PDA

View Full Version : Another Virtumonde Nightmare


Raven007
2008-05-22, 18:35
I tried to erase it(and the .dll one) with Spybot but it appeared again(either the .dll or normal one).Here is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:09, on 22.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
G:\Program Files\Bonjour\mDNSResponder.exe
G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
G:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
G:\WINDOWS\VM301Snap.exe
G:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
G:\Program Files\Microsoft IntelliType Pro\itype.exe
G:\WINDOWS\Domino.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\IoctlSvc.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\WINDOWS\system32\PnkBstrA.exe
G:\WINDOWS\RTHDCPL.EXE
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\DAEMON Tools\daemon.exe
G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\rundll32.exe
G:\WINDOWS\system32\rundll32.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - G:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BigDogPath] G:\WINDOWS\VM301Snap.exe Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "g:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Domino] G:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [NBKeyScan] "G:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "G:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "G:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BM903eecc2] Rundll32.exe "G:\WINDOWS\system32\unryrrhh.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "G:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "G:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools] "G:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - G:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - G:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://G:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: İnternet virüs koruması istatistiklerini görüntüleyin - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - G:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: G:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - G:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - G:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - G:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - G:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - G:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - G:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - G:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
Rorschach112
2008-05-22, 18:39
Hello

Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.






Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
Raven007
2008-05-22, 19:37
ComboFix 08-05-21.2 - Oğuz 2008-05-22 19:17:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1254.1.1055.18.1346 [GMT 3:00]
Running from: G:\Documents and Settings\Oğuz\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\WINDOWS\BM903eecc2.xml
G:\WINDOWS\cookies.ini
G:\WINDOWS\pskt.ini
G:\WINDOWS\system32\alnqgtmm.exe
G:\WINDOWS\system32\awtUmMdE.dll
G:\WINDOWS\system32\awtuutSJ.dll
G:\WINDOWS\system32\bHPoonpo.ini
G:\WINDOWS\system32\bHPoonpo.ini2
G:\WINDOWS\system32\bxfbfkik.dll
G:\WINDOWS\system32\byXQJDwV.dll
G:\WINDOWS\system32\ckyxaldg.ini
G:\WINDOWS\system32\cmbhqtgs.exe
G:\WINDOWS\system32\dghhffkf.exe
G:\WINDOWS\system32\EdMmUtwa.ini
G:\WINDOWS\system32\EdMmUtwa.ini2
G:\WINDOWS\system32\fooxgoca.ini
G:\WINDOWS\system32\fvatrhxf.ini
G:\WINDOWS\system32\gluysves.ini
G:\WINDOWS\system32\hgenfaxj.exe
G:\WINDOWS\system32\hvvtwjyd.dll
G:\WINDOWS\system32\jkkICTlM.dll
G:\WINDOWS\system32\kngehyxp.ini
G:\WINDOWS\system32\liabkgne.ini
G:\WINDOWS\system32\lxqbqnvf.dll
G:\WINDOWS\system32\nnnlmnlI.dll
G:\WINDOWS\system32\npcqmknc.ini
G:\WINDOWS\system32\obrryylj.exe
G:\WINDOWS\system32\orAbdccf.ini
G:\WINDOWS\system32\orAbdccf.ini2
G:\WINDOWS\system32\pofdaeps.exe
G:\WINDOWS\system32\rqRHaYss.dll
G:\WINDOWS\system32\svfcqbqv.ini
G:\WINDOWS\system32\tridwktd.ini
G:\WINDOWS\system32\ucphdpnt.dll
G:\WINDOWS\system32\uxIllnmp.ini
G:\WINDOWS\system32\uxIllnmp.ini2
G:\WINDOWS\system32\vulaikkc.ini
G:\WINDOWS\system32\xxyvSjJB.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.

2008-05-22 18:16 . 2008-05-22 18:17 <DIR> d-------- G:\Program Files\Trend Micro
2008-05-22 18:06 . 2008-05-22 18:06 114,176 --a------ G:\WINDOWS\system32\gdlaxykc.dll
2008-05-22 18:01 . 2008-05-22 18:01 126,976 --a------ G:\WINDOWS\system32\unryrrhh.dll
2008-05-22 15:07 . 2008-05-22 15:07 126,976 --a------ G:\WINDOWS\system32\bhuwfmfi.dll
2008-05-22 15:07 . 2008-05-22 15:07 114,176 --a------ G:\WINDOWS\system32\cnkmqcpn.dll
2008-05-21 09:19 . 2008-05-21 09:19 <DIR> d-------- G:\WINDOWS\nvidia icons
2008-05-21 08:40 . 2008-05-21 08:40 126,976 --a------ G:\WINDOWS\system32\xhqspdap.dll
2008-05-21 07:23 . 2008-05-21 07:23 126,976 --a------ G:\WINDOWS\system32\onivrtut.dll
2008-05-20 22:37 . 2008-05-20 22:37 126,976 --a------ G:\WINDOWS\system32\hpwtcocp.dll
2008-05-20 12:16 . 2008-05-22 17:26 327 --a------ G:\WINDOWS\wininit.ini
2008-05-20 12:02 . 2008-05-20 12:02 <DIR> d-------- G:\Program Files\Spybot - Search & Destroy
2008-05-20 12:02 . 2008-05-20 12:16 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-20 10:07 . 2008-05-20 10:07 <DIR> d-------- G:\Program Files\Windows Sidebar
2008-05-20 10:06 . 2008-05-20 10:40 <DIR> d-------- G:\Program Files\Norton Internet Security
2008-05-20 10:04 . 2008-05-20 10:25 123,952 --a------ G:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-20 10:04 . 2008-05-20 10:25 60,800 --a------ G:\WINDOWS\system32\S32EVNT1.DLL
2008-05-20 10:04 . 2008-05-20 10:25 10,740 --a------ G:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-20 10:04 . 2008-05-20 10:25 805 --a------ G:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-20 10:03 . 2008-05-20 10:25 <DIR> d-------- G:\Program Files\Symantec
2008-05-16 17:28 . 2008-05-16 17:28 <DIR> d-------- G:\Program Files\Lavasoft
2008-05-16 17:28 . 2008-05-16 17:29 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-15 15:58 . 2008-05-15 15:58 <DIR> d-------- G:\Program Files\LucasArts
2008-05-14 21:16 . 2008-05-22 19:21 <DIR> d-------- G:\Program Files\Common Files\Symantec Shared
2008-05-07 20:31 . 2008-05-07 20:32 <DIR> d-------- G:\Program Files\Ares
2008-05-07 20:24 . 2007-11-22 17:00 483,328 --a------ G:\WINDOWS\system32\actskn45.ocx
2008-05-07 16:14 . 2008-05-07 16:14 <DIR> d-------- G:\Program Files\Foxit Software
2008-05-04 13:27 . 2008-05-04 13:27 <DIR> d-------- G:\Program Files\GALA-NET
2008-05-03 23:57 . 2008-05-18 20:26 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-03 23:53 . 2008-05-03 23:55 <DIR> d-------- G:\Program Files\TmNationsForever
2008-05-02 15:24 . 2008-05-02 15:24 2,128 --a------ G:\Documents and Settings\O
2008-04-30 03:58 . 2008-04-30 03:58 41,296 --a------ G:\WINDOWS\system32\xfcodec.dll
2008-04-22 22:07 . 2008-04-22 22:07 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Ubisoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 16:21 --------- d-----w G:\Program Files\FlashGet
2008-05-22 15:11 --------- d-----w G:\Documents and Settings\All Users\Application Data\Symantec
2008-05-20 06:27 22,328 ----a-w G:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-18 13:11 --------- d-----w G:\Program Files\Ubisoft
2008-05-18 12:50 --------- d-----w G:\Program Files\The Witcher
2008-05-16 14:28 --------- d-----w G:\Program Files\Common Files\Wise Installation Wizard
2008-05-15 12:58 --------- d--h--w G:\Program Files\InstallShield Installation Information
2008-05-14 19:11 --------- d-----w G:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-12 15:48 --------- d-----w G:\Program Files\EA GAMES
2008-05-12 15:42 --------- d-----w G:\Program Files\Bluehell Productions
2008-05-12 15:41 --------- d-----w G:\Program Files\Atari
2008-05-12 15:41 --------- d-----w G:\Program Files\Activision
2008-05-11 08:50 --------- d-----w G:\Program Files\Sony
2008-05-06 17:02 --------- d-----w G:\Program Files\Common Files\Adobe
2008-05-03 19:00 --------- d-s---w G:\Program Files\Xfire
2008-05-02 19:46 6,554,496 ----a-w G:\WINDOWS\system32\drivers\nv4_mini.sys
2008-04-20 18:10 --------- d-----w G:\Program Files\THQ
2008-04-16 14:03 48,928 ----a-w G:\WINDOWS\system32\drivers\Tetris.sys
2008-04-16 14:01 162,432 ----a-w G:\WINDOWS\system32\drivers\ithsgt.sys
2008-04-16 14:01 12,032 ----a-w G:\WINDOWS\system32\drivers\lilsgt.sys
2008-04-15 16:37 --------- d-----w G:\Program Files\NuGardt Software
2008-04-13 15:56 --------- d-----w G:\Program Files\Microsoft Visual Studio 9.0
2008-04-13 15:55 --------- d-----w G:\Program Files\Common Files\Merge Modules
2008-04-13 15:52 --------- d-----w G:\Program Files\Microsoft SDKs
2008-04-13 15:51 --------- d-----w G:\Program Files\Reference Assemblies
2008-04-13 15:51 --------- d-----w G:\Program Files\MSBuild
2008-04-13 15:50 --------- d-----w G:\Program Files\MSXML 6.0
2008-04-13 07:42 --------- d-----w G:\Program Files\Common Files\BitDefender
2008-04-13 07:42 --------- d-----w G:\Program Files\BitDefender
2008-04-13 07:28 2,612 --sha-w G:\WINDOWS\system32\drivers\fidbox.idx
2008-04-13 07:28 131,104 --sha-w G:\WINDOWS\system32\drivers\fidbox.dat
2008-04-13 07:28 1,824 --sha-w G:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-13 07:28 1,244 --sha-w G:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-13 07:14 --------- d-----w G:\Program Files\Kaspersky Lab
2008-04-13 05:43 --------- d-----w G:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-08 19:25 --------- d-----w G:\Program Files\Parallel Port Joystick
2008-04-06 19:29 --------- d-----w G:\Program Files\BestGameEver
2008-04-05 07:57 --------- d-----w G:\Program Files\iTunes
2008-04-05 07:57 --------- d-----w G:\Program Files\iPod
2008-04-05 07:56 --------- d-----w G:\Program Files\QuickTime
2008-04-04 12:07 --------- d-----w G:\Program Files\Java
2008-04-02 08:44 91,700 ----a-w G:\WINDOWS\system32\drivers\klin.dat
2008-04-02 08:44 85,860 ----a-w G:\WINDOWS\system32\drivers\klick.dat
2008-04-02 07:52 --------- d-----w G:\Program Files\Simka Çeviri
2008-04-02 06:37 --------- d-----w G:\Program Files\Vtune
2008-04-01 06:13 --------- d-----w G:\Program Files\Opera
2008-03-31 16:55 --------- d-----w G:\Program Files\Real Alternative
2008-03-31 16:47 --------- d-----w G:\Program Files\VideoLAN
2008-03-31 12:14 --------- d--h--w G:\Program Files\Zero G Registry
2008-03-30 15:57 --------- d-----w G:\Program Files\K-Lite Codec Pack
2008-03-28 19:01 --------- d-----w G:\Program Files\Album Cover Fider
2008-03-28 18:48 --------- d-----w G:\Program Files\Red Kawa
2008-03-28 18:48 --------- d-----w G:\Program Files\AviSynth 2.5
2008-03-27 12:06 --------- d-----w G:\Program Files\Mozilla Firefox 3 Beta 2
2008-03-27 11:40 --------- d-----w G:\Program Files\Bonjour
2008-03-27 11:40 --------- d-----w G:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-27 11:39 --------- d-----w G:\Program Files\Common Files\Apple
2008-03-27 11:39 --------- d-----w G:\Program Files\Apple Software Update
2008-03-27 11:39 --------- d-----w G:\Documents and Settings\All Users\Application Data\Apple
2008-03-26 19:05 --------- d-----w G:\Program Files\Winamp
2008-03-26 15:37 4,713,472 ----a-w G:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-03-26 13:14 16,859,136 ----a-w G:\WINDOWS\RTHDCPL.exe
2008-03-25 05:59 --------- d-----w G:\Program Files\Windows Media Connect 2
2008-03-05 15:07 520,192 ----a-w G:\WINDOWS\RtlExUpd.dll
2008-02-28 15:38 972,072 ----a-w G:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 14:14 972,072 ----a-w G:\WINDOWS\UNRecode.exe
2006-05-03 10:06 163,328 --sha-r G:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sha-r G:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sha-w G:\WINDOWS\system32\Smab0.dll
2008-02-04 19:26 151,040 --sha-w G:\WINDOWS\system32\VistaUltm.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-08_20.06.10,75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-08 16:38:30 2,048 --s-a-w G:\WINDOWS\bootstat.dat
+ 2008-05-22 16:24:45 2,048 --s-a-w G:\WINDOWS\bootstat.dat
+ 2005-10-20 17:02:28 163,328 ----a-w G:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-08-28 21:38:10 500,648 ----a-r G:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\MORPH9.DLL
+ 2007-08-28 21:38:46 9,584,512 ----a-r G:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\MSPUB.EXE
+ 2007-08-24 01:43:28 138,648 ----a-r G:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\PRTF9.DLL
+ 2007-08-28 21:39:14 625,560 ----a-r G:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\PTXT9.DLL
+ 2007-08-24 01:43:36 593,296 ----a-r G:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\PUBCONV.DLL
+ 2007-08-28 21:16:00 350,064 ----a-r G:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-09-06 16:03:02 4,280,176 ----a-r G:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\WRD12CNV.DLL
+ 2007-08-28 22:07:58 24,928 ----a-r G:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\WRD12EXE.EXE
+ 2007-09-06 15:56:32 17,490,800 ----a-r G:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\WWLIB.DLL
+ 2007-08-23 20:35:30 243,064 ----a-r G:\WINDOWS\Installer\$PatchCache$\Managed\FF26F08EC3D591A4489079122F292860\3.4.0\AluSchedulerSvc.exe
- 2008-04-09 04:17:13 1,165,584 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-05-14 19:11:39 1,165,584 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-04-09 04:17:13 20,240 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-05-14 19:11:40 20,240 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-09 04:17:13 159,504 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-05-14 19:11:39 159,504 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-04-09 04:17:13 184,080 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-05-14 19:11:40 184,080 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-04-09 04:17:13 217,864 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-14 19:11:40 217,864 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-09 04:17:13 18,704 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-14 19:11:40 18,704 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-09 04:17:14 35,088 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-14 19:11:40 35,088 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-04-09 04:17:13 845,584 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-05-14 19:11:40 845,584 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-04-09 04:17:13 922,384 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-14 19:11:40 922,384 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-04-09 04:17:13 272,648 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-05-14 19:11:40 272,648 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-04-09 04:17:13 888,080 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-05-14 19:11:40 888,080 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-04-09 04:17:13 1,172,240 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-14 19:11:39 1,172,240 ----a-r G:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-16 14:29:00 1,038,336 ----a-r G:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-05-16 14:29:00 178,688 ----a-r G:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-05-16 14:29:00 171,008 ----a-r G:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-05-16 14:29:00 8,704 ----a-r G:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2008-05-20 07:04:05 7,406 ----a-r G:\WINDOWS\Installer\{E80F62FF-5D3C-4A19-8409-9721F2928206}\IconE80F62FF.exe
- 2007-09-12 16:27:24 511,328 ----a-w G:\WINDOWS\system32\capicom.dll
+ 2007-04-11 18:11:20 511,328 ----a-w G:\WINDOWS\system32\capicom.dll
- 2004-08-04 05:00:00 561,179 -c--a-w G:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w G:\WINDOWS\system32\dllcache\dao360.dll
- 2004-08-04 05:00:00 512,029 -c--a-w G:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w G:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-08-04 05:00:00 319,517 -c--a-w G:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w G:\WINDOWS\system32\dllcache\msexcl40.dll
- 2004-08-04 05:00:00 1,507,356 -c--a-w G:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w G:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-08-04 05:00:00 358,976 -c--a-w G:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w G:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-08-04 05:00:00 151,824 -c--a-w G:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-25 04:52:42 158,496 -c--a-w G:\WINDOWS\system32\dllcache\msjint40.dll
- 2004-08-04 05:00:00 53,279 -c--a-w G:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w G:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-08-04 05:00:00 241,693 -c--a-w G:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w G:\WINDOWS\system32\dllcache\msjtes40.dll
- 2004-08-04 05:00:00 213,023 -c--a-w G:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w G:\WINDOWS\system32\dllcache\msltus40.dll
- 2004-08-04 05:00:00 348,189 -c--a-w G:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w G:\WINDOWS\system32\dllcache\mspbde40.dll
- 2004-08-04 05:00:00 421,919 -c--a-w G:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w G:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2004-08-04 05:00:00 315,423 -c--a-w G:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w G:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2004-08-04 05:00:00 552,989 -c--a-w G:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w G:\WINDOWS\system32\dllcache\msrepl40.dll
- 2004-08-04 05:00:00 258,077 -c--a-w G:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w G:\WINDOWS\system32\dllcache\mstext40.dll
- 2004-08-04 05:00:00 831,519 -c--a-w G:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w G:\WINDOWS\system32\dllcache\mswdat10.dll
- 2004-08-04 05:00:00 614,672 -c--a-w G:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:52:42 621,344 -c--a-w G:\WINDOWS\system32\dllcache\mswstr10.dll
- 2004-08-04 05:00:00 348,189 -c--a-w G:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w G:\WINDOWS\system32\dllcache\msxbde40.dll
- 2008-01-08 22:53:00 7,434,336 -c--a-w G:\WINDOWS\system32\dllcache\nv4_mini.sys
+ 2008-05-02 19:46:00 6,554,496 -c--a-w G:\WINDOWS\system32\dllcache\nv4_mini.sys
+ 2004-08-04 05:00:00 23,040 ----a-w G:\WINDOWS\system32\dmserveresl.dll
+ 2007-07-11 11:37:26 6,272 ----a-w G:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 10:58:08 8,320 ----a-w G:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-08 23:39:56 36,056 ----a-w G:\WINDOWS\system32\drivers\CO_Mon.sys
+ 2008-03-06 18:32:09 23,904 ----a-w G:\WINDOWS\system32\drivers\COH_Mon.sys
+ 2007-08-07 10:56:58 9,344 ----a-w G:\WINDOWS\system32\drivers\NSDriver.sys
+ 2007-11-30 20:57:12 279,088 ----a-w G:\WINDOWS\system32\drivers\srtsp.sys
+ 2007-11-30 20:57:12 317,616 ----a-w G:\WINDOWS\system32\drivers\srtspl.sys
+ 2007-11-30 20:57:12 43,696 ----a-w G:\WINDOWS\system32\drivers\srtspx.sys
+ 2007-08-13 20:50:34 13,616 ----a-w G:\WINDOWS\system32\drivers\symdns.sys
+ 2007-08-13 20:50:34 96,432 ----a-w G:\WINDOWS\system32\drivers\symfw.sys
+ 2007-08-13 20:50:34 38,576 ----a-w G:\WINDOWS\system32\drivers\symids.sys
+ 2007-08-10 00:27:53 31,280 ----a-w G:\WINDOWS\system32\drivers\SymIM.sys
+ 2007-08-13 20:50:34 37,424 ----a-w G:\WINDOWS\system32\drivers\symndis.sys
+ 2007-08-13 20:50:34 41,008 ----a-w G:\WINDOWS\system32\drivers\symndisv.sys
+ 2007-08-13 20:50:34 22,320 ----a-w G:\WINDOWS\system32\drivers\symredrv.sys
+ 2007-08-13 20:50:34 188,464 ----a-w G:\WINDOWS\system32\drivers\symtdi.sys
- 2008-01-08 22:53:00 425,984 ----a-w G:\WINDOWS\system32\keystone.exe
+ 2008-05-02 19:46:00 425,984 ----a-w G:\WINDOWS\system32\keystone.exe
+ 2007-12-14 09:32:52 12,632 ----a-w G:\WINDOWS\system32\lsdelete.exe
- 2004-08-04 05:00:00 512,029 ----a-w G:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w G:\WINDOWS\system32\msexch40.dll
- 2004-08-04 05:00:00 319,517 ----a-w G:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w G:\WINDOWS\system32\msexcl40.dll
- 2004-08-04 05:00:00 1,507,356 ----a-w G:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w G:\WINDOWS\system32\msjet40.dll
- 2004-08-04 05:00:00 358,976 ----a-w G:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w G:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-04 05:00:00 151,824 ----a-w G:\WINDOWS\system32\msjint40.dll
+ 2008-03-25 04:52:42 158,496 ----a-w G:\WINDOWS\system32\msjint40.dll
- 2004-08-04 05:00:00 53,279 ----a-w G:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w G:\WINDOWS\system32\msjter40.dll
- 2004-08-04 05:00:00 241,693 ----a-w G:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w G:\WINDOWS\system32\msjtes40.dll
- 2004-08-04 05:00:00 213,023 ----a-w G:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w G:\WINDOWS\system32\msltus40.dll
- 2004-08-04 05:00:00 348,189 ----a-w G:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w G:\WINDOWS\system32\mspbde40.dll
+ 2007-03-08 15:37:48 59,904 ----a-w G:\WINDOWS\system32\mspdtc.dll
- 2004-08-04 05:00:00 421,919 ----a-w G:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w G:\WINDOWS\system32\msrd2x40.dll
- 2004-08-04 05:00:00 315,423 ----a-w G:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w G:\WINDOWS\system32\msrd3x40.dll
- 2004-08-04 05:00:00 552,989 ----a-w G:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w G:\WINDOWS\system32\msrepl40.dll
+ 2007-03-08 15:37:48 20,480 ----a-w G:\WINDOWS\system32\mssockdz.dll
- 2004-08-04 05:00:00 258,077 ----a-w G:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w G:\WINDOWS\system32\mstext40.dll
- 2004-08-04 05:00:00 831,519 ----a-w G:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w G:\WINDOWS\system32\mswdat10.dll
- 2004-08-04 05:00:00 614,672 ----a-w G:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:52:42 621,344 ----a-w G:\WINDOWS\system32\mswstr10.dll
- 2004-08-04 05:00:00 348,189 ----a-w G:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w G:\WINDOWS\system32\msxbde40.dll
- 2008-01-08 22:53:00 5,775,104 ----a-w G:\WINDOWS\system32\nv4_disp.dll
+ 2008-05-02 19:46:00 6,108,160 ----a-w G:\WINDOWS\system32\nv4_disp.dll
- 2008-01-08 22:53:00 385,024 ----a-w G:\WINDOWS\system32\nvapi.dll
+ 2008-05-02 19:46:00 425,984 ----a-w G:\WINDOWS\system32\nvapi.dll
- 2008-01-08 22:53:00 442,368 ----a-w G:\WINDOWS\system32\nvappbar.exe
+ 2008-05-02 19:46:00 442,368 ----a-w G:\WINDOWS\system32\nvappbar.exe
- 2008-01-08 22:53:00 35,328 ----a-w G:\WINDOWS\system32\nvcod.dll
+ 2008-05-02 19:46:00 41,984 ----a-w G:\WINDOWS\system32\nvcod.dll
- 2008-01-08 22:53:00 35,328 ----a-w G:\WINDOWS\system32\nvcodins.dll
+ 2008-05-02 19:46:00 41,984 ----a-w G:\WINDOWS\system32\nvcodins.dll
- 2008-01-08 22:53:00 147,456 ----a-w G:\WINDOWS\system32\nvcolor.exe
+ 2008-05-02 19:46:00 147,456 ----a-w G:\WINDOWS\system32\nvcolor.exe
- 2008-01-08 22:53:00 8,523,776 ----a-w G:\WINDOWS\system32\nvcpl.dll
+ 2008-05-02 19:46:00 13,529,088 ----a-w G:\WINDOWS\system32\nvcpl.dll
- 2008-01-08 22:53:00 760,352 ----a-w G:\WINDOWS\system32\nvcplui.exe
+ 2008-05-02 19:46:00 768,544 ----a-w G:\WINDOWS\system32\nvcplui.exe
- 2008-01-08 22:53:00 1,089,536 ----a-w G:\WINDOWS\system32\nvcuda.dll
+ 2008-05-02 19:46:00 1,241,088 ----a-w G:\WINDOWS\system32\nvcuda.dll
- 2008-01-08 22:53:00 6,553,600 ----a-w G:\WINDOWS\system32\nvdisps.dll
+ 2008-05-02 19:46:00 6,582,272 ----a-w G:\WINDOWS\system32\nvdisps.dll
- 2008-01-08 22:53:00 1,339,392 ----a-w G:\WINDOWS\system32\nvdspsch.exe
+ 2008-05-02 19:46:00 1,339,392 ----a-w G:\WINDOWS\system32\nvdspsch.exe
- 2008-01-08 22:53:00 313,888 ----a-w G:\WINDOWS\system32\nvexpbar.dll
+ 2008-05-02 19:46:00 313,888 ----a-w G:\WINDOWS\system32\nvexpbar.dll
- 2008-01-08 22:53:00 3,420,160 ----a-w G:\WINDOWS\system32\nvgames.dll
+ 2008-05-02 19:46:00 3,391,488 ----a-w G:\WINDOWS\system32\nvgames.dll
- 2008-01-08 22:53:00 1,482,752 ----a-w G:\WINDOWS\system32\nview.dll
+ 2008-05-02 19:46:00 1,486,848 ----a-w G:\WINDOWS\system32\nview.dll
- 2008-01-08 22:53:00 229,376 ----a-w G:\WINDOWS\system32\nvmccs.dll
+ 2008-05-02 19:46:00 229,376 ----a-w G:\WINDOWS\system32\nvmccs.dll
- 2008-01-08 22:53:00 45,056 ----a-w G:\WINDOWS\system32\nvmccsrs.dll
+ 2008-05-02 19:46:00 45,056 ----a-w G:\WINDOWS\system32\nvmccsrs.dll
- 2008-01-08 22:53:00 188,416 ----a-w G:\WINDOWS\system32\nvmccss.dll
+ 2008-05-02 19:46:00 188,416 ----a-w G:\WINDOWS\system32\nvmccss.dll
- 2008-01-08 22:53:00 81,920 ----a-w G:\WINDOWS\system32\nvmctray.dll
+ 2008-05-02 19:46:00 86,016 ----a-w G:\WINDOWS\system32\nvmctray.dll
- 2008-01-08 22:53:00 1,228,800 ----a-w G:\WINDOWS\system32\nvmobls.dll
+ 2008-05-02 19:46:00 1,257,472 ----a-w G:\WINDOWS\system32\nvmobls.dll
- 2008-01-08 22:53:00 286,720 ----a-w G:\WINDOWS\system32\nvnt4cpl.dll
+ 2008-05-02 19:46:00 286,720 ----a-w G:\WINDOWS\system32\nvnt4cpl.dll
- 2008-01-08 22:53:00 7,180,288 ----a-w G:\WINDOWS\system32\nvoglnt.dll
+ 2008-05-02 19:46:00 8,769,536 ----a-w G:\WINDOWS\system32\nvoglnt.dll
- 2008-01-08 22:53:00 466,944 ----a-w G:\WINDOWS\system32\nvshell.dll
+ 2008-05-02 19:46:00 466,944 ----a-w G:\WINDOWS\system32\nvshell.dll
- 2008-01-08 22:53:00 155,716 ----a-w G:\WINDOWS\system32\nvsvc32.exe
+ 2008-05-02 19:46:00 159,812 ----a-w G:\WINDOWS\system32\nvsvc32.exe
- 2008-01-08 22:53:00 360,448 ----a-w G:\WINDOWS\system32\nvudisp.exe
+ 2008-05-02 19:46:00 442,368 ----a-w G:\WINDOWS\system32\nvudisp.exe
- 2008-01-09 00:11:22 360,448 ----a-w G:\WINDOWS\system32\NVUNINST.EXE
+ 2008-04-30 14:27:42 442,368 ----a-w G:\WINDOWS\system32\NVUNINST.EXE
- 2008-01-08 22:53:00 3,710,976 ----a-w G:\WINDOWS\system32\nvvitvs.dll
+ 2008-05-02 19:46:00 3,776,512 ----a-w G:\WINDOWS\system32\nvvitvs.dll
- 2008-01-08 22:53:00 81,920 ----a-w G:\WINDOWS\system32\nvwddi.dll
+ 2008-05-02 19:46:00 81,920 ----a-w G:\WINDOWS\system32\nvwddi.dll
- 2008-01-08 22:53:00 1,703,936 ----a-w G:\WINDOWS\system32\nvwdmcpl.dll
+ 2008-05-02 19:46:00 1,703,936 ----a-w G:\WINDOWS\system32\nvwdmcpl.dll
- 2008-01-08 22:53:00 1,019,904 ----a-w G:\WINDOWS\system32\nvwimg.dll
+ 2008-05-02 19:46:00 1,019,904 ----a-w G:\WINDOWS\system32\nvwimg.dll
- 2008-01-08 22:53:00 2,498,560 ----a-w G:\WINDOWS\system32\nvwss.dll
+ 2008-05-02 19:46:00 2,629,632 ----a-w G:\WINDOWS\system32\nvwss.dll
- 2008-01-08 22:53:00 1,626,112 ----a-w G:\WINDOWS\system32\nwiz.exe
+ 2008-05-02 19:46:00 1,630,208 ----a-w G:\WINDOWS\system32\nwiz.exe
- 2008-05-06 16:37:08 103,736 ----a-w G:\WINDOWS\system32\PnkBstrB.exe
+ 2008-05-20 06:27:31 103,736 ----a-w G:\WINDOWS\system32\PnkBstrB.exe
+ 2008-01-08 22:53:00 5,775,104 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nv4_disp.dll
+ 2008-01-08 22:53:00 7,434,336 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nv4_mini.sys
+ 2008-01-08 22:53:00 385,024 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvapi.dll
+ 2008-01-08 22:53:00 35,328 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvcod.dll
+ 2008-01-08 22:53:00 8,523,776 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvcpl.dll
+ 2008-01-08 22:53:00 1,089,536 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvcuda.dll
+ 2008-01-08 22:53:00 6,553,600 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvdisps.dll
+ 2008-01-08 22:53:00 5,607,424 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvdispsr.dll
+ 2008-01-08 22:53:00 3,420,160 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvgames.dll
+ 2008-01-08 22:53:00 3,334,144 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvgamesr.dll
+ 2008-01-08 22:53:00 229,376 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvmccs.dll
+ 2008-01-08 22:53:00 188,416 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvmccss.dll
+ 2008-01-08 22:53:00 458,752 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvmccssr.dll
+ 2008-01-08 22:53:00 81,920 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvmctray.dll
+ 2008-01-08 22:53:00 1,228,800 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvmobls.dll
+ 2008-01-08 22:53:00 2,854,912 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvmoblsr.dll
+ 2008-01-08 22:53:00 286,720 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvnt4cpl.dll
+ 2008-01-08 22:53:00 7,180,288 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvoglnt.dll
+ 2008-01-08 22:53:00 155,716 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvsvc32.exe
+ 2008-01-08 22:53:00 3,710,976 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvvitvs.dll
+ 2008-01-08 22:53:00 3,715,072 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvvitvsr.dll
+ 2008-01-08 22:53:00 81,920 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvwddi.dll
+ 2008-01-08 22:53:00 2,498,560 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvwss.dll
+ 2008-01-08 22:53:00 2,519,040 ----a-w G:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvwssr.dll
+ 2007-08-23 23:57:55 577,928 ----a-w G:\WINDOWS\system32\SymNeti.dll
+ 2007-08-23 23:57:55 207,240 ----a-w G:\WINDOWS\system32\SymRedir.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DE1DDFD-09EB-4EB0-9D5E-1219651A97A5}]
G:\WINDOWS\system32\opnooPHb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3B19042B-3CED-48E1-97BF-D3538D03D1F5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 06:51 316784 --a------ G:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{662F7493-08C0-493E-B2AB-EF0049BE9698}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-05-20 10:24 116088 --a------ G:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0FBFC7C-03BF-4C9F-8279-1C30BDDFBC87}]
G:\WINDOWS\system32\pmnllIxu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E243A8E7-6244-49E0-A361-22DBF30FD46C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7D73DDE-9E95-41C7-8DFC-BFD33A009932}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9C481DA-70E2-4B69-89A8-2EBACDC50459}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F870A950-1112-4343-BB7D-6FFF117DB8E1}]
G:\WINDOWS\system32\fccdbAro.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "G:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-25 06:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= G:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 06:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="G:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"NVIDIA nTune"="G:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 13:32 81920]
"DAEMON Tools"="G:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 14:24 167368]
"SpybotSD TeaTimer"="G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="G:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 G:\WINDOWS\system32\nwiz.exe]
"BigDogPath"="G:\WINDOWS\VM301Snap.exe" [2007-03-27 18:24 49152]
"SunJavaUpdateSched"="G:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"itype"="g:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 18:08 813912]
"Domino"="G:\WINDOWS\Domino.exe" [2006-07-04 15:16 49152]
"NBKeyScan"="G:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"NeroFilterCheck"="G:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 10:59 570664]
"QuickTime Task"="G:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="G:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16:14 16859136 G:\WINDOWS\RTHDCPL.exe]
"ISUSScheduler"="G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"Adobe Reader Speed Launcher"="G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ISUSPM Startup"="G:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
"ccApp"="G:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"osCheck"="G:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 07:53 714608]
"NvMediaCenter"="G:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"BM903eecc2"="G:\WINDOWS\system32\unryrrhh.dll" [2008-05-22 18:01 126976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="G:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 08:00 15360]
"Nokia.PCSync"="G:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRHaYss]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\G:^Documents and Settings^Oğuz^Start Menu^Programlar^Başlangıç^OneNote 2007 Ekran Kırpıcı ve Başlatıcı.lnk]
path=G:\Documents and Settings\Oğuz\Start Menu\Programlar\Başlangıç\OneNote 2007 Ekran Kırpıcı ve Başlatıcı.lnk
backup=G:\WINDOWS\pss\OneNote 2007 Ekran Kırpıcı ve Başlatıcı.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 18:07 132392 G:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
G:\Program Files\LClock\lclock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
E:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 17:29 2221352 G:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 10:59 570664 G:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
G:\Program Files\ViOrb\ViOrb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
G:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
G:\Program Files\ViStart\ViStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"G:\\WINDOWS\\system32\\PnkBstrA.exe"=
"G:\\WINDOWS\\system32\\PnkBstrB.exe"=
"G:\\Program Files\\Messenger\\msmsgs.exe"=
"G:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"G:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"G:\\Program Files\\FlashGet\\flashget.exe"=
"G:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"G:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"G:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"G:\\Program Files\\LimeWire\\LimeWire.exe"=
"G:\\Program Files\\uTorrent\\uTorrent.exe"=
"G:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"G:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"G:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"G:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"G:\\kav\\kis7.0\\english\\setup.exe"=
"G:\\Program Files\\iTunes\\iTunes.exe"=
"G:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"G:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"G:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"G:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"G:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"G:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"G:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"G:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"G:\\Program Files\\TmNationsForever\\TmForever.exe"=

R0 mv61xx;mv61xx;G:\WINDOWS\system32\DRIVERS\mv61xx.sys [2007-05-25 06:35]
R2 ithsgt;ithsgt;G:\WINDOWS\system32\DRIVERS\ithsgt.sys [2008-04-16 17:01]
R2 lilsgt;lilsgt;G:\WINDOWS\system32\DRIVERS\lilsgt.sys [2008-04-16 17:01]
R2 LiveUpdate Notice;LiveUpdate Notice;"G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;G:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 09:12]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;G:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;G:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 08:11]
R3 PPortJoystick;Parallel Port Joystick device driver;G:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 08:11]
R3 Tetris;Tetris driver;G:\WINDOWS\system32\Drivers\Tetris.sys [2008-04-16 17:03]
S3 COH_Mon;COH_Mon;G:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{669cf266-b3a3-11dc-8967-001d606d1a62}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{669cf267-b3a3-11dc-8967-001d606d1a62}]
\Shell\AutoRun\command - C:\setupSNK.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 10:16:00 G:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- G:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-20 07:15:30 G:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Oğuz.job"

---------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36, on 2008-05-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
G:\Program Files\Bonjour\mDNSResponder.exe
G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
G:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
G:\WINDOWS\VM301Snap.exe
G:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
G:\Program Files\Microsoft IntelliType Pro\itype.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\Domino.exe
G:\WINDOWS\system32\IoctlSvc.exe
G:\WINDOWS\system32\PnkBstrA.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\WINDOWS\RTHDCPL.EXE
G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\WINDOWS\system32\Rundll32.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\DAEMON Tools\daemon.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\WINDOWS\system32\NOTEPAD.EXE
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0DE1DDFD-09EB-4EB0-9D5E-1219651A97A5} - G:\WINDOWS\system32\opnooPHb.dll (file missing)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - G:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {3B19042B-3CED-48E1-97BF-D3538D03D1F5} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - G:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: (no name) - {662F7493-08C0-493E-B2AB-EF0049BE9698} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - G:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E0FBFC7C-03BF-4C9F-8279-1C30BDDFBC87} - G:\WINDOWS\system32\pmnllIxu.dll (file missing)
O2 - BHO: (no name) - {E243A8E7-6244-49E0-A361-22DBF30FD46C} - (no file)
O2 - BHO: (no name) - {E7D73DDE-9E95-41C7-8DFC-BFD33A009932} - (no file)
O2 - BHO: (no name) - {E9C481DA-70E2-4B69-89A8-2EBACDC50459} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - G:\Program Files\FlashGet\getflash.dll
O2 - BHO: (no name) - {F870A950-1112-4343-BB7D-6FFF117DB8E1} - G:\WINDOWS\system32\fccdbAro.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - G:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BigDogPath] G:\WINDOWS\VM301Snap.exe Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "g:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Domino] G:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [NBKeyScan] "G:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "G:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "G:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BM903eecc2] Rundll32.exe "G:\WINDOWS\system32\unryrrhh.dll",s
O4 - HKLM\..\Run: [MSConfig] G:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "G:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools] "G:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - G:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - G:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://G:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: İnternet virüs koruması istatistiklerini görüntüleyin - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - G:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: rqRHaYss - G:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - G:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - G:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - G:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - G:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - G:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - G:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - G:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 11735 bytes
Rorschach112
2008-05-23, 00:25
Hello


1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:


File::
G:\WINDOWS\system32\gdlaxykc.dll
G:\WINDOWS\system32\unryrrhh.dll
G:\WINDOWS\system32\bhuwfmfi.dll
G:\WINDOWS\system32\cnkmqcpn.dll
G:\WINDOWS\system32\xhqspdap.dll
G:\WINDOWS\system32\onivrtut.dll
G:\WINDOWS\system32\hpwtcocp.dll
H:\LaunchU3.exe
C:\setupSNK.exe

Folder::

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{669cf266-b3a3-11dc-8967-001d606d1a62}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{669cf267-b3a3-11dc-8967-001d606d1a62}]

Driver::



Save this as CFScript.txt, in the same location as ComboFix.exe


http://i266.photobucket.com/albums/ii277/sUBs_/Combo-Do.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Also post a new HijackThis log
Rorschach112
2008-05-27, 03:24
Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.