Yeni Kayıt
Konudaki Resimler
|
|
_____________________________
|
Bildirim
Bilgisayarımda Virüs var (trojan, malware yada spyware) birçok program bulamıyor... Avira - Nod32
Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Daha Fazla 
Bu Konudaki Kullanıcılar:
Daha Az 
1 Misafir - 1 Masaüstü
Giriş
Mesaj
-
-
Combofixhttp://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe ve
Mbam ilehttp://www.guvenlikuzmanim.com/dosyalar/mbam-setup.exe ile tam tarama yaptırın
tarama sonunda log raporlarını yayınlayın
< Bu mesaj bu kişi tarafından değiştirildi tcebeci -- 24 Temmuz 2009; 22:54:54 >_____________________________ -
Logları indirmek isterseniz linkleri...quote:
Orijinalden alıntı: tcebeci
Combofixhttp://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe ve
Mbam ilehttp://www.guvenlikuzmanim.com/dosyalar/mbam-setup.exe ile tam tarama yaptırın
tarama sonunda log raporlarını yayınlayın
http://d01.megashares.com/dl/1d89d74/Combo_log.txt
http://d01.megashares.com/dl/edef3f3/mbam-log-2009-07-25.txt
http://www.2shared.com/file/6843837/f8041686/Combo_log.html
http://www.2shared.com/file/6843838/68bb0b17/mbam-log-2009-07-25.html
Combo_log
ComboFix 09-07-20.05 - Administrator 25.07.2009 19:42.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.3070.2338 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Kişisel güvenlik duvarı *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\scrrntr.dll
.
((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.
2009-07-23 19:34 . 2009-07-23 19:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2009-07-23 18:08 . 2009-07-23 18:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\ESET
2009-07-23 18:07 . 2009-07-23 18:07 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ESET
2009-07-23 18:06 . 2009-07-23 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-23 17:42 . 2009-07-23 17:42 -------- d-----w- c:\program files\ESET
2009-07-21 19:53 . 2008-05-21 12:28 7994 ----a-w- C:\yama.vbs
2009-07-19 14:46 . 2009-07-19 14:46 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-07-19 10:50 . 2009-07-19 10:50 -------- d-----w- c:\program files\Dracula Virüs Temizleyici 3.5
2009-07-17 19:38 . 2009-07-21 19:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-17 19:38 . 2009-07-21 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-17 19:35 . 2009-07-17 19:35 -------- d--h--w- c:\windows\PIF
2009-07-17 17:47 . 2009-07-17 17:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2009-07-16 19:59 . 2008-06-19 14:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-16 19:58 . 2009-07-16 19:58 -------- d-----w- c:\program files\Panda Security
2009-07-12 11:28 . 2009-07-12 11:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-12 09:06 . 2009-07-12 09:06 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-07-11 20:10 . 2009-06-23 15:44 147456 --sh--r- c:\windows\smsWfi.exe
2009-07-10 19:51 . 2009-07-10 19:51 -------- d-----w- c:\program files\Bonjour
2009-07-10 19:46 . 2009-07-10 19:46 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-09 09:20 . 2009-07-09 09:20 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-07-09 09:19 . 2009-07-09 09:19 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-09 04:02 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-09 04:01 . 2009-07-09 04:01 -------- d-----w- c:\windows\ie8updates
2009-07-09 04:01 . 2009-04-30 21:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-09 04:01 . 2009-04-30 21:14 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-07-09 04:01 . 2009-04-30 21:14 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-07-09 04:01 . 2009-04-30 21:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-09 04:00 . 2009-07-09 04:01 -------- dc-h--w- c:\windows\ie8
2009-07-05 13:15 . 2009-07-05 18:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BS_Player
2009-07-05 13:15 . 2009-07-05 13:15 -------- d-----w- c:\program files\Conduit
2009-07-05 13:15 . 2009-07-05 13:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2009-07-05 13:15 . 2009-07-05 13:46 -------- d-----w- c:\program files\BS_Player
2009-07-05 13:15 . 2009-07-05 13:15 -------- d-----w- c:\program files\Webteh
2009-07-05 13:08 . 2009-07-05 13:08 -------- d-----w- c:\program files\AirTies
2009-07-05 13:08 . 2007-03-16 09:53 450944 ----a-w- c:\windows\system32\drivers\TUSB1150.sys
2009-07-05 13:08 . 2006-12-04 12:42 97388 ----a-w- c:\windows\system32\drivers\Fwusb1b.bin
2009-07-03 20:45 . 2009-07-12 17:46 158 ----a-w- C:\tw0001.dat
2009-07-02 16:00 . 2008-04-13 08:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-06-30 16:37 . 2009-06-30 16:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\vdownloader
2009-06-28 18:22 . 2009-06-28 18:22 -------- d-----w- c:\windows\system32\dns
2009-06-26 19:05 . 2009-06-26 19:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Datalayer
2009-06-26 19:05 . 2009-06-28 20:39 -------- d-----w- c:\documents and settings\Administrator\Phone Browser
2009-06-26 19:04 . 2009-06-26 19:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\DIFX
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-26 19:01 . 2006-05-29 05:26 8704 ----a-w- c:\windows\system32\drivers\nmwcdc.sys
2009-06-26 19:01 . 2006-05-29 05:26 13312 ----a-w- c:\windows\system32\drivers\nmwcdcm.sys
2009-06-26 19:01 . 2006-05-29 05:26 127488 ----a-w- c:\windows\system32\drivers\nmwcd.sys
2009-06-26 19:01 . 2006-05-29 05:26 30720 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-06-26 19:01 . 2006-05-29 05:26 4608 ----a-w- c:\windows\system32\nmwcdlog.dll
2009-06-26 19:01 . 2006-05-29 05:26 50688 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\Nokia
2009-06-26 19:00 . 2009-06-26 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-24 19:57 . 2009-06-18 16:12 -------- d-----w- c:\program files\Unlocker
2009-07-18 17:50 . 2009-06-18 07:35 -------- d-----w- c:\program files\MSN Messenger
2009-07-10 19:51 . 2009-06-18 16:18 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-05 13:08 . 2009-06-18 06:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-26 16:57 . 2009-06-18 07:41 68456 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-23 09:52 . 2001-11-22 15:00 68472 ----a-w- c:\windows\system32\perfc01F.dat
2009-06-23 09:52 . 2001-11-22 15:00 383452 ----a-w- c:\windows\system32\perfh01F.dat
2009-06-21 14:30 . 2009-06-21 14:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\GRETECH
2009-06-20 17:06 . 2009-06-18 16:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2009-06-18 17:12 . 2009-06-18 17:06 -------- d-----w- c:\program files\proeWildfire 3.0
2009-06-18 17:00 . 2009-06-18 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-18 16:59 . 2009-06-18 16:59 -------- d-----w- c:\program files\Microsoft Works
2009-06-18 16:58 . 2009-06-18 16:58 -------- d-----w- c:\program files\MSBuild
2009-06-18 16:58 . 2009-06-18 16:58 -------- d-----w- c:\program files\Microsoft.NET
2009-06-18 16:56 . 2009-06-18 16:56 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-18 16:52 . 2009-06-18 16:51 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-18 16:51 . 2009-06-18 16:51 -------- d-----w- c:\program files\Nero
2009-06-18 16:17 . 2009-06-18 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-06-18 16:17 . 2009-06-18 16:17 -------- d-----w- c:\program files\TechSmith
2009-06-18 16:12 . 2009-06-18 16:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Desktopicon
2009-06-18 16:03 . 2009-06-18 16:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-06-18 16:02 . 2009-06-18 16:02 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-18 15:09 . 2009-06-18 15:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-06-18 15:08 . 2009-06-18 15:08 -------- d-----w- c:\program files\VideoLAN
2009-06-18 15:04 . 2009-06-18 15:04 -------- d-----w- c:\program files\HD Tune
2009-06-18 13:25 . 2009-06-18 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-06-18 13:25 . 2009-06-18 13:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI
2009-06-18 10:27 . 2009-06-18 10:27 -------- d-----w- c:\program files\AIMP2
2009-06-18 08:35 . 2009-06-18 08:35 0 ----a-w- c:\windows\ativpsrm.bin
2009-06-18 08:34 . 2009-06-18 08:33 -------- d-----w- c:\program files\ATI Technologies
2009-06-18 08:33 . 2009-06-18 07:45 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-18 08:22 . 2009-06-18 08:22 -------- d-----w- c:\program files\Vimicro
2009-06-18 08:20 . 2009-06-18 06:49 16608 ----a-w- c:\windows\gdrv.sys
2009-06-18 08:18 . 2009-06-18 08:18 319488 ----a-w- c:\windows\HideWin.exe
2009-06-18 08:07 . 2009-06-18 08:07 0 ----a-w- c:\windows\nsreg.dat
2009-06-18 07:53 . 2009-06-18 06:40 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-18 07:53 . 2009-06-18 07:53 12328 ----a-w- c:\documents and settings\beyaz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-18 07:46 . 2009-06-18 07:46 -------- d-----w- c:\program files\Intel
2009-06-18 07:45 . 2009-06-18 06:50 -------- d-----w- c:\program files\Realtek
2009-06-18 06:57 . 2009-06-18 06:57 -------- d-----w- c:\program files\Avira
2009-06-18 06:57 . 2009-06-18 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-18 06:50 . 2009-06-18 06:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-06-18 06:39 . 2009-06-18 06:39 21736 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-16 03:58 . 2009-05-16 03:58 4069888 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-05-16 03:39 . 2009-05-16 03:39 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-05-16 03:38 . 2009-05-16 03:38 335872 ----a-w- c:\windows\system32\ati2dvag.dll
2009-05-16 03:18 . 2009-05-16 03:18 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-05-16 03:17 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-05-16 03:17 . 2009-05-16 03:17 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-05-16 03:17 . 2009-05-16 03:17 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-05-16 03:17 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-05-16 03:15 . 2009-05-16 03:15 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-05-16 03:14 . 2009-05-16 03:14 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-05-16 03:07 . 2009-05-16 03:07 2987136 ----a-w- c:\windows\system32\ati3duag.dll
2009-05-16 02:55 . 2009-05-16 02:55 11423744 ----a-w- c:\windows\system32\atioglxx.dll
2009-05-16 02:54 . 2009-05-16 02:54 2122624 ----a-w- c:\windows\system32\ativvaxx.dll
2009-05-16 02:54 . 2009-05-16 02:54 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-05-16 02:54 . 2009-05-16 02:54 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-05-16 02:51 . 2009-05-16 02:51 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-05-16 02:38 . 2009-05-16 02:38 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-05-16 02:38 . 2009-05-16 02:38 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-05-16 02:33 . 2009-05-16 02:33 479232 ----a-w- c:\windows\system32\atikvmag.dll
2009-05-16 02:31 . 2009-05-16 02:31 139264 ----a-w- c:\windows\system32\atiadlxx.dll
2009-05-16 02:31 . 2009-05-16 02:31 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-05-16 02:30 . 2009-05-16 02:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-05-16 02:26 . 2009-05-16 02:26 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-05-16 02:24 . 2009-05-16 02:24 651264 ----a-w- c:\windows\system32\ati2cqag.dll
2009-05-16 01:35 . 2009-05-16 01:35 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-05-16 01:34 . 2009-05-16 01:34 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-05-16 01:33 . 2009-05-16 01:33 3158016 ----a-w- c:\windows\system32\aticaldd.dll
2009-05-15 18:05 . 2009-06-18 08:33 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-05-13 05:04 . 2008-04-14 06:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-04-14 06:00 345088 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 19:33 . 2009-05-05 19:33 118784 ----a-w- c:\windows\system32\atibtmon.exe
2009-07-22 23:11 . 2009-06-18 08:07 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-05 13:46 2215960 ----a-w- c:\program files\BS_Player\tbBS_1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-18 133104]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"AIMP2"="c:\program files\AIMP2\AIMP2.exe" [2008-12-30 358400]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208]
"Windowss"="smsWfi.exe" - c:\windows\smsWfi.exe [2009-06-23 147456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\driver\\usb\\gamesz.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [16.07.2009 22:59 28544]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.06.2009 09:57 108289]
R2 ekrn;ESET Service;c:\program files\ESET\Eset Smart Security\ekrn.exe [09.04.2009 15:19 731840]
R3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [05.07.2009 16:08 450944]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [18.06.2009 11:22 428160]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe /s --> c:\windows\reset.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18.06.2009 10:45 1684736]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1383384898-1177238915-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 07:30]
2009-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1383384898-1177238915-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 07:30]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-BigDog303 - c:\windows\VM303_STI.EXE
HKLM-Run-AirTiesWUS-300 - c:\program files\AirTies\AirTiesWUS-300\WUS300.exe
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
HKU-Default-RunOnce-nltide2 - rundll32 advpack.dll
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {626F8656-8372-48BB-A7AD-C46E20F35E43} = 127.0.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4pnj89e2.default\
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-07-25 19:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2052111302-1383384898-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,47,2b,4b,1a,01,8e,45,96,75,54,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,47,2b,4b,1a,01,8e,45,96,75,54,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-25 19:49
ComboFix-quarantined-files.txt 2009-07-25 16:49
Pre-Run: 89.177.079.808 bayt boş
Post-Run: 90.077.794.304 bayt boş
262 --- E O F --- 2009-07-09 04:02
mbam-log-2009-07-25
Malwarebytes' Anti-Malware 1.39
Veritabanı sürümü: 2500
Windows 5.1.2600 Service Pack 3
25.07.2009 21:51:04
mbam-log-2009-07-25 (21-51-04).txt
Tarama biçimi: Gelişmiş Tarama (C:\|D:\|E:\|)
Taranan öğeler: 254768
Geçen süre: 39 minute(s), 24 second(s)
Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 0
Etkilenmiş Kayıt Değerleri: 0
Etkilenmiş Kayıt Verisi Öğeleri: 1
Etkilenmiş Klasörler: 0
Etkilenmiş Dosyalar: 0
Etkilenmiş Hafıza İşlemleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Hafıza Modülleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Anahtarları:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Değerleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Verisi Öğeleri:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Etkilenmiş Klasörler:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Dosyalar:
(Herhangi bir tehlikeli öğe bulunmadı)
< Bu mesaj bu kişi tarafından değiştirildi 01Mrt -- 25 Temmuz 2009; 22:14:43 >_____________________________
-
güvenli kipte açmanıza izin veriyormu?quote:
Orijinalden alıntı: 01Mrt
Logları indirmek isterseniz linkleri...
http://d01.megashares.com/dl/1d89d74/Combo_log.txt
http://d01.megashares.com/dl/edef3f3/mbam-log-2009-07-25.txt
http://www.2shared.com/file/6843837/f8041686/Combo_log.html
http://www.2shared.com/file/6843838/68bb0b17/mbam-log-2009-07-25.html
Combo_log
ComboFix 09-07-20.05 - Administrator 25.07.2009 19:42.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.3070.2338 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Kişisel güvenlik duvarı *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\scrrntr.dll
.
((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.
2009-07-23 19:34 . 2009-07-23 19:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2009-07-23 18:08 . 2009-07-23 18:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\ESET
2009-07-23 18:07 . 2009-07-23 18:07 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ESET
2009-07-23 18:06 . 2009-07-23 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-23 17:42 . 2009-07-23 17:42 -------- d-----w- c:\program files\ESET
2009-07-21 19:53 . 2008-05-21 12:28 7994 ----a-w- C:\yama.vbs
2009-07-19 14:46 . 2009-07-19 14:46 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-07-19 10:50 . 2009-07-19 10:50 -------- d-----w- c:\program files\Dracula Virüs Temizleyici 3.5
2009-07-17 19:38 . 2009-07-21 19:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-17 19:38 . 2009-07-21 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-17 19:35 . 2009-07-17 19:35 -------- d--h--w- c:\windows\PIF
2009-07-17 17:47 . 2009-07-17 17:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2009-07-16 19:59 . 2008-06-19 14:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-16 19:58 . 2009-07-16 19:58 -------- d-----w- c:\program files\Panda Security
2009-07-12 11:28 . 2009-07-12 11:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-12 09:06 . 2009-07-12 09:06 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-07-11 20:10 . 2009-06-23 15:44 147456 --sh--r- c:\windows\smsWfi.exe
2009-07-10 19:51 . 2009-07-10 19:51 -------- d-----w- c:\program files\Bonjour
2009-07-10 19:46 . 2009-07-10 19:46 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-09 09:20 . 2009-07-09 09:20 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-07-09 09:19 . 2009-07-09 09:19 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-09 04:02 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-09 04:01 . 2009-07-09 04:01 -------- d-----w- c:\windows\ie8updates
2009-07-09 04:01 . 2009-04-30 21:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-09 04:01 . 2009-04-30 21:14 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-07-09 04:01 . 2009-04-30 21:14 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-07-09 04:01 . 2009-04-30 21:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-09 04:00 . 2009-07-09 04:01 -------- dc-h--w- c:\windows\ie8
2009-07-05 13:15 . 2009-07-05 18:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BS_Player
2009-07-05 13:15 . 2009-07-05 13:15 -------- d-----w- c:\program files\Conduit
2009-07-05 13:15 . 2009-07-05 13:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2009-07-05 13:15 . 2009-07-05 13:46 -------- d-----w- c:\program files\BS_Player
2009-07-05 13:15 . 2009-07-05 13:15 -------- d-----w- c:\program files\Webteh
2009-07-05 13:08 . 2009-07-05 13:08 -------- d-----w- c:\program files\AirTies
2009-07-05 13:08 . 2007-03-16 09:53 450944 ----a-w- c:\windows\system32\drivers\TUSB1150.sys
2009-07-05 13:08 . 2006-12-04 12:42 97388 ----a-w- c:\windows\system32\drivers\Fwusb1b.bin
2009-07-03 20:45 . 2009-07-12 17:46 158 ----a-w- C:\tw0001.dat
2009-07-02 16:00 . 2008-04-13 08:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-06-30 16:37 . 2009-06-30 16:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\vdownloader
2009-06-28 18:22 . 2009-06-28 18:22 -------- d-----w- c:\windows\system32\dns
2009-06-26 19:05 . 2009-06-26 19:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Datalayer
2009-06-26 19:05 . 2009-06-28 20:39 -------- d-----w- c:\documents and settings\Administrator\Phone Browser
2009-06-26 19:04 . 2009-06-26 19:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\DIFX
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-26 19:01 . 2006-05-29 05:26 8704 ----a-w- c:\windows\system32\drivers\nmwcdc.sys
2009-06-26 19:01 . 2006-05-29 05:26 13312 ----a-w- c:\windows\system32\drivers\nmwcdcm.sys
2009-06-26 19:01 . 2006-05-29 05:26 127488 ----a-w- c:\windows\system32\drivers\nmwcd.sys
2009-06-26 19:01 . 2006-05-29 05:26 30720 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-06-26 19:01 . 2006-05-29 05:26 4608 ----a-w- c:\windows\system32\nmwcdlog.dll
2009-06-26 19:01 . 2006-05-29 05:26 50688 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\Nokia
2009-06-26 19:00 . 2009-06-26 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-24 19:57 . 2009-06-18 16:12 -------- d-----w- c:\program files\Unlocker
2009-07-18 17:50 . 2009-06-18 07:35 -------- d-----w- c:\program files\MSN Messenger
2009-07-10 19:51 . 2009-06-18 16:18 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-05 13:08 . 2009-06-18 06:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-26 16:57 . 2009-06-18 07:41 68456 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-23 09:52 . 2001-11-22 15:00 68472 ----a-w- c:\windows\system32\perfc01F.dat
2009-06-23 09:52 . 2001-11-22 15:00 383452 ----a-w- c:\windows\system32\perfh01F.dat
2009-06-21 14:30 . 2009-06-21 14:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\GRETECH
2009-06-20 17:06 . 2009-06-18 16:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2009-06-18 17:12 . 2009-06-18 17:06 -------- d-----w- c:\program files\proeWildfire 3.0
2009-06-18 17:00 . 2009-06-18 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-18 16:59 . 2009-06-18 16:59 -------- d-----w- c:\program files\Microsoft Works
2009-06-18 16:58 . 2009-06-18 16:58 -------- d-----w- c:\program files\MSBuild
2009-06-18 16:58 . 2009-06-18 16:58 -------- d-----w- c:\program files\Microsoft.NET
2009-06-18 16:56 . 2009-06-18 16:56 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-18 16:52 . 2009-06-18 16:51 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-18 16:51 . 2009-06-18 16:51 -------- d-----w- c:\program files\Nero
2009-06-18 16:17 . 2009-06-18 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-06-18 16:17 . 2009-06-18 16:17 -------- d-----w- c:\program files\TechSmith
2009-06-18 16:12 . 2009-06-18 16:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Desktopicon
2009-06-18 16:03 . 2009-06-18 16:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-06-18 16:02 . 2009-06-18 16:02 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-18 15:09 . 2009-06-18 15:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-06-18 15:08 . 2009-06-18 15:08 -------- d-----w- c:\program files\VideoLAN
2009-06-18 15:04 . 2009-06-18 15:04 -------- d-----w- c:\program files\HD Tune
2009-06-18 13:25 . 2009-06-18 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-06-18 13:25 . 2009-06-18 13:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI
2009-06-18 10:27 . 2009-06-18 10:27 -------- d-----w- c:\program files\AIMP2
2009-06-18 08:35 . 2009-06-18 08:35 0 ----a-w- c:\windows\ativpsrm.bin
2009-06-18 08:34 . 2009-06-18 08:33 -------- d-----w- c:\program files\ATI Technologies
2009-06-18 08:33 . 2009-06-18 07:45 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-18 08:22 . 2009-06-18 08:22 -------- d-----w- c:\program files\Vimicro
2009-06-18 08:20 . 2009-06-18 06:49 16608 ----a-w- c:\windows\gdrv.sys
2009-06-18 08:18 . 2009-06-18 08:18 319488 ----a-w- c:\windows\HideWin.exe
2009-06-18 08:07 . 2009-06-18 08:07 0 ----a-w- c:\windows\nsreg.dat
2009-06-18 07:53 . 2009-06-18 06:40 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-18 07:53 . 2009-06-18 07:53 12328 ----a-w- c:\documents and settings\beyaz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-18 07:46 . 2009-06-18 07:46 -------- d-----w- c:\program files\Intel
2009-06-18 07:45 . 2009-06-18 06:50 -------- d-----w- c:\program files\Realtek
2009-06-18 06:57 . 2009-06-18 06:57 -------- d-----w- c:\program files\Avira
2009-06-18 06:57 . 2009-06-18 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-18 06:50 . 2009-06-18 06:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-06-18 06:39 . 2009-06-18 06:39 21736 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-16 03:58 . 2009-05-16 03:58 4069888 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-05-16 03:39 . 2009-05-16 03:39 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-05-16 03:38 . 2009-05-16 03:38 335872 ----a-w- c:\windows\system32\ati2dvag.dll
2009-05-16 03:18 . 2009-05-16 03:18 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-05-16 03:17 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-05-16 03:17 . 2009-05-16 03:17 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-05-16 03:17 . 2009-05-16 03:17 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-05-16 03:17 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-05-16 03:15 . 2009-05-16 03:15 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-05-16 03:14 . 2009-05-16 03:14 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-05-16 03:07 . 2009-05-16 03:07 2987136 ----a-w- c:\windows\system32\ati3duag.dll
2009-05-16 02:55 . 2009-05-16 02:55 11423744 ----a-w- c:\windows\system32\atioglxx.dll
2009-05-16 02:54 . 2009-05-16 02:54 2122624 ----a-w- c:\windows\system32\ativvaxx.dll
2009-05-16 02:54 . 2009-05-16 02:54 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-05-16 02:54 . 2009-05-16 02:54 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-05-16 02:51 . 2009-05-16 02:51 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-05-16 02:38 . 2009-05-16 02:38 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-05-16 02:38 . 2009-05-16 02:38 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-05-16 02:33 . 2009-05-16 02:33 479232 ----a-w- c:\windows\system32\atikvmag.dll
2009-05-16 02:31 . 2009-05-16 02:31 139264 ----a-w- c:\windows\system32\atiadlxx.dll
2009-05-16 02:31 . 2009-05-16 02:31 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-05-16 02:30 . 2009-05-16 02:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-05-16 02:26 . 2009-05-16 02:26 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-05-16 02:24 . 2009-05-16 02:24 651264 ----a-w- c:\windows\system32\ati2cqag.dll
2009-05-16 01:35 . 2009-05-16 01:35 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-05-16 01:34 . 2009-05-16 01:34 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-05-16 01:33 . 2009-05-16 01:33 3158016 ----a-w- c:\windows\system32\aticaldd.dll
2009-05-15 18:05 . 2009-06-18 08:33 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-05-13 05:04 . 2008-04-14 06:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-04-14 06:00 345088 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 19:33 . 2009-05-05 19:33 118784 ----a-w- c:\windows\system32\atibtmon.exe
2009-07-22 23:11 . 2009-06-18 08:07 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-05 13:46 2215960 ----a-w- c:\program files\BS_Player\tbBS_1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-18 133104]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"AIMP2"="c:\program files\AIMP2\AIMP2.exe" [2008-12-30 358400]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208]
"Windowss"="smsWfi.exe" - c:\windows\smsWfi.exe [2009-06-23 147456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\driver\\usb\\gamesz.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [16.07.2009 22:59 28544]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.06.2009 09:57 108289]
R2 ekrn;ESET Service;c:\program files\ESET\Eset Smart Security\ekrn.exe [09.04.2009 15:19 731840]
R3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [05.07.2009 16:08 450944]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [18.06.2009 11:22 428160]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe /s --> c:\windows\reset.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18.06.2009 10:45 1684736]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1383384898-1177238915-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 07:30]
2009-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1383384898-1177238915-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 07:30]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-BigDog303 - c:\windows\VM303_STI.EXE
HKLM-Run-AirTiesWUS-300 - c:\program files\AirTies\AirTiesWUS-300\WUS300.exe
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
HKU-Default-RunOnce-nltide2 - rundll32 advpack.dll
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {626F8656-8372-48BB-A7AD-C46E20F35E43} = 127.0.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4pnj89e2.default\
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-07-25 19:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2052111302-1383384898-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,47,2b,4b,1a,01,8e,45,96,75,54,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,47,2b,4b,1a,01,8e,45,96,75,54,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-25 19:49
ComboFix-quarantined-files.txt 2009-07-25 16:49
Pre-Run: 89.177.079.808 bayt boş
Post-Run: 90.077.794.304 bayt boş
262 --- E O F --- 2009-07-09 04:02
mbam-log-2009-07-25
Malwarebytes' Anti-Malware 1.39
Veritabanı sürümü: 2500
Windows 5.1.2600 Service Pack 3
25.07.2009 21:51:04
mbam-log-2009-07-25 (21-51-04).txt
Tarama biçimi: Gelişmiş Tarama (C:\|D:\|E:\|)
Taranan öğeler: 254768
Geçen süre: 39 minute(s), 24 second(s)
Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 0
Etkilenmiş Kayıt Değerleri: 0
Etkilenmiş Kayıt Verisi Öğeleri: 1
Etkilenmiş Klasörler: 0
Etkilenmiş Dosyalar: 0
Etkilenmiş Hafıza İşlemleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Hafıza Modülleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Anahtarları:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Değerleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Verisi Öğeleri:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Etkilenmiş Klasörler:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Dosyalar:
(Herhangi bir tehlikeli öğe bulunmadı)
Alıntıları Göster_____________________________
-
Avenger programıyla şekildekileri uygulayınquote:
Orijinalden alıntı: Matrix Prisoner
güvenli kipte açmanıza izin veriyormu?
Alıntıları Göster
http://www.guvenlikuzmanim.com/dosyalar/avenger.exe
Ve tekrar Combofix le taratıp log gönderin
Edit: Çİft antivirüs programı kullanmak pek tavsiye edilmez
< Bu mesaj bu kişi tarafından değiştirildi tcebeci -- 26 Temmuz 2009; 13:14:56 >_____________________________
-
@tcebeciquote:
Orijinalden alıntı: tcebeci
Avenger programıyla şekildekileri uygulayın
http://www.guvenlikuzmanim.com/dosyalar/avenger.exe
Ve tekrar Combofix le taratıp log gönderin
Edit: Çİft antivirüs programı kullanmak pek tavsiye edilmez
Alıntıları Göster
Zaten ben hep avira kullanıyorum uğraştırmadan kurulduğu için, nod32 yi acaba bişeyler bulur mu ümidi ile kurmuştum...
Söylediğiniz gibi yaptım ilk reset ten sonra mavi ekranla karşılaştım bu normal mi?
Ayrıca 3. satırdaki "scrrntr" gibi görünüyor yoksa "scrmtr" mi... yani 'r n' mi 'm' mi? ...
Avenger Log...
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Driver "pavboot" disabled successfully.
Driver "Ambfilt" disabled successfully.
Error: could not open driver "scrrntr"
Disablement of driver "scrrntr" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Driver "pavboot" deleted successfully.
Driver "Ambfilt" deleted successfully.
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\scrrntr" not found!
Deletion of driver "scrrntr" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
_____________________________
-
şu anda mavi ekran varmı?quote:
Orijinalden alıntı: 01Mrt
@tcebeci
Zaten ben hep avira kullanıyorum uğraştırmadan kurulduğu için, nod32 yi acaba bişeyler bulur mu ümidi ile kurmuştum...
Söylediğiniz gibi yaptım ilk reset ten sonra mavi ekranla karşılaştım bu normal mi?
Ayrıca 3. satırdaki "scrrntr" gibi görünüyor yoksa "scrmtr" mi... yani 'r n' mi 'm' mi? ...
Avenger Log...
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Driver "pavboot" disabled successfully.
Driver "Ambfilt" disabled successfully.
Error: could not open driver "scrrntr"
Disablement of driver "scrrntr" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Driver "pavboot" deleted successfully.
Driver "Ambfilt" deleted successfully.
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\scrrntr" not found!
Deletion of driver "scrrntr" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
Alıntıları Göster
Birkez daha combofix yaparmısın?
scrrntr dosyası zaten silinmiş görünüyor, önemli değil
< Bu mesaj bu kişi tarafından değiştirildi tcebeci -- 26 Temmuz 2009; 20:01:29 >_____________________________
-
@tcebeciquote:
Orijinalden alıntı: tcebeci
şu anda mavi ekran varmı?
Birkez daha combofix yaparmısın?
scrrntr dosyası zaten silinmiş görünüyor, önemli değil
Alıntıları Göster
mavi ekran şuan yok tekrar reset attım açıldı...
"SCRRNTR" yani doğru yazmışım sorun yok değil mi...
Combo_Log
ComboFix 09-07-20.05 - Administrator 26.07.2009 19:53.3.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.3070.2373 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\Program & Driver\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.
2009-07-26 07:35 . 2009-07-26 07:35 -------- d-----w- c:\program files\MadOnion.com
2009-07-25 18:53 . 2009-07-25 18:53 -------- d-----w- c:\windows\system32\xircom
2009-07-25 18:53 . 2009-07-25 18:53 -------- d-----w- c:\windows\system32\wbem\snmp
2009-07-25 18:53 . 2009-07-25 18:53 -------- d-----w- c:\program files\microsoft frontpage
2009-07-25 16:59 . 2009-07-25 16:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-25 16:58 . 2009-07-13 10:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 16:58 . 2009-07-25 16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 16:58 . 2009-07-25 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-25 16:58 . 2009-07-13 10:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-23 19:34 . 2009-07-23 19:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2009-07-23 18:08 . 2009-07-23 18:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\ESET
2009-07-23 18:07 . 2009-07-23 18:07 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ESET
2009-07-23 18:06 . 2009-07-23 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-21 19:53 . 2008-05-21 12:28 7994 ----a-w- C:\yama.vbs
2009-07-19 14:46 . 2009-07-19 14:46 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-07-19 10:50 . 2009-07-19 10:50 -------- d-----w- c:\program files\Dracula Virüs Temizleyici 3.5
2009-07-17 19:38 . 2009-07-21 19:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-17 19:38 . 2009-07-21 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-17 19:35 . 2009-07-17 19:35 -------- d--h--w- c:\windows\PIF
2009-07-17 17:47 . 2009-07-17 17:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2009-07-16 19:59 . 2008-06-19 14:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-16 19:58 . 2009-07-16 19:58 -------- d-----w- c:\program files\Panda Security
2009-07-12 11:28 . 2009-07-12 11:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-12 09:06 . 2009-07-12 09:06 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-07-11 20:10 . 2009-06-23 15:44 147456 --sh--r- c:\windows\smsWfi.exe
2009-07-10 19:51 . 2009-07-10 19:51 -------- d-----w- c:\program files\Bonjour
2009-07-10 19:46 . 2009-07-10 19:46 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-09 09:20 . 2009-07-09 09:20 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-07-09 09:19 . 2009-07-09 09:19 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-09 04:02 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-09 04:01 . 2009-07-09 04:01 -------- d-----w- c:\windows\ie8updates
2009-07-09 04:01 . 2009-04-30 21:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-09 04:01 . 2009-04-30 21:14 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-07-09 04:01 . 2009-04-30 21:14 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-07-09 04:01 . 2009-04-30 21:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-09 04:00 . 2009-07-09 04:01 -------- dc-h--w- c:\windows\ie8
2009-07-05 13:15 . 2009-07-05 18:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BS_Player
2009-07-05 13:15 . 2009-07-05 13:15 -------- d-----w- c:\program files\Conduit
2009-07-05 13:15 . 2009-07-05 13:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2009-07-05 13:15 . 2009-07-05 13:46 -------- d-----w- c:\program files\BS_Player
2009-07-05 13:15 . 2009-07-05 13:15 -------- d-----w- c:\program files\Webteh
2009-07-05 13:08 . 2009-07-05 13:08 -------- d-----w- c:\program files\AirTies
2009-07-05 13:08 . 2007-03-16 09:53 450944 ----a-w- c:\windows\system32\drivers\TUSB1150.sys
2009-07-05 13:08 . 2006-12-04 12:42 97388 ----a-w- c:\windows\system32\drivers\Fwusb1b.bin
2009-07-03 20:45 . 2009-07-12 17:46 158 ----a-w- C:\tw0001.dat
2009-07-02 16:00 . 2008-04-13 08:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-06-30 16:37 . 2009-06-30 16:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\vdownloader
2009-06-28 18:22 . 2009-06-28 18:22 -------- d-----w- c:\windows\system32\dns
2009-06-26 19:05 . 2009-06-26 19:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Datalayer
2009-06-26 19:05 . 2009-06-28 20:39 -------- d-----w- c:\documents and settings\Administrator\Phone Browser
2009-06-26 19:04 . 2009-06-26 19:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\DIFX
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-26 19:01 . 2006-05-29 05:26 8704 ----a-w- c:\windows\system32\drivers\nmwcdc.sys
2009-06-26 19:01 . 2006-05-29 05:26 13312 ----a-w- c:\windows\system32\drivers\nmwcdcm.sys
2009-06-26 19:01 . 2006-05-29 05:26 127488 ----a-w- c:\windows\system32\drivers\nmwcd.sys
2009-06-26 19:01 . 2006-05-29 05:26 30720 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-06-26 19:01 . 2006-05-29 05:26 4608 ----a-w- c:\windows\system32\nmwcdlog.dll
2009-06-26 19:01 . 2006-05-29 05:26 50688 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\Nokia
2009-06-26 19:00 . 2009-06-26 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 07:35 . 2009-06-18 06:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-25 19:20 . 2009-06-18 16:12 -------- d-----w- c:\program files\Unlocker
2009-07-18 17:50 . 2009-06-18 07:35 -------- d-----w- c:\program files\MSN Messenger
2009-07-10 19:51 . 2009-06-18 16:18 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-26 16:57 . 2009-06-18 07:41 68456 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-23 09:52 . 2001-11-22 15:00 68472 ----a-w- c:\windows\system32\perfc01F.dat
2009-06-23 09:52 . 2001-11-22 15:00 383452 ----a-w- c:\windows\system32\perfh01F.dat
2009-06-21 14:30 . 2009-06-21 14:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\GRETECH
2009-06-20 17:06 . 2009-06-18 16:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2009-06-18 17:12 . 2009-06-18 17:06 -------- d-----w- c:\program files\proeWildfire 3.0
2009-06-18 17:00 . 2009-06-18 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-18 16:59 . 2009-06-18 16:59 -------- d-----w- c:\program files\Microsoft Works
2009-06-18 16:58 . 2009-06-18 16:58 -------- d-----w- c:\program files\MSBuild
2009-06-18 16:58 . 2009-06-18 16:58 -------- d-----w- c:\program files\Microsoft.NET
2009-06-18 16:56 . 2009-06-18 16:56 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-18 16:52 . 2009-06-18 16:51 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-18 16:51 . 2009-06-18 16:51 -------- d-----w- c:\program files\Nero
2009-06-18 16:17 . 2009-06-18 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-06-18 16:17 . 2009-06-18 16:17 -------- d-----w- c:\program files\TechSmith
2009-06-18 16:12 . 2009-06-18 16:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Desktopicon
2009-06-18 16:03 . 2009-06-18 16:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-06-18 16:02 . 2009-06-18 16:02 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-18 15:09 . 2009-06-18 15:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-06-18 15:08 . 2009-06-18 15:08 -------- d-----w- c:\program files\VideoLAN
2009-06-18 15:04 . 2009-06-18 15:04 -------- d-----w- c:\program files\HD Tune
2009-06-18 13:25 . 2009-06-18 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-06-18 13:25 . 2009-06-18 13:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI
2009-06-18 10:27 . 2009-06-18 10:27 -------- d-----w- c:\program files\AIMP2
2009-06-18 08:35 . 2009-06-18 08:35 0 ----a-w- c:\windows\ativpsrm.bin
2009-06-18 08:34 . 2009-06-18 08:33 -------- d-----w- c:\program files\ATI Technologies
2009-06-18 08:33 . 2009-06-18 07:45 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-18 08:22 . 2009-06-18 08:22 -------- d-----w- c:\program files\Vimicro
2009-06-18 08:20 . 2009-06-18 06:49 16608 ----a-w- c:\windows\gdrv.sys
2009-06-18 08:18 . 2009-06-18 08:18 319488 ----a-w- c:\windows\HideWin.exe
2009-06-18 08:07 . 2009-06-18 08:07 0 ----a-w- c:\windows\nsreg.dat
2009-06-18 07:53 . 2009-06-18 06:40 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-18 07:53 . 2009-06-18 07:53 12328 ----a-w- c:\documents and settings\beyaz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-18 07:46 . 2009-06-18 07:46 -------- d-----w- c:\program files\Intel
2009-06-18 07:45 . 2009-06-18 06:50 -------- d-----w- c:\program files\Realtek
2009-06-18 06:57 . 2009-06-18 06:57 -------- d-----w- c:\program files\Avira
2009-06-18 06:57 . 2009-06-18 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-18 06:50 . 2009-06-18 06:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-06-18 06:39 . 2009-06-18 06:39 21736 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-16 03:58 . 2009-05-16 03:58 4069888 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-05-16 03:39 . 2009-05-16 03:39 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-05-16 03:38 . 2009-05-16 03:38 335872 ----a-w- c:\windows\system32\ati2dvag.dll
2009-05-16 03:18 . 2009-05-16 03:18 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-05-16 03:17 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-05-16 03:17 . 2009-05-16 03:17 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-05-16 03:17 . 2009-05-16 03:17 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-05-16 03:17 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-05-16 03:15 . 2009-05-16 03:15 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-05-16 03:14 . 2009-05-16 03:14 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-05-16 03:07 . 2009-05-16 03:07 2987136 ----a-w- c:\windows\system32\ati3duag.dll
2009-05-16 02:55 . 2009-05-16 02:55 11423744 ----a-w- c:\windows\system32\atioglxx.dll
2009-05-16 02:54 . 2009-05-16 02:54 2122624 ----a-w- c:\windows\system32\ativvaxx.dll
2009-05-16 02:54 . 2009-05-16 02:54 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-05-16 02:54 . 2009-05-16 02:54 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-05-16 02:51 . 2009-05-16 02:51 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-05-16 02:38 . 2009-05-16 02:38 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-05-16 02:38 . 2009-05-16 02:38 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-05-16 02:33 . 2009-05-16 02:33 479232 ----a-w- c:\windows\system32\atikvmag.dll
2009-05-16 02:31 . 2009-05-16 02:31 139264 ----a-w- c:\windows\system32\atiadlxx.dll
2009-05-16 02:31 . 2009-05-16 02:31 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-05-16 02:30 . 2009-05-16 02:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-05-16 02:26 . 2009-05-16 02:26 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-05-16 02:24 . 2009-05-16 02:24 651264 ----a-w- c:\windows\system32\ati2cqag.dll
2009-05-16 01:35 . 2009-05-16 01:35 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-05-16 01:34 . 2009-05-16 01:34 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-05-16 01:33 . 2009-05-16 01:33 3158016 ----a-w- c:\windows\system32\aticaldd.dll
2009-05-15 18:05 . 2009-06-18 08:33 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-05-13 05:04 . 2008-04-14 06:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-04-14 06:00 345088 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 19:33 . 2009-05-05 19:33 118784 ----a-w- c:\windows\system32\atibtmon.exe
2009-07-22 23:11 . 2009-06-18 08:07 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-05 13:46 2215960 ----a-w- c:\program files\BS_Player\tbBS_1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-18 133104]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"AIMP2"="c:\program files\AIMP2\AIMP2.exe" [2008-12-30 358400]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208]
"Windowss"="smsWfi.exe" - c:\windows\smsWfi.exe [2009-06-23 147456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.06.2009 09:57 108289]
R3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [05.07.2009 16:08 450944]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [18.06.2009 11:22 428160]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe /s --> c:\windows\reset.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1383384898-1177238915-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 07:30]
2009-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1383384898-1177238915-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 07:30]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {626F8656-8372-48BB-A7AD-C46E20F35E43} = 127.0.0.1
TCP: {D1428DCA-C5B2-46BF-8AE8-61F215A7D796} = 4.2.2.1,4.2.2.2
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4pnj89e2.default\
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-07-26 19:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2052111302-1383384898-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,47,2b,4b,1a,01,8e,45,96,75,54,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,47,2b,4b,1a,01,8e,45,96,75,54,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1288)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-07-26 19:59
ComboFix-quarantined-files.txt 2009-07-26 16:59
ComboFix2.txt 2009-07-26 10:42
ComboFix3.txt 2009-07-25 16:49
Pre-Run: 89.845.944.320 bayt boş
Post-Run: 89.894.903.808 bayt boş
253 --- E O F --- 2009-07-09 04:02
_____________________________
-
Tamamdır, sorun gözükmüyor ama biz son kez mbam ile "Gelişmiş Tarama" seçeneğini işaretleyip tarama yaptıralımquote:
Orijinalden alıntı: 01Mrt
@tcebeci
mavi ekran şuan yok tekrar reset attım açıldı...
"SCRRNTR" yani doğru yazmışım sorun yok değil mi...
Combo_Log
ComboFix 09-07-20.05 - Administrator 26.07.2009 19:53.3.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.3070.2373 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\Program & Driver\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.
2009-07-26 07:35 . 2009-07-26 07:35 -------- d-----w- c:\program files\MadOnion.com
2009-07-25 18:53 . 2009-07-25 18:53 -------- d-----w- c:\windows\system32\xircom
2009-07-25 18:53 . 2009-07-25 18:53 -------- d-----w- c:\windows\system32\wbem\snmp
2009-07-25 18:53 . 2009-07-25 18:53 -------- d-----w- c:\program files\microsoft frontpage
2009-07-25 16:59 . 2009-07-25 16:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-25 16:58 . 2009-07-13 10:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 16:58 . 2009-07-25 16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 16:58 . 2009-07-25 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-25 16:58 . 2009-07-13 10:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-23 19:34 . 2009-07-23 19:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2009-07-23 18:08 . 2009-07-23 18:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\ESET
2009-07-23 18:07 . 2009-07-23 18:07 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ESET
2009-07-23 18:06 . 2009-07-23 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-21 19:53 . 2008-05-21 12:28 7994 ----a-w- C:\yama.vbs
2009-07-19 14:46 . 2009-07-19 14:46 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-07-19 10:50 . 2009-07-19 10:50 -------- d-----w- c:\program files\Dracula Virüs Temizleyici 3.5
2009-07-17 19:38 . 2009-07-21 19:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-17 19:38 . 2009-07-21 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-17 19:35 . 2009-07-17 19:35 -------- d--h--w- c:\windows\PIF
2009-07-17 17:47 . 2009-07-17 17:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2009-07-16 19:59 . 2008-06-19 14:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-16 19:58 . 2009-07-16 19:58 -------- d-----w- c:\program files\Panda Security
2009-07-12 11:28 . 2009-07-12 11:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-12 09:06 . 2009-07-12 09:06 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-07-11 20:10 . 2009-06-23 15:44 147456 --sh--r- c:\windows\smsWfi.exe
2009-07-10 19:51 . 2009-07-10 19:51 -------- d-----w- c:\program files\Bonjour
2009-07-10 19:46 . 2009-07-10 19:46 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-09 09:20 . 2009-07-09 09:20 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-07-09 09:19 . 2009-07-09 09:19 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-09 04:02 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-09 04:01 . 2009-07-09 04:01 -------- d-----w- c:\windows\ie8updates
2009-07-09 04:01 . 2009-04-30 21:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-09 04:01 . 2009-04-30 21:14 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-07-09 04:01 . 2009-04-30 21:14 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-07-09 04:01 . 2009-04-30 21:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-09 04:00 . 2009-07-09 04:01 -------- dc-h--w- c:\windows\ie8
2009-07-05 13:15 . 2009-07-05 18:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BS_Player
2009-07-05 13:15 . 2009-07-05 13:15 -------- d-----w- c:\program files\Conduit
2009-07-05 13:15 . 2009-07-05 13:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2009-07-05 13:15 . 2009-07-05 13:46 -------- d-----w- c:\program files\BS_Player
2009-07-05 13:15 . 2009-07-05 13:15 -------- d-----w- c:\program files\Webteh
2009-07-05 13:08 . 2009-07-05 13:08 -------- d-----w- c:\program files\AirTies
2009-07-05 13:08 . 2007-03-16 09:53 450944 ----a-w- c:\windows\system32\drivers\TUSB1150.sys
2009-07-05 13:08 . 2006-12-04 12:42 97388 ----a-w- c:\windows\system32\drivers\Fwusb1b.bin
2009-07-03 20:45 . 2009-07-12 17:46 158 ----a-w- C:\tw0001.dat
2009-07-02 16:00 . 2008-04-13 08:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-06-30 16:37 . 2009-06-30 16:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\vdownloader
2009-06-28 18:22 . 2009-06-28 18:22 -------- d-----w- c:\windows\system32\dns
2009-06-26 19:05 . 2009-06-26 19:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Datalayer
2009-06-26 19:05 . 2009-06-28 20:39 -------- d-----w- c:\documents and settings\Administrator\Phone Browser
2009-06-26 19:04 . 2009-06-26 19:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\DIFX
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-26 19:01 . 2006-05-29 05:26 8704 ----a-w- c:\windows\system32\drivers\nmwcdc.sys
2009-06-26 19:01 . 2006-05-29 05:26 13312 ----a-w- c:\windows\system32\drivers\nmwcdcm.sys
2009-06-26 19:01 . 2006-05-29 05:26 127488 ----a-w- c:\windows\system32\drivers\nmwcd.sys
2009-06-26 19:01 . 2006-05-29 05:26 30720 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-06-26 19:01 . 2006-05-29 05:26 4608 ----a-w- c:\windows\system32\nmwcdlog.dll
2009-06-26 19:01 . 2006-05-29 05:26 50688 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\Nokia
2009-06-26 19:00 . 2009-06-26 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 07:35 . 2009-06-18 06:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-25 19:20 . 2009-06-18 16:12 -------- d-----w- c:\program files\Unlocker
2009-07-18 17:50 . 2009-06-18 07:35 -------- d-----w- c:\program files\MSN Messenger
2009-07-10 19:51 . 2009-06-18 16:18 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-26 16:57 . 2009-06-18 07:41 68456 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-23 09:52 . 2001-11-22 15:00 68472 ----a-w- c:\windows\system32\perfc01F.dat
2009-06-23 09:52 . 2001-11-22 15:00 383452 ----a-w- c:\windows\system32\perfh01F.dat
2009-06-21 14:30 . 2009-06-21 14:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\GRETECH
2009-06-20 17:06 . 2009-06-18 16:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2009-06-18 17:12 . 2009-06-18 17:06 -------- d-----w- c:\program files\proeWildfire 3.0
2009-06-18 17:00 . 2009-06-18 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-18 16:59 . 2009-06-18 16:59 -------- d-----w- c:\program files\Microsoft Works
2009-06-18 16:58 . 2009-06-18 16:58 -------- d-----w- c:\program files\MSBuild
2009-06-18 16:58 . 2009-06-18 16:58 -------- d-----w- c:\program files\Microsoft.NET
2009-06-18 16:56 . 2009-06-18 16:56 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-18 16:52 . 2009-06-18 16:51 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-18 16:51 . 2009-06-18 16:51 -------- d-----w- c:\program files\Nero
2009-06-18 16:17 . 2009-06-18 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-06-18 16:17 . 2009-06-18 16:17 -------- d-----w- c:\program files\TechSmith
2009-06-18 16:12 . 2009-06-18 16:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Desktopicon
2009-06-18 16:03 . 2009-06-18 16:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-06-18 16:02 . 2009-06-18 16:02 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-18 15:09 . 2009-06-18 15:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-06-18 15:08 . 2009-06-18 15:08 -------- d-----w- c:\program files\VideoLAN
2009-06-18 15:04 . 2009-06-18 15:04 -------- d-----w- c:\program files\HD Tune
2009-06-18 13:25 . 2009-06-18 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-06-18 13:25 . 2009-06-18 13:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI
2009-06-18 10:27 . 2009-06-18 10:27 -------- d-----w- c:\program files\AIMP2
2009-06-18 08:35 . 2009-06-18 08:35 0 ----a-w- c:\windows\ativpsrm.bin
2009-06-18 08:34 . 2009-06-18 08:33 -------- d-----w- c:\program files\ATI Technologies
2009-06-18 08:33 . 2009-06-18 07:45 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-18 08:22 . 2009-06-18 08:22 -------- d-----w- c:\program files\Vimicro
2009-06-18 08:20 . 2009-06-18 06:49 16608 ----a-w- c:\windows\gdrv.sys
2009-06-18 08:18 . 2009-06-18 08:18 319488 ----a-w- c:\windows\HideWin.exe
2009-06-18 08:07 . 2009-06-18 08:07 0 ----a-w- c:\windows\nsreg.dat
2009-06-18 07:53 . 2009-06-18 06:40 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-18 07:53 . 2009-06-18 07:53 12328 ----a-w- c:\documents and settings\beyaz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-18 07:46 . 2009-06-18 07:46 -------- d-----w- c:\program files\Intel
2009-06-18 07:45 . 2009-06-18 06:50 -------- d-----w- c:\program files\Realtek
2009-06-18 06:57 . 2009-06-18 06:57 -------- d-----w- c:\program files\Avira
2009-06-18 06:57 . 2009-06-18 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-18 06:50 . 2009-06-18 06:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-06-18 06:39 . 2009-06-18 06:39 21736 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-16 03:58 . 2009-05-16 03:58 4069888 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-05-16 03:39 . 2009-05-16 03:39 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-05-16 03:38 . 2009-05-16 03:38 335872 ----a-w- c:\windows\system32\ati2dvag.dll
2009-05-16 03:18 . 2009-05-16 03:18 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-05-16 03:17 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-05-16 03:17 . 2009-05-16 03:17 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-05-16 03:17 . 2009-05-16 03:17 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-05-16 03:17 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-05-16 03:15 . 2009-05-16 03:15 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-05-16 03:14 . 2009-05-16 03:14 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-05-16 03:07 . 2009-05-16 03:07 2987136 ----a-w- c:\windows\system32\ati3duag.dll
2009-05-16 02:55 . 2009-05-16 02:55 11423744 ----a-w- c:\windows\system32\atioglxx.dll
2009-05-16 02:54 . 2009-05-16 02:54 2122624 ----a-w- c:\windows\system32\ativvaxx.dll
2009-05-16 02:54 . 2009-05-16 02:54 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-05-16 02:54 . 2009-05-16 02:54 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-05-16 02:51 . 2009-05-16 02:51 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-05-16 02:38 . 2009-05-16 02:38 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-05-16 02:38 . 2009-05-16 02:38 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-05-16 02:33 . 2009-05-16 02:33 479232 ----a-w- c:\windows\system32\atikvmag.dll
2009-05-16 02:31 . 2009-05-16 02:31 139264 ----a-w- c:\windows\system32\atiadlxx.dll
2009-05-16 02:31 . 2009-05-16 02:31 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-05-16 02:30 . 2009-05-16 02:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-05-16 02:26 . 2009-05-16 02:26 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-05-16 02:24 . 2009-05-16 02:24 651264 ----a-w- c:\windows\system32\ati2cqag.dll
2009-05-16 01:35 . 2009-05-16 01:35 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-05-16 01:34 . 2009-05-16 01:34 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-05-16 01:33 . 2009-05-16 01:33 3158016 ----a-w- c:\windows\system32\aticaldd.dll
2009-05-15 18:05 . 2009-06-18 08:33 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-05-13 05:04 . 2008-04-14 06:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-04-14 06:00 345088 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 19:33 . 2009-05-05 19:33 118784 ----a-w- c:\windows\system32\atibtmon.exe
2009-07-22 23:11 . 2009-06-18 08:07 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-05 13:46 2215960 ----a-w- c:\program files\BS_Player\tbBS_1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-18 133104]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"AIMP2"="c:\program files\AIMP2\AIMP2.exe" [2008-12-30 358400]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208]
"Windowss"="smsWfi.exe" - c:\windows\smsWfi.exe [2009-06-23 147456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.06.2009 09:57 108289]
R3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [05.07.2009 16:08 450944]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [18.06.2009 11:22 428160]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe /s --> c:\windows\reset.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1383384898-1177238915-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 07:30]
2009-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1383384898-1177238915-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 07:30]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {626F8656-8372-48BB-A7AD-C46E20F35E43} = 127.0.0.1
TCP: {D1428DCA-C5B2-46BF-8AE8-61F215A7D796} = 4.2.2.1,4.2.2.2
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4pnj89e2.default\
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-07-26 19:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2052111302-1383384898-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,47,2b,4b,1a,01,8e,45,96,75,54,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,47,2b,4b,1a,01,8e,45,96,75,54,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1288)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-07-26 19:59
ComboFix-quarantined-files.txt 2009-07-26 16:59
ComboFix2.txt 2009-07-26 10:42
ComboFix3.txt 2009-07-25 16:49
Pre-Run: 89.845.944.320 bayt boş
Post-Run: 89.894.903.808 bayt boş
253 --- E O F --- 2009-07-09 04:02
Alıntıları Göster
http://www.guvenlikuzmanim.com/dosyalar/mbam-setup.exe
Tarama bittikten sonra tekrar log gönderirseniz sevinirim
< Bu mesaj bu kişi tarafından değiştirildi tcebeci -- 26 Temmuz 2009; 20:15:06 >_____________________________
-
Avengerı trojan olarak görüyor sanırım bulduğu üç şeyde avengerla ilgili...quote:
Orijinalden alıntı: tcebeci
Tamamdır, sorun gözükmüyor ama biz son kez mbam ile "Gelişmiş Tarama" seçeneğini işaretleyip tarama yaptıralım
http://www.guvenlikuzmanim.com/dosyalar/mbam-setup.exe
Tarama bittikten sonra tekrar log gönderirseniz sevinirim
Alıntıları Göster
USB hala takmıyorum eğer sorun yok herşey tamam derseniz takıcam...
Mbam Log
Malwarebytes' Anti-Malware 1.39
Veritabanı sürümü: 2500
Windows 5.1.2600 Service Pack 3
26.07.2009 21:40:50
mbam-log-2009-07-26 (21-40-50).txt
Tarama biçimi: Gelişmiş Tarama (C:\|D:\|F:\|H:\|)
Taranan öğeler: 255435
Geçen süre: 38 minute(s), 25 second(s)
Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 0
Etkilenmiş Kayıt Değerleri: 0
Etkilenmiş Kayıt Verisi Öğeleri: 1
Etkilenmiş Klasörler: 0
Etkilenmiş Dosyalar: 2
Etkilenmiş Hafıza İşlemleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Hafıza Modülleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Anahtarları:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Değerleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Verisi Öğeleri:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Etkilenmiş Klasörler:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Dosyalar:
c:\documents and settings\administrator\Desktop\program & driver\avenger.exe (Trojan.Agnet) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\application data\Google\Chrome\user data\Default\Cache\f_001627 (Trojan.Agnet) -> Quarantined and deleted successfully.
_____________________________
-
Sorun yok görünüyor, NOD32 ile ilgiligönderdiğim PM deki işlemi yaptınızmı?quote:
Orijinalden alıntı: 01Mrt
Avengerı trojan olarak görüyor sanırım bulduğu üç şeyde avengerla ilgili...
USB hala takmıyorum eğer sorun yok herşey tamam derseniz takıcam...
Mbam Log
Malwarebytes' Anti-Malware 1.39
Veritabanı sürümü: 2500
Windows 5.1.2600 Service Pack 3
26.07.2009 21:40:50
mbam-log-2009-07-26 (21-40-50).txt
Tarama biçimi: Gelişmiş Tarama (C:\|D:\|F:\|H:\|)
Taranan öğeler: 255435
Geçen süre: 38 minute(s), 25 second(s)
Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 0
Etkilenmiş Kayıt Değerleri: 0
Etkilenmiş Kayıt Verisi Öğeleri: 1
Etkilenmiş Klasörler: 0
Etkilenmiş Dosyalar: 2
Etkilenmiş Hafıza İşlemleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Hafıza Modülleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Anahtarları:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Değerleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Verisi Öğeleri:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Etkilenmiş Klasörler:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Dosyalar:
c:\documents and settings\administrator\Desktop\program & driver\avenger.exe (Trojan.Agnet) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\application data\Google\Chrome\user data\Default\Cache\f_001627 (Trojan.Agnet) -> Quarantined and deleted successfully.
Alıntıları Göster
< Bu mesaj bu kişi tarafından değiştirildi tcebeci -- 26 Temmuz 2009; 22:08:42 >_____________________________
-
evet yaptım...quote:
Orijinalden alıntı: tcebeci
Sorun yok görünüyor, NOD32 ile ilgiligönderdiğim PM deki işlemi yaptınızmı?
Alıntıları Göster_____________________________ -
Tamamdır o zaman sorunsuz.quote:
Orijinalden alıntı: 01Mrt
evet yaptım...
Alıntıları Göster
Fakat birşey soracağım yaptırdığınız taramalarda, USB Flash Disk takılı değilmiydi E:\ sürücüsünde?_____________________________ -
hayır değil ve biçimlendirme yapmama rağmen aynı şeyle karşılaştım...quote:
Orijinalden alıntı: tcebeci
Tamamdır o zaman sorunsuz.
Fakat birşey soracağım yaptırdığınız taramalarda, USB Flash Disk takılı değilmiydi E:\ sürücüsünde?
Alıntıları Göster
flash disk takılı iken sürekli kullanılıyor görünüyor bende çıkarıyorum...
_____________________________ -
Flash diskin içi şimdi virüs kaynıyordur. Bende ikaz etmeyi unuttum, kusura bakma. Şimdi ne kadar flash diskin varsa bilgisayara tak ve Combofix ve Mbam ile flash diskleride taramaya dahil etmelisinquote:
Orijinalden alıntı: 01Mrt
hayır değil ve biçimlendirme yapmama rağmen aynı şeyle karşılaştım...
flash disk takılı iken sürekli kullanılıyor görünüyor bende çıkarıyorum...
Alıntıları Göster_____________________________
-
combofix kısa sürüyor ama mbam uzun sürüyor, yarına bırakıyorum artık sıkıldım...quote:
Orijinalden alıntı: tcebeci
Flash diskin içi şimdi virüs kaynıyordur. Bende ikaz etmeyi unuttum, kusura bakma. Şimdi ne kadar flash diskin varsa bilgisayara tak ve Combofix ve Mbam ile flash diskleride taramaya dahil etmelisin
Alıntıları Göster
yardımların için teşekkür ederim, ama sanki bilgisayara da birşey var ve flashı takınca bulaşıyor gibi geliyor bana mantık olarak...
başka bi düşüncen var mı?
_____________________________
-
flash tan bilgisayara atlıyor zaten virüs, işlemciyide sürekli meşgul ediyor.quote:
Orijinalden alıntı: 01Mrt
combofix kısa sürüyor ama mbam uzun sürüyor, yarına bırakıyorum artık sıkıldım...
yardımların için teşekkür ederim, ama sanki bilgisayara da birşey var ve flashı takınca bulaşıyor gibi geliyor bana mantık olarak...
başka bi düşüncen var mı?
Alıntıları Göster
Bilgisayar şu anda temiz ama flası taktığın anda herşey başa dönecek, en azından şimdilik combofix yaptırabilirsin
< Bu mesaj bu kişi tarafından değiştirildi tcebeci -- 26 Temmuz 2009; 22:27:12 >_____________________________
-
ama başka bilgisayarda biçimlendirdiğim zaman sorun olmuyor ve klasör görünmüyor, bu bilgisayara takınca etkileniyor...quote:
Orijinalden alıntı: tcebeci
flash tan bilgisayara atlıyor zaten virüs, işlemciyide sürekli meşgul ediyor.
Bilgisayar şu anda temiz ama flası taktığın anda herşey başa dönecek, en azından şimdilik combofix yaptırabilirsin
Alıntıları Göster
iyice beynim sulandı yaaa ben böyle bişey görmedim ömrüm boyunca...
neyse yarın flash takılı olarak combo ve mbam loglarını eklerim...
_____________________________
-
Şöyle izah edeyim;quote:
Orijinalden alıntı: 01Mrt
ama başka bilgisayarda biçimlendirdiğim zaman sorun olmuyor ve klasör görünmüyor, bu bilgisayara takınca etkileniyor...
iyice beynim sulandı yaaa ben böyle bişey görmedim ömrüm boyunca...
neyse yarın flash takılı olarak combo ve mbam loglarını eklerim...
Alıntıları Göster
Flash a virüs bulaştıktan sonra taktığın anda bilgisayara virüs geçiyor. Bu virüste kendini sürücü olarak Windows a ekliyor. Bundan sonra flaşı formatlasan bile bilgisayara bulaşan virüs tekrar flaşa geçiyor.
Malesef çoğu antivirüs programı bunu englleyemiyor.
Ok, yarın tekrar görüşürüz ozaman iyi geceler
Edit: Bilgisayarda c:\windows\smsWfi.exe dosyası da virüslü gözümden kaçmış;
The Avenger a şöyle yazıyorsunuz;
Files to delete:
c:\windows\smsWfi.exe
< Bu mesaj bu kişi tarafından değiştirildi tcebeci -- 27 Temmuz 2009; 12:55:19 >_____________________________
-
Mesajınızı yeni aldım bu aralar hiç vaktim olmuyor, aşırı yoğun çalışıyorum...quote:
Orijinalden alıntı: tcebeci
Şöyle izah edeyim;
Flash a virüs bulaştıktan sonra taktığın anda bilgisayara virüs geçiyor. Bu virüste kendini sürücü olarak Windows a ekliyor. Bundan sonra flaşı formatlasan bile bilgisayara bulaşan virüs tekrar flaşa geçiyor.
Malesef çoğu antivirüs programı bunu englleyemiyor.
Ok, yarın tekrar görüşürüz ozaman iyi geceler
Edit: Bilgisayarda c:\windows\smsWfi.exe dosyası da virüslü gözümden kaçmış;
The Avenger a şöyle yazıyorsunuz;
Files to delete:
c:\windows\smsWfi.exe
Alıntıları Göster
Dediğinizi sildikten sonra bi combo yaparım...
Mutlaka en son hali ile bi log daha eklerim...
log
ComboFix 09-07-20.05 - Administrator 26.07.2009 22:29.4.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.3070.2596 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\Program & Driver\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\cleanup.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.
2009-07-26 07:35 . 2009-07-26 07:35 -------- d-----w- c:\program files\MadOnion.com
2009-07-25 18:53 . 2009-07-25 18:53 -------- d-----w- c:\windows\system32\xircom
2009-07-25 18:53 . 2009-07-25 18:53 -------- d-----w- c:\windows\system32\wbem\snmp
2009-07-25 18:53 . 2009-07-25 18:53 -------- d-----w- c:\program files\microsoft frontpage
2009-07-25 16:59 . 2009-07-25 16:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-25 16:58 . 2009-07-13 10:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 16:58 . 2009-07-25 16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 16:58 . 2009-07-25 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-25 16:58 . 2009-07-13 10:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-23 19:34 . 2009-07-23 19:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2009-07-23 18:08 . 2009-07-23 18:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\ESET
2009-07-23 18:07 . 2009-07-23 18:07 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ESET
2009-07-23 18:06 . 2009-07-23 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-21 19:53 . 2008-05-21 12:28 7994 ----a-w- C:\yama.vbs
2009-07-19 14:46 . 2009-07-19 14:46 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-07-19 10:50 . 2009-07-19 10:50 -------- d-----w- c:\program files\Dracula Virüs Temizleyici 3.5
2009-07-17 19:38 . 2009-07-21 19:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-17 19:38 . 2009-07-21 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-17 19:35 . 2009-07-17 19:35 -------- d--h--w- c:\windows\PIF
2009-07-17 17:47 . 2009-07-17 17:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2009-07-16 19:59 . 2008-06-19 14:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-16 19:58 . 2009-07-16 19:58 -------- d-----w- c:\program files\Panda Security
2009-07-12 11:28 . 2009-07-12 11:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-12 09:06 . 2009-07-12 09:06 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-07-11 20:10 . 2009-06-23 15:44 147456 --sh--r- c:\windows\smsWfi.exe
2009-07-10 19:51 . 2009-07-10 19:51 -------- d-----w- c:\program files\Bonjour
2009-07-10 19:46 . 2009-07-10 19:46 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-09 09:20 . 2009-07-09 09:20 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-07-09 09:19 . 2009-07-09 09:19 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-09 04:02 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-09 04:01 . 2009-07-09 04:01 -------- d-----w- c:\windows\ie8updates
2009-07-09 04:01 . 2009-04-30 21:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-09 04:01 . 2009-04-30 21:14 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-07-09 04:01 . 2009-04-30 21:14 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-07-09 04:01 . 2009-04-30 21:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-09 04:00 . 2009-07-09 04:01 -------- dc-h--w- c:\windows\ie8
2009-07-05 13:15 . 2009-07-05 18:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BS_Player
2009-07-05 13:15 . 2009-07-05 13:15 -------- d-----w- c:\program files\Conduit
2009-07-05 13:15 . 2009-07-05 13:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2009-07-05 13:15 . 2009-07-05 13:46 -------- d-----w- c:\program files\BS_Player
2009-07-05 13:15 . 2009-07-05 13:15 -------- d-----w- c:\program files\Webteh
2009-07-05 13:08 . 2009-07-05 13:08 -------- d-----w- c:\program files\AirTies
2009-07-05 13:08 . 2007-03-16 09:53 450944 ----a-w- c:\windows\system32\drivers\TUSB1150.sys
2009-07-05 13:08 . 2006-12-04 12:42 97388 ----a-w- c:\windows\system32\drivers\Fwusb1b.bin
2009-07-03 20:45 . 2009-07-12 17:46 158 ----a-w- C:\tw0001.dat
2009-07-02 16:00 . 2008-04-13 08:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-06-30 16:37 . 2009-06-30 16:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\vdownloader
2009-06-28 18:22 . 2009-06-28 18:22 -------- d-----w- c:\windows\system32\dns
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 07:35 . 2009-06-18 06:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-25 19:20 . 2009-06-18 16:12 -------- d-----w- c:\program files\Unlocker
2009-07-18 17:50 . 2009-06-18 07:35 -------- d-----w- c:\program files\MSN Messenger
2009-07-10 19:51 . 2009-06-18 16:18 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-26 19:05 . 2009-06-26 19:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Datalayer
2009-06-26 19:04 . 2009-06-26 19:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\DIFX
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\Nokia
2009-06-26 19:00 . 2009-06-26 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-06-26 16:57 . 2009-06-18 07:41 68456 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-23 09:52 . 2001-11-22 15:00 68472 ----a-w- c:\windows\system32\perfc01F.dat
2009-06-23 09:52 . 2001-11-22 15:00 383452 ----a-w- c:\windows\system32\perfh01F.dat
2009-06-21 14:30 . 2009-06-21 14:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\GRETECH
2009-06-20 17:06 . 2009-06-18 16:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2009-06-18 17:12 . 2009-06-18 17:06 -------- d-----w- c:\program files\proeWildfire 3.0
2009-06-18 17:00 . 2009-06-18 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-18 16:59 . 2009-06-18 16:59 -------- d-----w- c:\program files\Microsoft Works
2009-06-18 16:58 . 2009-06-18 16:58 -------- d-----w- c:\program files\MSBuild
2009-06-18 16:58 . 2009-06-18 16:58 -------- d-----w- c:\program files\Microsoft.NET
2009-06-18 16:56 . 2009-06-18 16:56 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-18 16:52 . 2009-06-18 16:51 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-18 16:51 . 2009-06-18 16:51 -------- d-----w- c:\program files\Nero
2009-06-18 16:17 . 2009-06-18 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-06-18 16:17 . 2009-06-18 16:17 -------- d-----w- c:\program files\TechSmith
2009-06-18 16:12 . 2009-06-18 16:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Desktopicon
2009-06-18 16:03 . 2009-06-18 16:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-06-18 16:02 . 2009-06-18 16:02 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-18 15:09 . 2009-06-18 15:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-06-18 15:08 . 2009-06-18 15:08 -------- d-----w- c:\program files\VideoLAN
2009-06-18 15:04 . 2009-06-18 15:04 -------- d-----w- c:\program files\HD Tune
2009-06-18 13:25 . 2009-06-18 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-06-18 13:25 . 2009-06-18 13:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI
2009-06-18 10:27 . 2009-06-18 10:27 -------- d-----w- c:\program files\AIMP2
2009-06-18 08:35 . 2009-06-18 08:35 0 ----a-w- c:\windows\ativpsrm.bin
2009-06-18 08:34 . 2009-06-18 08:33 -------- d-----w- c:\program files\ATI Technologies
2009-06-18 08:33 . 2009-06-18 07:45 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-18 08:22 . 2009-06-18 08:22 -------- d-----w- c:\program files\Vimicro
2009-06-18 08:20 . 2009-06-18 06:49 16608 ----a-w- c:\windows\gdrv.sys
2009-06-18 08:18 . 2009-06-18 08:18 319488 ----a-w- c:\windows\HideWin.exe
2009-06-18 08:07 . 2009-06-18 08:07 0 ----a-w- c:\windows\nsreg.dat
2009-06-18 07:53 . 2009-06-18 06:40 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-18 07:53 . 2009-06-18 07:53 12328 ----a-w- c:\documents and settings\beyaz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-18 07:46 . 2009-06-18 07:46 -------- d-----w- c:\program files\Intel
2009-06-18 07:45 . 2009-06-18 06:50 -------- d-----w- c:\program files\Realtek
2009-06-18 06:57 . 2009-06-18 06:57 -------- d-----w- c:\program files\Avira
2009-06-18 06:57 . 2009-06-18 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-18 06:50 . 2009-06-18 06:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-06-18 06:39 . 2009-06-18 06:39 21736 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-16 03:58 . 2009-05-16 03:58 4069888 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-05-16 03:39 . 2009-05-16 03:39 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-05-16 03:38 . 2009-05-16 03:38 335872 ----a-w- c:\windows\system32\ati2dvag.dll
2009-05-16 03:18 . 2009-05-16 03:18 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-05-16 03:17 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-05-16 03:17 . 2009-05-16 03:17 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-05-16 03:17 . 2009-05-16 03:17 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-05-16 03:17 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-05-16 03:15 . 2009-05-16 03:15 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-05-16 03:14 . 2009-05-16 03:14 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-05-16 03:07 . 2009-05-16 03:07 2987136 ----a-w- c:\windows\system32\ati3duag.dll
2009-05-16 02:55 . 2009-05-16 02:55 11423744 ----a-w- c:\windows\system32\atioglxx.dll
2009-05-16 02:54 . 2009-05-16 02:54 2122624 ----a-w- c:\windows\system32\ativvaxx.dll
2009-05-16 02:54 . 2009-05-16 02:54 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-05-16 02:54 . 2009-05-16 02:54 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-05-16 02:51 . 2009-05-16 02:51 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-05-16 02:38 . 2009-05-16 02:38 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-05-16 02:38 . 2009-05-16 02:38 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-05-16 02:33 . 2009-05-16 02:33 479232 ----a-w- c:\windows\system32\atikvmag.dll
2009-05-16 02:31 . 2009-05-16 02:31 139264 ----a-w- c:\windows\system32\atiadlxx.dll
2009-05-16 02:31 . 2009-05-16 02:31 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-05-16 02:30 . 2009-05-16 02:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-05-16 02:26 . 2009-05-16 02:26 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-05-16 02:24 . 2009-05-16 02:24 651264 ----a-w- c:\windows\system32\ati2cqag.dll
2009-05-16 01:35 . 2009-05-16 01:35 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-05-16 01:34 . 2009-05-16 01:34 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-05-16 01:33 . 2009-05-16 01:33 3158016 ----a-w- c:\windows\system32\aticaldd.dll
2009-05-15 18:05 . 2009-06-18 08:33 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-05-13 05:04 . 2008-04-14 06:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-04-14 06:00 345088 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 19:33 . 2009-05-05 19:33 118784 ----a-w- c:\windows\system32\atibtmon.exe
2009-07-22 23:11 . 2009-06-18 08:07 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-05 13:46 2215960 ----a-w- c:\program files\BS_Player\tbBS_1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-18 133104]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"AIMP2"="c:\program files\AIMP2\AIMP2.exe" [2008-12-30 358400]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208]
"Windowss"="smsWfi.exe" - c:\windows\smsWfi.exe [2009-06-23 147456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.06.2009 09:57 108289]
R3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [05.07.2009 16:08 450944]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [18.06.2009 11:22 428160]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\documents and settings\Administrator\Desktop\RealTemp_3.00\WinRing0.sys [26.07.2009 19:30 14416]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1383384898-1177238915-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 07:30]
2009-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1383384898-1177238915-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 07:30]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {626F8656-8372-48BB-A7AD-C46E20F35E43} = 127.0.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4pnj89e2.default\
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-07-26 22:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2052111302-1383384898-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,47,2b,4b,1a,01,8e,45,96,75,54,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,47,2b,4b,1a,01,8e,45,96,75,54,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-26 22:35
ComboFix-quarantined-files.txt 2009-07-26 19:35
ComboFix2.txt 2009-07-26 16:59
ComboFix3.txt 2009-07-26 10:42
ComboFix4.txt 2009-07-25 16:49
Pre-Run: 89.833.467.904 bayt boş
Post-Run: 89.881.124.864 bayt boş
249 --- E O F --- 2009-07-09 04:02
< Bu mesaj bu kişi tarafından değiştirildi 01Mrt -- 28 Temmuz 2009; 22:44:18 >_____________________________
Benzer içerikler
- gmail şifre kırma
- combofix windows 11
- telefon numarasından konum bulma
- balkona kamera takmak yasal mı
- en iyi ücretsiz antivirüs programı
- windows defender kapatma
Ip işlemleri
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
