ComboFix 11-08-05.03 - NiR 06.08.2011 17:10:23.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1254.90.1055.18.4094.2276 [GMT 3:00]
Running from: c:\users\NiR\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-06 to 2011-08-06 )))))))))))))))))))))))))))))))
.
.
2011-08-05 19:18 . 2011-08-06 14:00 -------- d-----w- c:\program files\Doctus
2011-08-05 16:33 . 2011-07-12 18:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{422165D4-7F63-4ADB-A99B-C88B0D6A2500}\mpengine.dll
2011-08-05 08:23 . 2011-08-05 08:23 -------- d-----w- c:\users\Guest
2011-07-31 17:23 . 2011-07-31 17:23 -------- d-----w- c:\windows\USB Vibration
2011-07-31 17:23 . 2011-07-31 17:23 -------- d-----w- c:\program files (x86)\USB Vibration
2011-07-31 16:21 . 2011-07-31 16:21 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-07-31 15:48 . 2011-07-31 15:48 -------- d-----w- c:\windows\system32\SPReview
2011-07-31 15:47 . 2011-07-31 15:47 -------- d-----w- c:\windows\system32\EventProviders
2011-07-31 15:46 . 2010-11-20 13:43 3584 ----a-w- c:\windows\system32\drivers\tr-TR\tsusbflt.sys.mui
2011-07-31 15:46 . 2010-11-20 13:41 2560 ----a-w- c:\windows\system32\drivers\tr-TR\rdpwd.sys.mui
2011-07-31 15:46 . 2010-11-20 13:40 6144 ----a-w- c:\windows\system32\drivers\tr-TR\rdvgkmd.sys.mui
2011-07-31 15:46 . 2010-11-20 13:33 4096 ----a-w- c:\windows\system32\drivers\tr-TR\tsusbhub.sys.mui
2011-07-31 15:46 . 2010-11-20 13:39 2560 ----a-w- c:\windows\system32\drivers\tr-TR\vwifibus.sys.mui
2011-07-31 15:46 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-31 15:46 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-07-31 15:46 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-07-31 15:44 . 2010-11-20 13:33 75136 ----a-w- c:\windows\system32\drivers\partmgr.sys
2011-07-31 15:43 . 2010-11-20 13:27 47104 ----a-w- c:\windows\system32\wshbth.dll
2011-07-31 15:42 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-07-31 14:58 . 2011-07-31 14:58 -------- d-----w- c:\windows\SysWow64\Wat
2011-07-31 14:58 . 2011-07-31 14:58 -------- d-----w- c:\windows\system32\Wat
2011-07-31 10:06 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-07-31 10:05 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-07-31 10:05 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-07-31 10:05 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-07-31 10:05 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-07-31 10:01 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-07-31 10:01 . 2011-02-19 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2011-07-31 10:01 . 2011-02-19 06:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-07-31 10:01 . 2011-02-19 04:34 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-07-31 10:01 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2011-07-31 10:01 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2011-07-31 10:01 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-07-31 10:01 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-07-31 10:01 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-07-31 10:01 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-07-31 10:00 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-07-31 10:00 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-07-31 10:00 . 2010-11-20 13:26 321024 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-07-31 10:00 . 2010-11-20 12:18 219136 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-07-31 10:00 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-07-31 10:00 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-07-31 10:00 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-07-31 09:58 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-07-31 09:52 . 2009-08-17 16:20 1235968 ----a-w- c:\windows\system32\drivers\viahduaa.sys
2011-07-31 09:52 . 2009-08-17 14:58 529920 ----a-w- c:\windows\system32\VIASysFx.dll
2011-07-31 09:52 . 2009-08-17 11:18 1011712 ----a-w- c:\windows\system32\VIAPropPageExt.dll
2011-07-31 09:52 . 2009-06-01 07:10 242176 ----a-w- c:\windows\system32\Dts2APO.dll
2011-07-31 09:52 . 2009-03-04 13:42 84992 ----a-w- c:\windows\system32\Dts2PropPageExt.dll
2011-07-31 09:52 . 2009-01-19 18:32 76288 ----a-w- c:\windows\system32\ViaMicArrayPropPageExt.dll
2011-07-31 09:52 . 2009-01-19 18:32 193024 ----a-w- c:\windows\system32\ViaMicArrayAPO.dll
2011-07-31 09:52 . 2007-12-04 08:28 86016 ----a-w- c:\windows\system32\nQPropPageExt.dll
2011-07-31 09:52 . 2007-12-04 08:28 82432 ----a-w- c:\windows\system32\nQAPO.dll
2011-07-31 09:52 . 2011-07-31 09:52 -------- d-----w- c:\program files (x86)\VIA
2011-07-31 09:52 . 2007-04-11 12:35 414632 ------w- c:\windows\difxapi.dll
2011-07-31 09:46 . 2011-07-31 09:46 -------- d-----w- c:\windows\Sun
2011-07-30 22:46 . 2011-07-30 22:46 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-07-30 22:44 . 2011-07-30 22:44 -------- d-----w- c:\programdata\Solidshield
2011-07-30 22:44 . 2011-07-30 22:44 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-07-30 22:44 . 2011-07-30 22:44 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-07-30 22:42 . 2011-03-19 12:16 1417216 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2011-07-30 22:42 . 2010-09-22 10:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
2011-07-30 22:42 . 2011-07-30 22:42 -------- d-----w- c:\program files (x86)\BRS
2011-07-30 22:42 . 2011-07-30 22:42 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-07-30 22:42 . 2011-07-30 22:42 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-07-30 22:42 . 2011-07-30 22:42 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-07-30 22:42 . 2011-07-30 22:42 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-07-30 22:42 . 2011-07-30 22:42 -------- d-----w- c:\program files (x86)\OpenAL
2011-07-30 22:42 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmp9158.tmp
2011-07-30 22:32 . 2011-07-30 22:32 -------- d-----w- c:\program files (x86)\Codemasters
2011-07-30 22:26 . 2011-07-30 22:26 -------- d-----w- c:\program files (x86)\Fifa Master
2011-07-30 22:16 . 2011-07-30 22:16 -------- d-----w- c:\program files (x86)\EA Sports
2011-07-30 22:16 . 2008-10-15 03:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-07-30 22:16 . 2008-10-15 03:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2011-07-30 22:16 . 2008-10-15 03:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-07-30 22:16 . 2008-10-15 03:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2011-07-30 22:16 . 2008-10-15 03:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-07-30 22:16 . 2008-10-15 03:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2011-07-30 22:10 . 2009-02-24 15:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2011-07-30 22:10 . 2009-02-24 15:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2011-07-30 22:10 . 2011-07-30 22:11 -------- d-----w- c:\program files (x86)\MagicDisc
2011-07-30 21:52 . 2011-07-30 21:52 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-07-30 21:46 . 2011-07-30 22:02 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-30 21:46 . 2011-07-30 21:46 -------- d-----w- c:\windows\SysWow64\Macromed
2011-07-30 21:45 . 2011-07-12 18:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-30 21:41 . 2011-07-30 21:41 -------- d-----w- c:\windows\tr
2011-07-30 21:34 . 2011-07-30 21:34 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-07-30 21:13 . 2011-07-30 21:29 -------- d-----w- c:\program files (x86)\Windows Live
2011-07-30 21:13 . 2011-07-30 21:13 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F7AFA92-D4A4-492A-8E9F-C1C264560064}\gapaengine.dll
2011-07-30 21:11 . 2011-07-30 21:11 -------- d-----w- c:\program files\Windows Live
2011-07-30 21:11 . 2011-07-30 21:11 -------- d-----w- c:\windows\PCHEALTH
2011-07-30 21:02 . 2011-07-31 10:30 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-07-30 20:51 . 2011-05-04 01:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-07-30 20:51 . 2011-07-30 21:52 -------- d-----w- c:\program files (x86)\Java
2011-07-30 20:51 . 2011-07-30 20:51 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-07-30 20:50 . 2011-07-30 20:51 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-07-30 20:50 . 2011-07-30 20:51 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-30 20:48 . 2011-07-30 20:48 -------- d-----w- c:\programdata\Malwarebytes
2011-07-30 20:48 . 2011-07-06 16:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-30 20:48 . 2011-07-30 20:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-30 20:48 . 2011-07-06 16:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-30 20:48 . 2011-07-30 20:00 -------- d-----w- c:\windows\Panther
2011-07-30 20:47 . 2011-07-30 20:52 -------- d-----w- c:\program files (x86)\JDownloader
2011-07-30 20:45 . 2011-07-30 20:45 -------- d-----w- c:\programdata\Apple
2011-07-30 20:43 . 2011-07-30 20:43 -------- d-----w- c:\program files\Babylon
2011-07-30 20:43 . 2011-07-30 20:43 -------- d-----w- c:\program files (x86)\Babylon
2011-07-30 20:42 . 2011-08-06 13:36 -------- d-----w- c:\programdata\Babylon
2011-07-30 20:35 . 2011-07-30 20:35 -------- d-----w- c:\programdata\ATI
2011-07-30 20:34 . 2011-07-30 20:34 0 ----a-w- c:\windows\ativpsrm.bin
2011-07-30 20:33 . 2011-07-30 20:33 -------- d-----w- c:\program files (x86)\AMD APP
2011-07-30 20:33 . 2011-07-30 20:33 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-07-30 20:33 . 2011-07-30 20:33 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-07-30 20:33 . 2011-07-30 20:33 -------- d-----w- c:\programdata\AMD
2011-07-30 20:33 . 2010-02-18 06:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2011-07-30 20:33 . 2011-07-30 20:33 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-07-30 20:33 . 2011-07-30 20:33 -------- d-----w- c:\program files\ATI
2011-07-30 20:32 . 2011-07-30 20:33 -------- d-----w- c:\program files\ATI Technologies
2011-07-30 20:32 . 2011-07-30 20:32 -------- d-----w- C:\ATI
2011-07-30 20:26 . 2011-07-20 06:44 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51B32F06-FB4F-45D1-9D8E-FD8C2B35507C}\mpengine.dll
2011-07-30 20:26 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-07-30 20:09 . 2009-04-06 07:24 13368 ----a-r- c:\windows\SysWow64\drivers\AsIO.sys
2011-07-30 20:09 . 2006-01-10 08:50 24576 ----a-r- c:\windows\SysWow64\AsIO.dll
2011-07-30 20:09 . 2008-01-04 10:34 11832 ----a-w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2011-07-30 20:09 . 2008-01-04 10:34 10216 ----a-w- c:\windows\SysWow64\drivers\AsInsHelp32.sys
2011-07-30 20:09 . 2011-07-31 17:23 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-31 15:54 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-31 15:54 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-30 21:11 . 2011-03-28 15:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-27 13:23 . 2011-06-27 13:23 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-06-27 13:23 . 2011-06-27 13:23 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-06-27 13:22 . 2011-06-27 13:22 13904896 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-06-16 00:34 . 2011-06-16 00:34 2971648 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-16 00:34 . 2011-06-16 00:34 105984 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-03 05:57 . 2011-07-31 09:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-13 13:03 . 2011-05-13 13:03 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2011-05-13 12:42 . 2011-05-13 12:42 302448 ----a-w- c:\windows\WLXPGSS.SCR
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 336384]
"Babylon Client"="c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe" [2011-06-20 3302512]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 2252800]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\NiR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-7-31 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-07 365568]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Ağ Denetlemesi;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [x]
S3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\Drivers\usbVM303.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: DhcpNameServer = 62.248.80.162 62.248.80.161
FF - ProfilePath - c:\users\NiR\AppData\Roaming\Mozilla\Firefox\Profiles\zawdfmmd.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-HijackThis - c:\program files\Doctus\HijackThis.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3461625995-2885147556-332480049-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3461625995-2885147556-332480049-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe
.
**************************************************************************
.
Completion time: 2011-08-06 17:18:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-06 14:18
.
Pre-Run: 149.960.269.824 bayt boş
Post-Run: 149.922.918.400 bayt boş
.
- - End Of File - - 92622F2BBED28429FF5A76914B86A87E
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19:03, on 05.08.2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Windows\vmsnap3.exe
C:\Windows\Domino.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Doctus\Doctus.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Windows Live ID Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Local Service')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Local Service')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8490 bytes
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by NiR at 20:26:50 on 2011-08-05
Microsoft Windows 7 Ultimate 6.1.7601.1.1254.90.1055.18.4094.2070 [GMT 3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Windows\vmsnap3.exe
C:\Windows\Domino.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe
C:\Program Files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Windows Live ID Oturum Açma Yardım Aracı: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\NiR\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 62.248.80.162 62.248.80.161
TCP: Interfaces\{9F5E7099-F6B9-4AE7-8F86-B5CF5EA3D61B} : DhcpNameServer = 62.248.80.162 62.248.80.161
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\NiR\AppData\Roaming\Mozilla\Firefox\Profiles\zawdfmmd.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-7 365568]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-30 366640]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Ağ Denetlemesi;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
R3 vvftav303;vvftav303;C:\Windows\system32\drivers\vvftav303.sys --> C:\Windows\system32\drivers\vvftav303.sys [?]
R3 ZSMC0303;A4 TECH PC Camera H;C:\Windows\system32\Drivers\usbVM303.sys --> C:\Windows\system32\Drivers\usbVM303.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-05 16:59:21 -------- d-----w- C:\Users\NiR\AppData\Local\Babylon
2011-08-05 16:59:18 142336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\BabyFox.dll
2011-08-05 16:33:58 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{422165D4-7F63-4ADB-A99B-C88B0D6A2500}\mpengine.dll
2011-08-05 15:56:34 -------- d-----w- C:\Users\NiR\AppData\Local\{8E8C6CA1-8859-43A8-9A63-CAAC8EB4569B}
2011-08-05 15:55:45 -------- d-----w- C:\Users\NiR\AppData\Local\{FD79C22F-45AE-424E-B816-FEF1E077C3A0}
2011-08-05 15:55:32 -------- d-----w- C:\Users\NiR\AppData\Local\{AF52867E-78E0-4E78-A529-67AFF50F72CE}
2011-08-05 15:55:32 -------- d-----w- C:\Users\NiR\AppData\Local\{8DE273F3-B415-401C-B674-FC2CE17ACF39}
2011-07-31 17:23:53 -------- d-----w- C:\Windows\USB Vibration
2011-07-31 17:23:37 634880 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKernel.dll
2011-07-31 17:23:37 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ctor.dll
2011-07-31 17:23:37 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\DotNetInstaller.exe
2011-07-31 17:23:37 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-07-31 17:23:37 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iscript.dll
2011-07-31 17:23:37 151552 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iuser.dll
2011-07-31 17:23:36 270468 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\Setup.dll
2011-07-31 17:23:36 159876 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\IGdi.dll
2011-07-31 17:23:35 -------- d-----w- C:\Program Files (x86)\USB Vibration
2011-07-31 15:48:30 -------- d-----w- C:\Windows\System32\SPReview
2011-07-31 15:47:47 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-31 15:46:13 6144 ----a-w- C:\Windows\System32\drivers\tr-TR\rdvgkmd.sys.mui
2011-07-31 15:46:13 4096 ----a-w- C:\Windows\System32\drivers\tr-TR\tsusbhub.sys.mui
2011-07-31 15:46:13 3584 ----a-w- C:\Windows\System32\drivers\tr-TR\tsusbflt.sys.mui
2011-07-31 15:46:13 2560 ----a-w- C:\Windows\System32\drivers\tr-TR\rdpwd.sys.mui
2011-07-31 15:46:09 2560 ----a-w- C:\Windows\System32\drivers\tr-TR\vwifibus.sys.mui
2011-07-31 15:46:08 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2011-07-31 15:46:08 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-07-31 15:46:02 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-07-31 15:44:59 98304 ----a-w- C:\Program Files\Common Files\System\msadc\msadcs.dll
2011-07-31 15:43:59 47104 ----a-w- C:\Windows\System32\wshbth.dll
2011-07-31 15:42:00 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-07-31 14:58:25 -------- d-----w- C:\Windows\SysWow64\Wat
2011-07-31 14:58:25 -------- d-----w- C:\Windows\System32\Wat
2011-07-31 10:06:55 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-07-31 10:05:42 -------- d-----w- C:\Users\NiR\AppData\Roaming\Windows Live Writer
2011-07-31 10:05:42 -------- d-----w- C:\Users\NiR\AppData\Local\Windows Live Writer
2011-07-31 10:05:24 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-07-31 10:05:24 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-07-31 10:05:23 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-07-31 10:05:23 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-07-31 10:01:45 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-07-31 10:01:45 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-07-31 10:01:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-07-31 10:01:45 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-07-31 10:01:45 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-07-31 10:01:45 100864 ----a-w- C:\Windows\System32\fontsub.dll
2011-07-31 10:01:41 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-07-31 10:01:07 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-07-31 10:01:06 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-07-31 10:01:06 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-07-31 10:00:37 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-07-31 10:00:37 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-07-31 10:00:37 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-07-31 10:00:37 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-07-31 10:00:33 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-07-31 10:00:33 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-07-31 10:00:33 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-07-31 09:58:59 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-07-31 09:52:41 86016 ----a-w- C:\Windows\System32\nQPropPageExt.dll
2011-07-31 09:52:41 84992 ----a-w- C:\Windows\System32\Dts2PropPageExt.dll
2011-07-31 09:52:41 82432 ----a-w- C:\Windows\System32\nQAPO.dll
2011-07-31 09:52:41 76288 ----a-w- C:\Windows\System32\ViaMicArrayPropPageExt.dll
2011-07-31 09:52:41 529920 ----a-w- C:\Windows\System32\VIASysFx.dll
2011-07-31 09:52:41 242176 ----a-w- C:\Windows\System32\Dts2APO.dll
2011-07-31 09:52:41 193024 ----a-w- C:\Windows\System32\ViaMicArrayAPO.dll
2011-07-31 09:52:41 1235968 ----a-w- C:\Windows\System32\drivers\viahduaa.sys
2011-07-31 09:52:41 1011712 ----a-w- C:\Windows\System32\VIAPropPageExt.dll
2011-07-31 09:52:23 414632 ------w- C:\Windows\difxapi.dll
2011-07-31 09:52:23 -------- d-----w- C:\Program Files (x86)\VIA
2011-07-31 09:50:46 -------- d-----w- C:\Users\NiR\AppData\Local\{699701D4-8FCD-4917-99B3-FBC5A2B5DCFB}
2011-07-30 22:44:52 -------- d-----w- C:\ProgramData\Solidshield
2011-07-30 22:44:26 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-07-30 22:44:21 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-07-30 22:42:38 19087360 ----a-w- C:\Windows\SysWow64\mkl_blueripple.dll
2011-07-30 22:42:38 1417216 ----a-w- C:\Windows\SysWow64\rapture3d_oal.dll
2011-07-30 22:42:37 809496 ----a-r- C:\Windows\SysWow64\tmp9158.tmp
2011-07-30 22:42:37 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-07-30 22:42:37 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-07-30 22:42:37 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-07-30 22:42:37 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-07-30 22:42:37 -------- d-----w- C:\Program Files (x86)\OpenAL
2011-07-30 22:42:37 -------- d-----w- C:\Program Files (x86)\BRS
2011-07-30 22:32:39 -------- d-----w- C:\Program Files (x86)\Codemasters
2011-07-30 22:26:54 -------- d-----w- C:\Program Files (x86)\Fifa Master
2011-07-30 22:16:26 -------- d-----w- C:\Program Files (x86)\EA Sports
2011-07-30 22:16:22 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2011-07-30 22:16:22 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2011-07-30 22:16:22 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2011-07-30 22:16:22 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2011-07-30 22:16:21 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2011-07-30 22:16:21 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2011-07-30 22:10:52 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
2011-07-30 22:10:52 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2011-07-30 22:10:51 -------- d-----w- C:\Program Files (x86)\MagicDisc
2011-07-30 21:50:17 -------- d-----w- C:\Users\NiR\AppData\Local\{E286C0A1-A40B-4C5C-9F53-9314CF730A8E}
2011-07-30 21:50:03 -------- d-----w- C:\Users\NiR\Tracing
2011-07-30 21:46:25 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-30 21:45:04 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-30 21:41:08 -------- d-----w- C:\Windows\tr
2011-07-30 21:34:57 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-07-30 21:13:36 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6F7AFA92-D4A4-492A-8E9F-C1C264560064}\gapaengine.dll
2011-07-30 21:11:39 -------- d-----w- C:\Windows\PCHEALTH
2011-07-30 21:07:01 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9fe603d51cc4efc05\DSETUP.dll
2011-07-30 21:07:01 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9fe603d51cc4efc05\DXSETUP.exe
2011-07-30 21:07:01 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9fe603d51cc4efc05\dsetup32.dll
2011-07-30 21:06:01 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7c01c43b1cc4efc04\DSETUP.dll
2011-07-30 21:06:01 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7c01c43b1cc4efc04\DXSETUP.exe
2011-07-30 21:06:01 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7c01c43b1cc4efc04\dsetup32.dll
2011-07-30 21:02:47 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\86b52661cc4efc03\Silverlight.4.0.exe
2011-07-30 20:51:58 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-07-30 20:51:14 -------- d-----w- C:\Users\NiR\AppData\Local\Windows Live
2011-07-30 20:51:13 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-07-30 20:50:54 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-07-30 20:50:36 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-07-30 20:49:15 -------- d-----w- C:\Users\NiR\AppData\Roaming\Malwarebytes
2011-07-30 20:48:19 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-30 20:48:19 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-30 20:48:16 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-30 20:48:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-30 20:48:01 -------- d-----w- C:\Windows\Panther
2011-07-30 20:47:31 -------- d-----w- C:\Program Files (x86)\JDownloader
2011-07-30 20:45:16 -------- d-----w- C:\Windows\SysWow64\directx
2011-07-30 20:43:10 -------- d-----w- C:\Program Files\Babylon
2011-07-30 20:43:10 -------- d-----w- C:\Program Files (x86)\Babylon
2011-07-30 20:42:38 -------- d-----w- C:\Users\NiR\AppData\Roaming\Babylon
2011-07-30 20:42:38 -------- d-----w- C:\ProgramData\Babylon
2011-07-30 20:35:16 -------- d-----w- C:\Users\NiR\AppData\Local\AMD
2011-07-30 20:35:06 -------- d-----w- C:\Users\NiR\AppData\Local\ATI
2011-07-30 20:34:43 0 ----a-w- C:\Windows\ativpsrm.bin
2011-07-30 20:33:54 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-07-30 20:33:51 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-07-30 20:33:51 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-07-30 20:33:42 -------- d-----w- C:\ProgramData\AMD
2011-07-30 20:33:41 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2011-07-30 20:33:26 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-07-30 20:33:23 -------- d-----w- C:\Program Files\ATI
2011-07-30 20:32:50 -------- d-----w- C:\Program Files\ATI Technologies
2011-07-30 20:32:23 -------- d-----w- C:\ATI
2011-07-30 20:26:47 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{51B32F06-FB4F-45D1-9D8E-FD8C2B35507C}\mpengine.dll
2011-07-30 20:26:46 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-07-30 20:09:20 24576 ----a-r- C:\Windows\SysWow64\AsIO.dll
2011-07-30 20:09:20 13368 ----a-r- C:\Windows\SysWow64\drivers\AsIO.sys
2011-07-30 20:09:18 11832 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2011-07-30 20:09:18 10216 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
2011-07-30 20:09:17 -------- d-----w- C:\Program Files (x86)\ASUS
2011-07-30 20:08:44 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-07-30 20:08:44 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-07-30 20:08:44 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-07-30 20:08:44 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-07-30 20:07:53 -------- d-sh--w- C:\Windows\Installer
2011-07-30 20:07:39 -------- d-----w- C:\Users\NiR\AppData\Local\Downloaded Installations
2011-07-12 08:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 08:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 08:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-07-12 08:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-07-12 08:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 08:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-12 08:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-07-12 08:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-07-08 04:15:50 9884672 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-07-08 03:54:26 23385600 ----a-w- C:\Windows\System32\atio6axx.dll
2011-07-08 03:33:28 17940992 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-07-08 03:29:54 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-07-08 03:29:44 689152 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-07-08 03:28:26 814592 ----a-w- C:\Windows\System32\aticfx64.dll
2011-07-08 03:25:48 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-07-08 03:25:38 485376 ----a-w- C:\Windows\System32\atieclxx.exe
2011-07-08 03:25:02 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-07-08 03:23:48 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-07-08 03:23:32 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-07-08 03:23:26 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-07-08 03:23:14 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-07-08 03:23:08 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-07-08 03:23:04 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-07-08 03:22:58 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-07-08 03:19:50 4275712 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-07-08 03:10:38 5072896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-07-08 03:06:10 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-07-08 03:05:46 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-07-08 03:05:34 3848704 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-07-08 03:02:08 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-07-08 03:02:06 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-07-08 03:01:58 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-07-08 03:01:58 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-07-08 03:01:46 8134656 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-07-08 03:00:34 4367360 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-07-08 02:58:52 6740480 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-07-08 02:55:56 4039680 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-07-08 02:54:30 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-07-08 02:54:22 5540864 ----a-w- C:\Windows\System32\atiumd64.dll
2011-07-08 02:47:42 375808 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-07-08 02:47:34 266240 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-07-08 02:47:24 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-07-08 02:47:20 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-07-08 02:47:20 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-07-08 02:47:18 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-07-08 02:47:10 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-07-08 02:47:04 307712 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-07-08 02:46:20 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-07-08 02:46:14 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-07-08 02:46:06 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-07-08 02:45:58 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-07-08 02:45:10 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-07-08 02:41:02 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-07-08 02:41:02 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-07-08 02:40:48 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-07-08 02:40:48 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-07-07 20:37:30 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-07-07 20:37:10 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-07-07 20:36:58 16907776 ----a-w- C:\Windows\System32\amdocl64.dll
.
==================== Find3M ====================
.
2011-07-31 15:54:20 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-31 15:54:20 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-27 13:23:20 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-06-27 13:23:02 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-06-27 13:22:40 13904896 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-06-16 00:34:06 2971648 ----a-w- C:\Windows\System32\SlotMaximizerBe.dll
2011-06-16 00:34:06 105984 ----a-w- C:\Windows\System32\SlotMaximizerAg.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-13 13:03:34 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2011-05-13 12:42:24 302448 ----a-w- C:\Windows\WLXPGSS.SCR
.
============= FINISH: 20:27:05,34 ===============