Microsoft Office\Office12\INFOPATH.EXE Low
15.09.2011 16:08:17 Vulnerability vulnerability http://www.securelist.com/en/advisories/31744 c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE Low
15.09.2011 16:08:21 Vulnerability vulnerability http://www.securelist.com/en/advisories/40937 c:\Program Files\Microsoft Office\Office12\WINWORD.EXE Low
Status: Disinfected (events: 5)
15.09.2011 16:20:49 Disinfected Trojan program Backdoor.Win32.Bredolab.aue Outlook\Personal Folders\Top of Personal Folders\Inbox\[From:Colby Gay][Subject:[SPAM-DUSUK] RE:][Time:2009/09/16 22:40:37]/FILE_X8c8b.zip High
15.09.2011 16:20:47 Disinfected Trojan program Backdoor.Win32.Bredolab.aue Outlook\Personal Folders\Top of Personal Folders\Inbox\[From:Colby Gay][Subject:[SPAM-DUSUK] RE:][Time:2009/09/16 22:40:37]/FILE_X8c8b.zip/FILE_X8c8b.exe High
15.09.2011 16:21:37 Disinfected Trojan program Backdoor.Win32.Bredolab.aue Outlook\Personal Folders\Top of Personal Folders\Inbox\[From:DHL Tracking Services][Subject:DHL Tracking Number D0C4SCL6][Time:2009/10/09 10:44:35]/DHL_LABEL_d0bb223.zip High
15.09.2011 16:21:37 Disinfected Trojan program Backdoor.Win32.Bredolab.aue Outlook\Personal Folders\Top of Personal Folders\Inbox\[From:DHL Tracking Services][Subject:DHL Tracking Number D0C4SCL6][Time:2009/10/09 10:44:35]/DHL_LABEL_d0bb223.zip/DHL_LABEL_d0bb223.exe High
15.09.2011 16:25:54 Disinfected Trojan program Exploit.Win32.Pidief.dcd Outlook\Personal Folders\Top of Personal Folders\Inbox\[From:no-reply@sedelemat.com][Subject:setting for your mailbox are changed][Time:2010/04/27 17:57:45]/doc.pdf High

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:04 PM

Posted 15 September 2011 - 05:55 PM

How is the computer performing?

Any pending issues?

#13 goksav

goksav
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 16 September 2011 - 12:18 AM

much better and faster...
but i am afraid to use my external hard drives and usb sticks, i am sure they are infected.
do you think updated avira or kaspersky removal tools can help?

also i have a desktop infected too.
should i proceed same process here for your view?

regards
g.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:04 PM

Posted 16 September 2011 - 10:11 AM

Try this tool.
1 - Flash Drive Disinfector
Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

also i have a desktop infected too.
should i proceed same process here for your view?

If this is an other computer please start a new topic.
Copy and paste the link in your next post here and I will expedite the matter.

#15 goksav

goksav
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 17 September 2011 - 03:20 PM

flash tool worked fine. cleans all my usb drives.
but now windows opens always with "recovery console, do not choose this..."message than the xp home.
what should i do?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users