[]
combofix
Combofix kurdum hic bilmiyorum taratirken bir suru yababci biseyler cikti stage 50 ye kadar geldi bazilarinin onunde a ve b var saglammidir bu program
bekle. o işini halleder. sağlamdır.
- icim urperiyor
(20.01.14 00:58:59)
evet pc baya hızlandı reset attı kendi kendine program tekrar açıldı bunlar çıktı bulduğu virüsler mi oluyor bunlar ComboFix 14-01-16.03 - Administrator 20.01.2014 1:50.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.1014.539 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Belgelerim\Downloads\ComboFix-tamindir.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\_ctypes.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\_elementtree.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\_hashlib.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\_multiprocessing.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\_socket.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\_ssl.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\pyexpat.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\pysqlite2._sqlite.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\python27.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\pythoncom27.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\PyWinTypes27.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\select.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\unicodedata.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32api.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32com.shell.shell.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32crypt.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32event.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32file.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32inet.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32pdh.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32pipe.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32process.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32profile.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32security.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32ts.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\windows._lib_cacheinvalidation.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wx._controls_.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wx._core_.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wx._gdi_.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wx._html2.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wx._misc_.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wx._windows_.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wx._wizard.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wxbase294u_net_vc90.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wxbase294u_vc90.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wxmsw294u_adv_vc90.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wxmsw294u_core_vc90.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wxmsw294u_html_vc90.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wxmsw294u_webview_vc90.dll
c:\documents and settings\Administrator\Application Data\SwvUpdater
c:\documents and settings\Administrator\Application Data\SwvUpdater\status.cfg
c:\documents and settings\Administrator\Application Data\SwvUpdater\Updater.exe
c:\documents and settings\Administrator\Local Settings\Application Data\lollipop
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\_ctypes.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\_elementtree.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\_hashlib.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\_multiprocessing.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\_socket.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\_ssl.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\pyexpat.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\pysqlite2._sqlite.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\python27.dll
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\pythoncom27.dll
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\PyWinTypes27.dll
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\select.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\unicodedata.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32api.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32com.shell.shell.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32crypt.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32event.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32file.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32inet.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32pdh.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32pipe.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32process.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32profile.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32security.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32ts.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\windows._lib_cacheinvalidation.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wx._controls_.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wx._core_.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wx._gdi_.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wx._html2.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wx._misc_.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wx._windows_.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wx._wizard.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wxbase294u_net_vc90.dll
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wxbase294u_vc90.dll
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wxmsw294u_adv_vc90.dll
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wxmsw294u_core_vc90.dll
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wxmsw294u_html_vc90.dll
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wxmsw294u_webview_vc90.dll
C:\END
c:\program files\SearchProtect
c:\program files\SearchProtect\EULA.txt
c:\program files\SearchProtect\Main\bin\CltMngSvc.exe
c:\program files\SearchProtect\Main\bin\SPTool.dll
c:\program files\SearchProtect\Main\bin\SPtool.dll_1389824984484
c:\program files\SearchProtect\Main\bin\uninstall.exe
c:\program files\SearchProtect\Main\rep\SystemRepository.dat
c:\program files\SearchProtect\SearchProtect\bin\cltmng.exe
c:\program files\SearchProtect\SearchProtect\bin\SPTool64.exe
c:\program files\SearchProtect\SearchProtect\bin\SPVC32.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC64.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
c:\program files\SearchProtect\UI\bin\cltmngui.exe
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.css
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.html
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.js
c:\program files\SearchProtect\UI\dialogs\bubble\defaults.js
c:\program files\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files\SearchProtect\UI\dialogs\Images\bg.png
c:\program files\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\hez.png
c:\program files\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files\SearchProtect\UI\dialogs\Images\v.png
c:\program files\SearchProtect\UI\dialogs\Images\x.png
c:\program files\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files\SearchProtect\UI\dialogs\libs\main.js
c:\program files\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files\SearchProtect\UI\dialogs\protection\protection.css
c:\program files\SearchProtect\UI\dialogs\protection\protection.html
c:\program files\SearchProtect\UI\dialogs\protection\protection.js
c:\program files\SearchProtect\UI\dialogs\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files\SearchProtect\UI\dialogs\settings\settings.css
c:\program files\SearchProtect\UI\dialogs\settings\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\settings.js
c:\program files\SearchProtect\UI\dialogs\style.css
c:\program files\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\program files\Speed Test 127\ScRIpthost.dll
c:\windows\msxml4-KB2758694-enu.LOG
c:\windows\system32\default_user_class.dat.LOG
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-12-19 to 2014-01-19 )))))))))))))))))))))))))))))))
.
.
2014-01-19 23:02 . 2014-01-19 23:02 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2014-01-19 21:21 . 2014-01-19 21:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\PhotoScape
2014-01-19 21:20 . 2014-01-19 21:21 -------- d-----w- c:\program files\PhotoScape
2014-01-19 21:20 . 2014-01-19 21:29 -------- d-----w- c:\program files\Google
2014-01-19 21:16 . 2014-01-19 22:36 -------- d-----w- c:\program files\MyPC Backup
2014-01-19 20:53 . 2014-01-19 20:53 -------- d-----w- c:\program files\FileKiddo Download Manager
2014-01-19 20:51 . 2014-01-19 20:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\speedtest4354
2014-01-19 20:50 . 2014-01-19 23:54 -------- d-----w- c:\program files\Speed Test 127
2014-01-19 20:50 . 2014-01-19 20:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\freegames111
2014-01-16 02:11 . 2008-04-13 09:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2014-01-16 02:11 . 2008-04-13 09:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2014-01-16 02:11 . 2008-04-13 09:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2014-01-16 02:11 . 2008-04-13 09:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2014-01-16 02:11 . 2008-04-13 09:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2014-01-16 02:11 . 2008-04-13 09:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2014-01-16 02:11 . 2008-04-13 09:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2014-01-16 02:11 . 2008-04-13 09:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2014-01-16 02:11 . 2008-04-13 09:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2014-01-16 02:11 . 2008-04-13 09:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2014-01-16 02:11 . 2008-04-13 09:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2014-01-16 02:11 . 2008-04-13 09:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2014-01-16 02:10 . 2008-04-13 09:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2014-01-16 02:10 . 2008-04-13 09:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2014-01-16 02:10 . 2008-04-14 07:00 28672 ----a-w- c:\windows\system32\vidcap.ax
2014-01-16 02:10 . 2008-04-14 07:00 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2014-01-16 02:10 . 2008-04-14 07:00 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2014-01-16 02:10 . 2008-04-14 07:00 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2014-01-16 02:10 . 2008-04-14 07:00 43008 ----a-w- c:\windows\system32\ksxbar.ax
2014-01-16 02:09 . 2008-04-14 07:00 61952 ----a-w- c:\windows\system32\kstvtune.ax
2014-01-13 01:43 . 2014-01-13 01:43 -------- d-----w- c:\windows\ie8updates
2014-01-13 01:39 . 2014-01-13 01:39 -------- d-----w- c:\program files\MSXML 4.0
2014-01-12 19:32 . 2013-10-29 07:57 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2014-01-12 19:32 . 2013-10-29 07:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2014-01-12 19:32 . 2013-10-29 07:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2014-01-12 19:32 . 2013-10-29 07:57 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2014-01-12 19:32 . 2013-10-29 07:57 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2014-01-12 19:32 . 2013-10-29 07:57 11113472 -c----w- c:\windows\system32\dllcache\ieframe.dll
2014-01-12 19:32 . 2013-10-29 07:57 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2014-01-12 19:32 . 2013-10-29 07:57 2006016 -c----w- c:\windows\system32\dllcache\iertutil.dll
2014-01-12 19:26 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2014-01-12 18:50 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2014-01-12 18:50 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2014-01-12 18:50 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2014-01-12 16:56 . 2012-06-02 13:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2014-01-11 16:31 . 2013-07-03 01:59 14976 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2014-01-11 16:31 . 2013-07-03 01:59 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys
2014-01-11 16:31 . 2001-11-21 19:35 5632 ----a-w- c:\windows\system32\ptpusb.dll
2014-01-11 16:31 . 2008-04-14 07:00 159232 ----a-w- c:\windows\system32\ptpusd.dll
2014-01-09 02:25 . 2014-01-09 02:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera Software
2014-01-09 02:25 . 2014-01-09 02:25 -------- d-----w- c:\program files\Opera
2014-01-08 22:04 . 2014-01-08 22:04 -------- d-----w- c:\program files\CCleaner
2014-01-03 18:50 . 2014-01-03 18:50 -------- d-----w- c:\windows\system32\wbem\Repository
2014-01-03 16:59 . 2014-01-03 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yandex
2014-01-03 16:59 . 2014-01-03 17:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Yandex
2013-12-30 02:18 . 2013-12-30 02:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2013-12-25 03:17 . 2013-12-25 03:20 2424 ----a-w- c:\windows\system32\ASOROSet.bin
2013-12-25 03:07 . 2013-12-25 03:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenCandy
2013-12-25 02:46 . 2013-12-25 02:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
2013-12-25 02:45 . 2008-06-27 08:49 518064 ----a-w- c:\windows\system32\framework.ocx
2013-12-25 02:43 . 2013-12-28 21:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\systweak
2013-12-24 21:52 . 2013-12-24 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\BonanzaDealsLive
2013-12-24 21:52 . 2013-12-24 21:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BonanzaDealsLive
2013-12-24 21:51 . 2013-12-24 21:51 -------- d-----w- c:\program files\BonanzaDeals
2013-12-24 21:51 . 2013-12-24 21:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\AffiliatedUpdate
2013-12-24 09:08 . 2013-12-24 09:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\SearchProtect
2013-12-24 02:24 . 2013-12-24 02:24 17248136 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-12-24 02:10 . 2013-12-24 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2013-12-24 02:10 . 2013-12-24 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2013-12-24 02:10 . 2013-12-30 02:17 -------- d-----w- c:\program files\McAfee Security Scan
2013-12-24 02:07 . 2014-01-09 17:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2013-12-23 22:00 . 2013-02-12 00:32 12928 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2013-12-23 22:00 . 2013-02-12 00:32 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-12-23 22:00 . 2008-04-13 09:56 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2013-12-23 22:00 . 2008-04-13 09:56 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2013-12-23 21:33 . 2013-12-24 02:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Samsung
2013-12-23 21:33 . 2013-12-24 02:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Samsung
2013-12-23 21:32 . 2013-08-21 04:31 15560 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2013-12-23 21:32 . 2013-08-21 04:31 15304 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2013-12-23 21:31 . 2013-12-23 21:31 -------- d-----w- c:\program files\MyFree Codec
2013-12-23 21:26 . 2013-10-30 10:13 4659712 ----a-w- c:\windows\system32\Redemption.dll
2013-12-23 21:25 . 2013-12-24 02:15 -------- d-----w- c:\program files\Samsung
2013-12-23 21:25 . 2013-12-24 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Samsung
2013-12-23 21:14 . 2013-12-23 21:14 -------- d-----w- c:\program files\Microsoft.NET
2013-12-23 21:04 . 2013-12-23 21:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2013-12-23 19:03 . 2013-12-23 19:03 -------- d-----w- c:\windows\Sun
2013-12-23 19:01 . 2013-10-08 05:29 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-12-23 19:01 . 2013-10-08 05:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-23 18:20 . 2014-01-09 02:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Opera Software
2013-12-23 18:20 . 2013-12-23 18:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2013-12-23 18:20 . 2013-12-23 18:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Chromium
2013-12-23 18:15 . 2014-01-09 02:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yandex
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 17:13 . 2013-12-17 18:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-09 17:13 . 2013-12-17 18:50 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-17 23:13 . 2013-12-17 22:42 32829212 ----a-w- C:\WDM_R270.zip
2013-11-13 02:59 . 2012-02-29 14:08 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2012-09-14 10:48 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:36 . 2013-11-06 01:36 7168 ------w- c:\windows\system32\xpsp4res.dll
2013-10-30 10:06 . 2013-10-30 10:06 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2013-10-30 10:06 . 2013-10-30 10:06 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2013-10-30 10:06 . 2013-10-30 10:06 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2013-10-30 10:06 . 2013-10-30 10:06 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2013-10-30 10:06 . 2013-10-30 10:06 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2013-10-30 10:06 . 2013-10-30 10:06 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2013-10-30 10:06 . 2013-10-30 10:06 569344 ----a-w- c:\windows\system32\muzdecode.ax
2013-10-30 10:06 . 2013-10-30 10:06 491520 ----a-w- c:\windows\system32\muzapp.dll
2013-10-30 10:06 . 2013-10-30 10:06 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2013-10-30 10:06 . 2013-10-30 10:06 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2013-10-30 10:06 . 2013-10-30 10:06 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2013-10-30 10:06 . 2013-10-30 10:06 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2013-10-30 10:06 . 2013-10-30 10:06 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2013-10-30 10:06 . 2013-10-30 10:06 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2013-10-30 10:06 . 2013-10-30 10:06 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2013-10-30 10:06 . 2013-10-30 10:06 245760 ----a-w- c:\windows\system32\MSCLib.dll
2013-10-30 10:06 . 2013-10-30 10:06 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2013-10-30 10:06 . 2013-10-30 10:06 200704 ----a-w- c:\windows\system32\muzwmts.dll
2013-10-30 10:06 . 2013-10-30 10:06 172032 ----a-w- c:\windows\system32\muzapp.exe
2013-10-30 10:06 . 2013-10-30 10:06 155648 ----a-w- c:\windows\system32\MSFLib.dll
2013-10-30 10:06 . 2013-10-30 10:06 143360 ----a-w- c:\windows\system32\3DAudio.ax
2013-10-30 10:06 . 2013-10-30 10:06 135168 ----a-w- c:\windows\system32\muzaf1.dll
2013-10-30 10:06 . 2013-10-30 10:06 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2013-10-30 10:06 . 2013-10-30 10:06 122880 ----a-w- c:\windows\system32\muzeffect.ax
2013-10-30 10:06 . 2013-10-30 10:06 118784 ----a-w- c:\windows\system32\MaDRM.dll
2013-10-30 10:06 . 2013-10-30 10:06 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2013-10-30 02:52 . 2012-09-14 10:48 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2013-12-17 19:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2008-04-15 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2013-12-17 19:25 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 07:57 . 2013-12-17 19:25 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 00:48 . 2013-12-17 19:25 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45 . 2013-12-17 19:26 172032 ----a-w- c:\windows\system32\scrrun.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{7c11f506-523f-4755-b8f3-a8343d606f2c}]
2013-11-06 16:53 226592 ----a-w- c:\program files\Kurulum_New\prxtbKur0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c11f506-523f-4755-b8f3-a8343d606f2c}"= "c:\program files\Kurulum_New\prxtbKur0.dll" [2013-11-06 226592]
.
[HKEY_CLASSES_ROOT\clsid\{7c11f506-523f-4755-b8f3-a8343d606f2c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C11F506-523F-4755-B8F3-A8343D606F2C}"= "c:\program files\Kurulum_New\prxtbKur0.dll" [2013-11-06 226592]
.
[HKEY_CLASSES_ROOT\clsid\{7c11f506-523f-4755-b8f3-a8343d606f2c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 13:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 13:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 13:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 13:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 13:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-07 3216664]
"Free Download Manager"="c:\program files\FileKiddo Download Manager\fdm.exe" [2013-04-29 6852096]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GPULoader"="c:\program files\VLC Player GPU+\GPULog.exe" [2013-12-13 1303776]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"FixCamera"="c:\windows\FixCamera.exe" [2006-06-01 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-01-06 110592]
"snp2std"="c:\windows\vsnp2std.exe" [2006-01-06 344064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\documents and settings\All Users\Start Menu\Programlar\Başlangıç\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\????? ??? ???????? ??????? High Definition Audio]
HDAShCut.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2010-11-03 16:13 64104 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2010-11-03 16:13 2815592 ----a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-15 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-28 15:00 166424 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-28 15:00 141848 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 15:00 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2012-06-06 12:00 20065936 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2010-11-03 16:15 84584 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1688:TCP"= 1688:TCP:KMS Emulator
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [14.07.2012 00:10 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [14.07.2012 00:10 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [14.07.2012 00:10 13616]
R3 NETwLx32; Windows XP 32 Bit için Intel(R) Wireless WiFi Link Bağdaştırıcı Sürücüsü ;c:\windows\system32\drivers\NETwLx32.sys [17.12.2013 21:08 6609920]
S1 iSafeNetFilter;iSafeNetFilter;\??\c:\program files\iSafe\iSafeNetFilter.sys --> c:\program files\iSafe\iSafeNetFilter.sys [?]
S2 bonanzadealslive;Google Güncelleme Hizmeti (bonanzadealslive);c:\program files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [24.12.2013 23:52 148976]
S2 CltMngSvc;Search Protect by Conduit Service;c:\progra~1\SearchProtect\Main\bin\CltMngSvc.exe --> c:\progra~1\SearchProtect\Main\bin\CltMngSvc.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18.12.2013 01:15 1691480]
S3 bonanzadealslivem;Google Güncelleme Hizmeti (bonanzadealslivem);c:\program files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [24.12.2013 23:52 148976]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [06.09.2013 19:29 235216]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - CLR_OPTIMIZATION_V2.0.50727_32
*NewlyCreated* - WS2IFSL
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-17 17:13]
.
2014-01-19 c:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
- c:\program files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-12-24 21:52]
.
2014-01-19 c:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
- c:\program files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-12-24 21:52]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-19 21:20]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-19 21:20]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-162531612-839522115-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2013-12-17 20:35]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-162531612-839522115-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2013-12-17 20:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.com.tr/?win=106&clid=1989273
uInternet Settings,ProxyServer = 213.186.122.123:3128
IE: Download all with FileKiddo Download Manager - file://c:\program files\FileKiddo Download Manager\dlall.htm
IE: Download selected with FileKiddo Download Manager - file://c:\program files\FileKiddo Download Manager\dlselected.htm
IE: Download video with FileKiddo Download Manager - file://c:\program files\FileKiddo Download Manager\dlfvideo.htm
IE: Download with FileKiddo Download Manager - file://c:\program files\FileKiddo Download Manager\dllink.htm
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: OneNote'a G&önder - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\518gyzdc.default\
FF - prefs.js: browser.search.selectedEngine - Yandex
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.tr/
FF - prefs.js: network.proxy.http - 86.120.196.242
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-RDReminder - c:\program files\RegClean Pro\RegCleanPro.exe
AddRemove-SearchProtect - c:\progra~1\SearchProtect\Main\bin\uninstall.exe
AddRemove-Speed Test 4354 - c:\program files\Speed Test 4354\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net
Rootkit scan 2014-01-20 01:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-162531612-839522115-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{fe063412-bea4-4d76-8ed3-183be6220d17}"=hex:51,66,7a,6c,4c,1d,3b,1b,02,2f,1c,
e4,9a,ed,1e,02,97,da,47,67,e0,63,4d,08
"{C45EC9F0-8333-465D-9728-074BD41985C9}"=hex:51,66,7a,6c,4c,1d,3b,1b,e0,d2,44,
de,0d,d0,35,09,8e,21,58,17,d2,58,c5,d6
"{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}"=hex:51,66,7a,6c,4c,1d,3b,1b,d0,d2,d2,
0b,26,8a,a8,0b,92,57,8d,cb,dc,03,b2,d8
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2380)
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll
c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCP90.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1055\GrooveIntlResource.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2014-01-20 02:02:00 - machine was rebooted
ComboFix-quarantined-files.txt 2014-01-20 00:01
ComboFix2.txt 2013-12-23 18:29
.
Pre-Run: 41.596.350.464 bayt boş
Post-Run: 41.770.749.952 bayt boş
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D74DC3846EB543BC2E58BF6762B25137
988ED281FD011A58DAB7E4AE71DED8F5 bun
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.1014.539 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Belgelerim\Downloads\ComboFix-tamindir.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\_ctypes.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\_elementtree.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\_hashlib.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\_multiprocessing.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\_socket.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\_ssl.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\pyexpat.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\pysqlite2._sqlite.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\python27.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\pythoncom27.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\PyWinTypes27.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\select.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\unicodedata.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32api.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32com.shell.shell.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32crypt.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32event.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32file.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32inet.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32pdh.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32pipe.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32process.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32profile.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32security.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\win32ts.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\windows._lib_cacheinvalidation.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wx._controls_.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wx._core_.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wx._gdi_.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wx._html2.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wx._misc_.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wx._windows_.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wx._wizard.pyd
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wxbase294u_net_vc90.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wxbase294u_vc90.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wxmsw294u_adv_vc90.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wxmsw294u_core_vc90.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wxmsw294u_html_vc90.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI28162\wxmsw294u_webview_vc90.dll
c:\documents and settings\Administrator\Application Data\SwvUpdater
c:\documents and settings\Administrator\Application Data\SwvUpdater\status.cfg
c:\documents and settings\Administrator\Application Data\SwvUpdater\Updater.exe
c:\documents and settings\Administrator\Local Settings\Application Data\lollipop
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\_ctypes.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\_elementtree.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\_hashlib.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\_multiprocessing.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\_socket.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\_ssl.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\pyexpat.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\pysqlite2._sqlite.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\python27.dll
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\pythoncom27.dll
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\PyWinTypes27.dll
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\select.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\unicodedata.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32api.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32com.shell.shell.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32crypt.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32event.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32file.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32inet.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32pdh.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32pipe.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32process.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32profile.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32security.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\win32ts.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\windows._lib_cacheinvalidation.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wx._controls_.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wx._core_.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wx._gdi_.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wx._html2.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wx._misc_.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wx._windows_.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wx._wizard.pyd
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wxbase294u_net_vc90.dll
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wxbase294u_vc90.dll
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wxmsw294u_adv_vc90.dll
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wxmsw294u_core_vc90.dll
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wxmsw294u_html_vc90.dll
c:\documents and settings\Administrator\Local Settings\temp\_MEI28162\wxmsw294u_webview_vc90.dll
C:\END
c:\program files\SearchProtect
c:\program files\SearchProtect\EULA.txt
c:\program files\SearchProtect\Main\bin\CltMngSvc.exe
c:\program files\SearchProtect\Main\bin\SPTool.dll
c:\program files\SearchProtect\Main\bin\SPtool.dll_1389824984484
c:\program files\SearchProtect\Main\bin\uninstall.exe
c:\program files\SearchProtect\Main\rep\SystemRepository.dat
c:\program files\SearchProtect\SearchProtect\bin\cltmng.exe
c:\program files\SearchProtect\SearchProtect\bin\SPTool64.exe
c:\program files\SearchProtect\SearchProtect\bin\SPVC32.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC64.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
c:\program files\SearchProtect\UI\bin\cltmngui.exe
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.css
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.html
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.js
c:\program files\SearchProtect\UI\dialogs\bubble\defaults.js
c:\program files\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files\SearchProtect\UI\dialogs\Images\bg.png
c:\program files\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\hez.png
c:\program files\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files\SearchProtect\UI\dialogs\Images\v.png
c:\program files\SearchProtect\UI\dialogs\Images\x.png
c:\program files\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files\SearchProtect\UI\dialogs\libs\main.js
c:\program files\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files\SearchProtect\UI\dialogs\protection\protection.css
c:\program files\SearchProtect\UI\dialogs\protection\protection.html
c:\program files\SearchProtect\UI\dialogs\protection\protection.js
c:\program files\SearchProtect\UI\dialogs\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files\SearchProtect\UI\dialogs\settings\settings.css
c:\program files\SearchProtect\UI\dialogs\settings\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\settings.js
c:\program files\SearchProtect\UI\dialogs\style.css
c:\program files\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\program files\Speed Test 127\ScRIpthost.dll
c:\windows\msxml4-KB2758694-enu.LOG
c:\windows\system32\default_user_class.dat.LOG
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-12-19 to 2014-01-19 )))))))))))))))))))))))))))))))
.
.
2014-01-19 23:02 . 2014-01-19 23:02 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2014-01-19 21:21 . 2014-01-19 21:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\PhotoScape
2014-01-19 21:20 . 2014-01-19 21:21 -------- d-----w- c:\program files\PhotoScape
2014-01-19 21:20 . 2014-01-19 21:29 -------- d-----w- c:\program files\Google
2014-01-19 21:16 . 2014-01-19 22:36 -------- d-----w- c:\program files\MyPC Backup
2014-01-19 20:53 . 2014-01-19 20:53 -------- d-----w- c:\program files\FileKiddo Download Manager
2014-01-19 20:51 . 2014-01-19 20:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\speedtest4354
2014-01-19 20:50 . 2014-01-19 23:54 -------- d-----w- c:\program files\Speed Test 127
2014-01-19 20:50 . 2014-01-19 20:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\freegames111
2014-01-16 02:11 . 2008-04-13 09:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2014-01-16 02:11 . 2008-04-13 09:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2014-01-16 02:11 . 2008-04-13 09:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2014-01-16 02:11 . 2008-04-13 09:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2014-01-16 02:11 . 2008-04-13 09:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2014-01-16 02:11 . 2008-04-13 09:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2014-01-16 02:11 . 2008-04-13 09:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2014-01-16 02:11 . 2008-04-13 09:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2014-01-16 02:11 . 2008-04-13 09:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2014-01-16 02:11 . 2008-04-13 09:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2014-01-16 02:11 . 2008-04-13 09:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2014-01-16 02:11 . 2008-04-13 09:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2014-01-16 02:10 . 2008-04-13 09:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2014-01-16 02:10 . 2008-04-13 09:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2014-01-16 02:10 . 2008-04-14 07:00 28672 ----a-w- c:\windows\system32\vidcap.ax
2014-01-16 02:10 . 2008-04-14 07:00 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2014-01-16 02:10 . 2008-04-14 07:00 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2014-01-16 02:10 . 2008-04-14 07:00 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2014-01-16 02:10 . 2008-04-14 07:00 43008 ----a-w- c:\windows\system32\ksxbar.ax
2014-01-16 02:09 . 2008-04-14 07:00 61952 ----a-w- c:\windows\system32\kstvtune.ax
2014-01-13 01:43 . 2014-01-13 01:43 -------- d-----w- c:\windows\ie8updates
2014-01-13 01:39 . 2014-01-13 01:39 -------- d-----w- c:\program files\MSXML 4.0
2014-01-12 19:32 . 2013-10-29 07:57 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2014-01-12 19:32 . 2013-10-29 07:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2014-01-12 19:32 . 2013-10-29 07:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2014-01-12 19:32 . 2013-10-29 07:57 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2014-01-12 19:32 . 2013-10-29 07:57 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2014-01-12 19:32 . 2013-10-29 07:57 11113472 -c----w- c:\windows\system32\dllcache\ieframe.dll
2014-01-12 19:32 . 2013-10-29 07:57 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2014-01-12 19:32 . 2013-10-29 07:57 2006016 -c----w- c:\windows\system32\dllcache\iertutil.dll
2014-01-12 19:26 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2014-01-12 18:50 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2014-01-12 18:50 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2014-01-12 18:50 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2014-01-12 16:56 . 2012-06-02 13:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2014-01-11 16:31 . 2013-07-03 01:59 14976 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2014-01-11 16:31 . 2013-07-03 01:59 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys
2014-01-11 16:31 . 2001-11-21 19:35 5632 ----a-w- c:\windows\system32\ptpusb.dll
2014-01-11 16:31 . 2008-04-14 07:00 159232 ----a-w- c:\windows\system32\ptpusd.dll
2014-01-09 02:25 . 2014-01-09 02:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera Software
2014-01-09 02:25 . 2014-01-09 02:25 -------- d-----w- c:\program files\Opera
2014-01-08 22:04 . 2014-01-08 22:04 -------- d-----w- c:\program files\CCleaner
2014-01-03 18:50 . 2014-01-03 18:50 -------- d-----w- c:\windows\system32\wbem\Repository
2014-01-03 16:59 . 2014-01-03 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yandex
2014-01-03 16:59 . 2014-01-03 17:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Yandex
2013-12-30 02:18 . 2013-12-30 02:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2013-12-25 03:17 . 2013-12-25 03:20 2424 ----a-w- c:\windows\system32\ASOROSet.bin
2013-12-25 03:07 . 2013-12-25 03:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenCandy
2013-12-25 02:46 . 2013-12-25 02:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
2013-12-25 02:45 . 2008-06-27 08:49 518064 ----a-w- c:\windows\system32\framework.ocx
2013-12-25 02:43 . 2013-12-28 21:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\systweak
2013-12-24 21:52 . 2013-12-24 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\BonanzaDealsLive
2013-12-24 21:52 . 2013-12-24 21:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BonanzaDealsLive
2013-12-24 21:51 . 2013-12-24 21:51 -------- d-----w- c:\program files\BonanzaDeals
2013-12-24 21:51 . 2013-12-24 21:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\AffiliatedUpdate
2013-12-24 09:08 . 2013-12-24 09:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\SearchProtect
2013-12-24 02:24 . 2013-12-24 02:24 17248136 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-12-24 02:10 . 2013-12-24 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2013-12-24 02:10 . 2013-12-24 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2013-12-24 02:10 . 2013-12-30 02:17 -------- d-----w- c:\program files\McAfee Security Scan
2013-12-24 02:07 . 2014-01-09 17:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2013-12-23 22:00 . 2013-02-12 00:32 12928 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2013-12-23 22:00 . 2013-02-12 00:32 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-12-23 22:00 . 2008-04-13 09:56 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2013-12-23 22:00 . 2008-04-13 09:56 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2013-12-23 21:33 . 2013-12-24 02:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Samsung
2013-12-23 21:33 . 2013-12-24 02:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Samsung
2013-12-23 21:32 . 2013-08-21 04:31 15560 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2013-12-23 21:32 . 2013-08-21 04:31 15304 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2013-12-23 21:31 . 2013-12-23 21:31 -------- d-----w- c:\program files\MyFree Codec
2013-12-23 21:26 . 2013-10-30 10:13 4659712 ----a-w- c:\windows\system32\Redemption.dll
2013-12-23 21:25 . 2013-12-24 02:15 -------- d-----w- c:\program files\Samsung
2013-12-23 21:25 . 2013-12-24 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Samsung
2013-12-23 21:14 . 2013-12-23 21:14 -------- d-----w- c:\program files\Microsoft.NET
2013-12-23 21:04 . 2013-12-23 21:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2013-12-23 19:03 . 2013-12-23 19:03 -------- d-----w- c:\windows\Sun
2013-12-23 19:01 . 2013-10-08 05:29 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-12-23 19:01 . 2013-10-08 05:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-23 18:20 . 2014-01-09 02:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Opera Software
2013-12-23 18:20 . 2013-12-23 18:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2013-12-23 18:20 . 2013-12-23 18:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Chromium
2013-12-23 18:15 . 2014-01-09 02:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yandex
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 17:13 . 2013-12-17 18:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-09 17:13 . 2013-12-17 18:50 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-17 23:13 . 2013-12-17 22:42 32829212 ----a-w- C:\WDM_R270.zip
2013-11-13 02:59 . 2012-02-29 14:08 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2012-09-14 10:48 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:36 . 2013-11-06 01:36 7168 ------w- c:\windows\system32\xpsp4res.dll
2013-10-30 10:06 . 2013-10-30 10:06 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2013-10-30 10:06 . 2013-10-30 10:06 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2013-10-30 10:06 . 2013-10-30 10:06 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2013-10-30 10:06 . 2013-10-30 10:06 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2013-10-30 10:06 . 2013-10-30 10:06 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2013-10-30 10:06 . 2013-10-30 10:06 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2013-10-30 10:06 . 2013-10-30 10:06 569344 ----a-w- c:\windows\system32\muzdecode.ax
2013-10-30 10:06 . 2013-10-30 10:06 491520 ----a-w- c:\windows\system32\muzapp.dll
2013-10-30 10:06 . 2013-10-30 10:06 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2013-10-30 10:06 . 2013-10-30 10:06 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2013-10-30 10:06 . 2013-10-30 10:06 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2013-10-30 10:06 . 2013-10-30 10:06 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2013-10-30 10:06 . 2013-10-30 10:06 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2013-10-30 10:06 . 2013-10-30 10:06 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2013-10-30 10:06 . 2013-10-30 10:06 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2013-10-30 10:06 . 2013-10-30 10:06 245760 ----a-w- c:\windows\system32\MSCLib.dll
2013-10-30 10:06 . 2013-10-30 10:06 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2013-10-30 10:06 . 2013-10-30 10:06 200704 ----a-w- c:\windows\system32\muzwmts.dll
2013-10-30 10:06 . 2013-10-30 10:06 172032 ----a-w- c:\windows\system32\muzapp.exe
2013-10-30 10:06 . 2013-10-30 10:06 155648 ----a-w- c:\windows\system32\MSFLib.dll
2013-10-30 10:06 . 2013-10-30 10:06 143360 ----a-w- c:\windows\system32\3DAudio.ax
2013-10-30 10:06 . 2013-10-30 10:06 135168 ----a-w- c:\windows\system32\muzaf1.dll
2013-10-30 10:06 . 2013-10-30 10:06 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2013-10-30 10:06 . 2013-10-30 10:06 122880 ----a-w- c:\windows\system32\muzeffect.ax
2013-10-30 10:06 . 2013-10-30 10:06 118784 ----a-w- c:\windows\system32\MaDRM.dll
2013-10-30 10:06 . 2013-10-30 10:06 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2013-10-30 02:52 . 2012-09-14 10:48 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2013-12-17 19:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2008-04-15 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2013-12-17 19:25 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 07:57 . 2013-12-17 19:25 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 00:48 . 2013-12-17 19:25 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45 . 2013-12-17 19:26 172032 ----a-w- c:\windows\system32\scrrun.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{7c11f506-523f-4755-b8f3-a8343d606f2c}]
2013-11-06 16:53 226592 ----a-w- c:\program files\Kurulum_New\prxtbKur0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c11f506-523f-4755-b8f3-a8343d606f2c}"= "c:\program files\Kurulum_New\prxtbKur0.dll" [2013-11-06 226592]
.
[HKEY_CLASSES_ROOT\clsid\{7c11f506-523f-4755-b8f3-a8343d606f2c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C11F506-523F-4755-B8F3-A8343D606F2C}"= "c:\program files\Kurulum_New\prxtbKur0.dll" [2013-11-06 226592]
.
[HKEY_CLASSES_ROOT\clsid\{7c11f506-523f-4755-b8f3-a8343d606f2c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 13:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 13:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 13:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 13:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 13:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-07 3216664]
"Free Download Manager"="c:\program files\FileKiddo Download Manager\fdm.exe" [2013-04-29 6852096]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GPULoader"="c:\program files\VLC Player GPU+\GPULog.exe" [2013-12-13 1303776]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"FixCamera"="c:\windows\FixCamera.exe" [2006-06-01 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-01-06 110592]
"snp2std"="c:\windows\vsnp2std.exe" [2006-01-06 344064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\documents and settings\All Users\Start Menu\Programlar\Başlangıç\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\????? ??? ???????? ??????? High Definition Audio]
HDAShCut.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2010-11-03 16:13 64104 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2010-11-03 16:13 2815592 ----a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-15 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-28 15:00 166424 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-28 15:00 141848 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 15:00 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2012-06-06 12:00 20065936 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2010-11-03 16:15 84584 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1688:TCP"= 1688:TCP:KMS Emulator
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [14.07.2012 00:10 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [14.07.2012 00:10 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [14.07.2012 00:10 13616]
R3 NETwLx32; Windows XP 32 Bit için Intel(R) Wireless WiFi Link Bağdaştırıcı Sürücüsü ;c:\windows\system32\drivers\NETwLx32.sys [17.12.2013 21:08 6609920]
S1 iSafeNetFilter;iSafeNetFilter;\??\c:\program files\iSafe\iSafeNetFilter.sys --> c:\program files\iSafe\iSafeNetFilter.sys [?]
S2 bonanzadealslive;Google Güncelleme Hizmeti (bonanzadealslive);c:\program files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [24.12.2013 23:52 148976]
S2 CltMngSvc;Search Protect by Conduit Service;c:\progra~1\SearchProtect\Main\bin\CltMngSvc.exe --> c:\progra~1\SearchProtect\Main\bin\CltMngSvc.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18.12.2013 01:15 1691480]
S3 bonanzadealslivem;Google Güncelleme Hizmeti (bonanzadealslivem);c:\program files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [24.12.2013 23:52 148976]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [06.09.2013 19:29 235216]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - CLR_OPTIMIZATION_V2.0.50727_32
*NewlyCreated* - WS2IFSL
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-17 17:13]
.
2014-01-19 c:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
- c:\program files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-12-24 21:52]
.
2014-01-19 c:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
- c:\program files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-12-24 21:52]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-19 21:20]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-19 21:20]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-162531612-839522115-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2013-12-17 20:35]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-162531612-839522115-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2013-12-17 20:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.com.tr/?win=106&clid=1989273
uInternet Settings,ProxyServer = 213.186.122.123:3128
IE: Download all with FileKiddo Download Manager - file://c:\program files\FileKiddo Download Manager\dlall.htm
IE: Download selected with FileKiddo Download Manager - file://c:\program files\FileKiddo Download Manager\dlselected.htm
IE: Download video with FileKiddo Download Manager - file://c:\program files\FileKiddo Download Manager\dlfvideo.htm
IE: Download with FileKiddo Download Manager - file://c:\program files\FileKiddo Download Manager\dllink.htm
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: OneNote'a G&önder - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\518gyzdc.default\
FF - prefs.js: browser.search.selectedEngine - Yandex
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.tr/
FF - prefs.js: network.proxy.http - 86.120.196.242
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-RDReminder - c:\program files\RegClean Pro\RegCleanPro.exe
AddRemove-SearchProtect - c:\progra~1\SearchProtect\Main\bin\uninstall.exe
AddRemove-Speed Test 4354 - c:\program files\Speed Test 4354\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net
Rootkit scan 2014-01-20 01:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-162531612-839522115-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{fe063412-bea4-4d76-8ed3-183be6220d17}"=hex:51,66,7a,6c,4c,1d,3b,1b,02,2f,1c,
e4,9a,ed,1e,02,97,da,47,67,e0,63,4d,08
"{C45EC9F0-8333-465D-9728-074BD41985C9}"=hex:51,66,7a,6c,4c,1d,3b,1b,e0,d2,44,
de,0d,d0,35,09,8e,21,58,17,d2,58,c5,d6
"{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}"=hex:51,66,7a,6c,4c,1d,3b,1b,d0,d2,d2,
0b,26,8a,a8,0b,92,57,8d,cb,dc,03,b2,d8
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2380)
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll
c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCP90.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1055\GrooveIntlResource.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2014-01-20 02:02:00 - machine was rebooted
ComboFix-quarantined-files.txt 2014-01-20 00:01
ComboFix2.txt 2013-12-23 18:29
.
Pre-Run: 41.596.350.464 bayt boş
Post-Run: 41.770.749.952 bayt boş
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D74DC3846EB543BC2E58BF6762B25137
988ED281FD011A58DAB7E4AE71DED8F5 bun
- _k_u_z_g_u_n_
(20.01.14 01:07:39)
işlem dökümü. kapatıp günlük kullanımına devam edebilirsin.
- icim urperiyor (20.01.14 01:47:55)
combofix ağır enfekte olmuş makinelere; özellikle aktif antivirus programlarının bulup da silemediği virusler temizlemek için kullanılan bir temizleme aracı. kurulan bir araç değildir; internetten güncel versiyonunu indirir çalıştırırsınız, o temizler ve işi biter. Aktif koruma sağlamaz, "uninstall/kaldırma" gibi bir durumu da olmaz. Bu arada sizin makine de temiz değilmiş log'dan gördüğüm kadarıyla...
- mortar (20.01.14 09:38:30)
1
