Combofix

Buyrun bakalım, o kadar diyodunuz tarattık bu da log dosyası. Bir uzmana gösterebilirsiniz diyor nerden bulacaksak uzmanı. Şimdi ben ne yağayım bu yazıları :)

ComboFix 10-10-31.01 - Sertay 01.11.2010 0:05.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1254.90.1055.18.2046.1704 [GMT 2:00]
Running from: c:\users\Sertay\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Public\Documents\Server\admin.txt
c:\windows\system32\KBL.LOG

c:\windows\explorer.exe . . . is infected!!

c:\windows\System32\wininit.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.

2010-10-31 22:00 . 2010-10-31 22:01 -------- d-----w- C:\32788R22FWJFW
2010-10-29 00:55 . 2010-10-29 01:06 -------- d-----w- c:\programdata\TmForever
2010-10-28 18:53 . 2010-10-28 18:53 -------- d-----w- c:\program files\Machinarium
2010-10-27 18:04 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 18:04 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 18:03 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-15 11:06 . 2010-10-15 11:06 -------- d-----w- c:\program files\Microsoft Works
2010-10-15 11:04 . 2010-10-15 11:04 -------- d-----w- c:\users\Sertay\AppData\Local\Microsoft Help
2010-10-15 11:04 . 2010-10-15 11:11 -------- d-----w- c:\programdata\Microsoft Help
2010-10-15 11:03 . 2010-10-15 11:03 -------- d-----r- C:\MSOCache
2010-10-15 10:54 . 2010-10-15 10:54 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-15 10:54 . 2010-10-15 10:55 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-10-15 10:54 . 2010-10-15 10:59 -------- d-----w- c:\users\Sertay\AppData\Roaming\DAEMON Tools Lite
2010-10-15 10:54 . 2010-10-15 10:54 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-10-14 20:03 . 2010-10-23 18:54 -------- d-----w- c:\programdata\Test Drive Unlimited
2010-10-14 14:54 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 14:54 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 14:51 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 14:51 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 14:51 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-14 14:51 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 14:51 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 11:37 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-09-17 11:37 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-09-17 10:19 . 2010-09-17 10:19 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-09-17 10:18 . 2010-09-17 10:18 40960 ----a-w- c:\windows\system32\drivers\tr-TR\http.sys.mui
2010-09-17 10:18 . 2010-09-17 10:18 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2010-09-16 23:45 . 2010-09-16 23:45 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-09-16 23:45 . 2010-09-16 23:45 23552 ----a-w- c:\windows\system32\lpk.dll
2010-09-16 23:45 . 2010-09-16 23:45 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-09-16 23:39 . 2010-09-16 23:39 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-09-16 23:39 . 2010-09-16 23:39 272896 ----a-w- c:\windows\system32\polstore.dll
2010-09-16 23:35 . 2010-09-16 23:35 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-09-16 23:35 . 2010-09-16 23:35 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-09-16 23:35 . 2010-09-16 23:35 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-09-16 23:35 . 2010-09-16 23:35 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-09-16 23:35 . 2010-09-16 23:35 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-09-16 23:35 . 2010-09-16 23:35 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-09-16 23:35 . 2010-09-16 23:35 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-09-16 23:35 . 2010-09-16 23:35 10240 ----a-w- c:\windows\system32\finger.exe
2010-09-16 23:31 . 2010-09-16 23:31 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-09-16 23:31 . 2010-09-16 23:31 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-09-16 23:31 . 2010-09-16 23:31 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-09-16 23:31 . 2010-09-16 23:31 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-09-16 23:31 . 2010-09-16 23:31 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-09-16 23:31 . 2010-09-16 23:31 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-09-16 23:31 . 2010-09-16 23:31 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-09-16 23:30 . 2010-09-16 23:30 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-09-16 23:30 . 2010-09-16 23:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-09-16 23:30 . 2010-09-16 23:30 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-09-16 23:28 . 2010-09-16 23:28 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-09-16 23:27 . 2010-09-16 23:27 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-09-16 23:27 . 2010-09-16 23:27 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-09-16 23:27 . 2010-09-16 23:27 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-09-16 23:26 . 2010-09-16 23:26 98816 ----a-w- c:\windows\system32\mfps.dll
2010-09-16 23:26 . 2010-09-16 23:26 2868224 ----a-w- c:\windows\system32\mf.dll
2010-09-16 23:26 . 2010-09-16 23:26 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-09-16 23:26 . 2010-09-16 23:26 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-09-16 23:26 . 2010-09-16 23:26 2048 ----a-w- c:\windows\system32\mferror.dll
2010-09-16 23:21 . 2010-09-16 23:21 71680 ----a-w- c:\windows\system32\atl.dll
2010-09-16 23:14 . 2010-09-16 23:14 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-09-16 23:13 . 2010-09-16 23:13 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-09-16 23:13 . 2010-09-16 23:13 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-09-16 23:13 . 2010-09-16 23:13 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-09-16 23:10 . 2010-09-16 23:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-09-16 23:03 . 2010-09-16 23:03 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-09-16 22:58 . 2010-09-16 22:58 623616 ----a-w- c:\windows\system32\localspl.dll
2010-09-16 22:52 . 2010-09-16 22:52 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-09-16 22:50 . 2010-09-16 22:50 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-09-16 22:50 . 2010-09-16 22:50 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-09-16 22:50 . 2010-09-16 22:50 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-09-16 22:50 . 2010-09-16 22:50 9728 ----a-w- c:\windows\system32\lsass.exe
2010-09-16 22:50 . 2010-09-16 22:50 72704 ----a-w- c:\windows\system32\secur32.dll
2010-09-16 22:50 . 2010-09-16 22:50 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-09-16 22:45 . 2010-09-16 22:45 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2010-09-16 22:45 . 2010-09-16 22:45 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2010-09-16 22:45 . 2010-09-16 22:45 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2010-09-16 22:45 . 2010-09-16 22:45 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2010-09-16 22:45 . 2010-09-16 22:45 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2010-09-16 22:45 . 2010-09-16 22:45 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2010-09-16 22:45 . 2010-09-16 22:45 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2010-09-16 22:45 . 2010-09-16 22:45 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2010-09-16 22:45 . 2010-09-16 22:45 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2010-09-16 22:45 . 2010-09-16 22:45 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2010-09-16 22:45 . 2010-09-16 22:45 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2010-09-16 22:45 . 2010-09-16 22:45 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll
2010-09-16 22:45 . 2010-09-16 22:45 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll
2010-09-16 22:45 . 2010-09-16 22:45 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll
2010-09-16 22:45 . 2010-09-16 22:45 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll
2010-09-16 22:45 . 2010-09-16 22:45 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll
2010-09-16 22:45 . 2010-09-16 22:45 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll
2010-09-16 22:45 . 2010-09-16 22:45 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll
2010-09-16 22:45 . 2010-09-16 22:45 1452544 ----a-w- c:\windows\system32\NlsLexicons0003.dll
2010-09-16 22:45 . 2010-09-16 22:45 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll
2010-09-16 22:45 . 2010-09-16 22:45 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll
2010-09-16 22:45 . 2010-09-16 22:45 1702912 ----a-w- c:\windows\system32\NlsLexicons004b.dll
2010-09-16 22:45 . 2010-09-16 22:45 4096 ----a-w- c:\windows\system32\NlsLexicons002a.dll
2010-09-16 22:45 . 2010-09-16 22:45 4045824 ----a-w- c:\windows\system32\NlsLexicons003e.dll
2010-09-16 22:45 . 2010-09-16 22:45 1972736 ----a-w- c:\windows\system32\NlsLexicons004e.dll
2010-09-16 22:45 . 2010-09-16 22:45 6585856 ----a-w- c:\windows\system32\NlsLexicons001b.dll
2010-09-16 22:45 . 2010-09-16 22:45 6014976 ----a-w- c:\windows\system32\NlsLexicons001a.dll
2010-09-16 22:45 . 2010-09-16 22:45 6346240 ----a-w- c:\windows\system32\NlsLexicons001d.dll
2010-09-16 22:45 . 2010-09-16 22:45 9892864 ----a-w- c:\windows\system32\NlsLexicons000a.dll
2010-09-16 22:45 . 2010-09-16 22:45 6237696 ----a-w- c:\windows\system32\NlsLexicons000c.dll
2010-09-16 22:45 . 2010-09-16 22:45 1722368 ----a-w- c:\windows\system32\NlsLexicons000d.dll
2010-09-16 22:45 . 2010-09-16 22:45 5654528 ----a-w- c:\windows\system32\NlsLexicons000f.dll
2010-09-16 22:45 . 2010-09-16 22:45 4616192 ----a-w- c:\windows\system32\NlsLexicons0414.dll
2010-09-16 22:45 . 2010-09-16 22:45 5090816 ----a-w- c:\windows\system32\NlsLexicons0416.dll
2010-09-16 22:45 . 2010-09-16 22:45 7042560 ----a-w- c:\windows\system32\NlsLexicons081a.dll
2010-09-16 22:45 . 2010-09-16 22:45 5031936 ----a-w- c:\windows\system32\NlsLexicons0816.dll
2010-09-16 22:45 . 2010-09-16 22:45 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll
2010-09-16 22:45 . 2010-09-16 22:45 3104768 ----a-w- c:\windows\system32\NlsData0047.dll
2010-09-16 22:45 . 2010-09-16 22:45 3104768 ----a-w- c:\windows\system32\NlsData0046.dll
2010-09-16 22:45 . 2010-09-16 22:45 3104768 ----a-w- c:\windows\system32\NlsData0045.dll
2010-09-16 22:45 . 2010-09-16 22:45 3104768 ----a-w- c:\windows\system32\NlsData0049.dll
2010-09-16 22:45 . 2010-09-16 22:45 3104768 ----a-w- c:\windows\system32\NlsData0039.dll
2010-09-16 22:45 . 2010-09-16 22:45 3104768 ----a-w- c:\windows\system32\NlsData0020.dll
2010-09-16 22:45 . 2010-09-16 22:45 1965056 ----a-w- c:\windows\system32\NlsData0024.dll
2010-09-16 22:45 . 2010-09-16 22:45 1801216 ----a-w- c:\windows\system32\NlsData0022.dll
2010-09-16 22:45 . 2010-09-16 22:45 1801216 ----a-w- c:\windows\system32\NlsData0021.dll
2010-09-16 22:45 . 2010-09-16 22:45 1965056 ----a-w- c:\windows\system32\NlsData0026.dll
2010-09-16 22:45 . 2010-09-16 22:45 1966592 ----a-w- c:\windows\system32\NlsData0027.dll
.

------- Sigcheck -------

[7] 2010-09-16 . 6D06CD98D954FE87FB2DB8108793B399 . 2923520 . . [6.0.6000.16549] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[7] 2010-09-16 . BD06F0BF753BC704B653C3A50F89D362 . 2923520 . . [6.0.6000.20668] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[7] 2010-09-16 . 37440D09DEAE0B672A04DCCF7ABF06BE . 2923520 . . [6.0.6000.16771] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[7] 2010-09-16 . E7156B0B74762D9DE0E66BDCDE06E5FB . 2923520 . . [6.0.6000.20947] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[7] 2010-09-16 . 4F554999D7D5F05DAAEBBA7B5BA1089D . 2927104 . . [6.0.6001.18164] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[7] 2010-09-16 . 50BA5850147410CDE89C523AD3BC606E . 2927616 . . [6.0.6001.22298] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[-] 2009-04-11 . CA9F9B179787A3C5CAE058E6E2D6D86B . 2926592 . . [6.0.6000.16386] . . c:\windows\explorer.exe
[7] 2009-04-11 . D07D4C3038F3578FFCE1C0237F2A1253 . 2926592 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[7] 2008-01-19 . FFA764631CB70A30065C12EF8E174F9F . 2927104 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[7] 2006-11-02 . FD8C53FB002217F6F888BCF6F5D7084D . 2923520 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

[-] 2008-01-19 . 607E1CEB1B658FD664523389A8FB53B8 . 96768 . . [6.0.6000.16386] . . c:\windows\System32\wininit.exe
[7] 2008-01-19 . 101BA3EA053480BB5D957EF37C06B5ED . 96768 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[7] 2006-11-02 . D4385B03E8CCCEE6F0EE249F827C1F3E . 95744 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 10:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 06:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 13:41 222128 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 19:10 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-08-17 13:27 4702208 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 08:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-16 21:13 218408 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 13:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-15 691696]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
R2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=tr_tr&c=81&bd=Pavilion&pf=laptop
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {0D2E5EA1-6B38-4849-8370-65C42A5CB253} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Sertay\AppData\Roaming\Mozilla\Firefox\Profiles\mdvrn4xm.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
ActiveSetup-{10880D85-AAD9-4558-ABDC-2AB1552D831F} - c:\program files\Common Files\LightScribe\LSRunOnce.exe

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-11-01 00:19:35
ComboFix-quarantined-files.txt 2010-10-31 22:19

Pre-Run: 56.276.955.136 bayt boş
Post-Run: 56.798.408.704 bayt boş

- - End Of File - - 3786F9F846D8DA2613ADFE7283F91D8F

molon labe #190468

Bir şey yapmana gerek yok, tarama sonucunda bulduklarını ve yaptıklarını yazıyor. Silmiş yani sileceğini, olmuş bitmiş.

shangrilla (01.11.10 01:04:16)

adınızın da Sertay olduğunu görmüş olduk.

rexnebular (01.11.10 05:43:14)

olan olmuş, explorer.exe falan artık lekelenmiş... bi de minimal çalışmış combofix, güvenli modda tekrar taratsanız ya? daha çok şey bulabilir belki...

mortar (01.11.10 12:20:40)

buraya yazılanların hakları Sir Anthony Hopkins'e aittir.
yazan eden compumaster, ilgilenen eden fader
modere edenler angelus, Artibir, aychovsky, baba jo, basond, compumaster, deckard, duyulmasi gerektigi kadar, fader, fraise, groove salad, kahvegibi, kaymaktutmayansicaksut, kibritsuyu, monstro, pandispanya, robin, ron dennis
bu sitede yazılanların hiçbiri doğru değildir. site içeriği küçükler için sakıncalı olabilir. yazılardan yazarları sorumludur. kaynak göstermeden alıntılanamaz. devlet tarafından atanmış bir kurumun internet üzerinde kimin hangi bilgiye ulaşıp ulaşamayacağına karar vermesi insan haklarına aykırıdır. web siteleri kullanıcıların istekleri doğrultusunda bağlandıkları yerlerdir. kullanıcılar isterlerse bir web sitesine bağlanmayabilirler. bu güçleri ve imkanları mevcuttur. bir kullanıcı bir siteye bağlanmak istiyorsa bu onun tercihi ve hakkıdır. bağlanmak istemiyorsa bu yine onun tercihi ve hakkıdır. halkın kendisine hizmet etmesi için görevlendirdiği kurumlar hadlerini aşıp halka neye ulaşıp ulaşmayacağını bilmeyen cahil cühela muamelesi edemezler. ebeveynlerin çocuklarını sakıncalı içeriklerden koruması için çok sayıda bedava ve ücretli yazılım mevcuttur. bu yazılımlar bir web tarayıcısını kullanmaktan daha karmaşık teknik bilgi gerektirmemektedir. devletin milletini küçük düşürmesi ve ebleh yerine koyması yasaktır. Skimlinks ile linkler üzerinden yönlendirme payı alınmaktadır.

Lütfen Javascript desteği bulunan bir tarayıcı kullanın. Bir hata olduğunu düşünüyorsanız tarayıcınızın veya (varsa) antivirüs yazılımınızın ayarlarını kontrol edin.

Ekşi Duyuru

Combofix