Şimdi Ara

Combofix kullanımıyla ilgili bazı sorular.

Sıcak Fırsatlarda Tıklananlar

Editörün Seçtiği Fırsatlar

Daha Fazla

Bu Konudaki Kullanıcılar: Daha Az

1 Misafir - 1 Masaüstü

5 sn

3
Cevap

0
Favori

1.364
Tıklama

Daha Fazla
İstatistik

Konu İstatistikleri Yükleniyor

Konuya Özel

0 oy

Öne Çıkar

Cevapla

Sayfa: 1

Giriş

Mesaj

Arkadaşlar ben pc'De virüs olacağından şüphelendim normal nod 32 ile taratmadan önce bi combofix'i yükleyip taratayım hem de programı ilk kez kullanacağım için merak ettim ve yükleyip tarama yaptırdım. 2 tane dosyaya deleted dedi. Acaba o dosyalar önemli mi?

c:\windows\deamon.exe << bunu zaten biliyorum pek önemli değil.
c:\windows\system32\BReWErS.dll <<

bide log dosyasını açtı bana ama içinde yazanlardan bir şey anlamadım acaba pc güvende mi yoksa harbiden virüs falan var mı? Log'ta yazan yazılar bunlar:

"ComboFix 09-04-30.05 - Administrator 05/01/2009 15:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1254.90.1055.18.2046.1623 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\daemon.exe
c:\windows\system32\BReWErS.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 )))))))))))))))))))))))))))))))
.

2009-04-30 14:24 . 2009-04-30 14:24 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-30 14:23 . 2009-04-30 14:23 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-30 14:05 . 2009-04-30 14:05 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-30 14:04 . 2009-04-30 14:04 -------- d-----w c:\program files\Microsoft
2009-04-30 14:03 . 2009-04-30 14:05 -------- d-----w c:\program files\Windows Live
2009-04-22 19:32 . 2009-04-22 19:36 2736128 ----a-w c:\windows\system32\TopThemesLogonUI.exe
2009-04-22 19:32 . 2009-04-22 19:36 2277888 ----a-w c:\windows\system32\boot.exe
2009-04-22 16:36 . 2008-04-26 12:14 42672 ----a-w c:\windows\system32\wbsys.dll
2009-04-22 16:36 . 2009-04-22 16:36 -------- d-----w c:\program files\Stardock
2009-04-18 17:23 . 2009-04-18 17:23 -------- d-----w c:\documents and settings\All Users\Application Data\KONAMI
2009-04-18 17:14 . 2009-04-18 17:14 -------- d-----w c:\program files\KONAMI
2009-04-17 18:37 . 2006-08-09 18:58 218624 -c--a-w c:\windows\system32\dllcache\uxtheme.dll
2009-04-17 17:26 . 2007-11-24 14:00 3072 ----a-w c:\windows\system32\drivers\CDAVVDm03.sys
2009-04-17 17:26 . 2007-11-24 14:00 8576 ----a-w c:\windows\system32\CDAVVD03.dll
2009-04-17 17:26 . 2007-11-24 14:00 3072 ----a-w c:\windows\system32\drivers\CDAVVDm02.sys
2009-04-17 17:26 . 2007-11-24 14:00 8576 ----a-w c:\windows\system32\CDAVVD02.dll
2009-04-17 17:26 . 2007-11-24 14:00 3072 ----a-w c:\windows\system32\drivers\CDAVVDm01.sys
2009-04-17 17:26 . 2007-11-24 14:00 8576 ----a-w c:\windows\system32\CDAVVD01.dll
2009-04-15 14:08 . 2009-04-15 14:08 -------- d-----w c:\windows\system\MFC42
2009-04-13 17:05 . 2001-05-16 14:54 309616 ----a-w c:\windows\system32\wmv8dmod.dll
2009-04-13 17:05 . 2001-05-11 10:18 420240 ----a-w c:\windows\system32\mpg4c32.dll
2009-04-13 16:55 . 2009-04-13 16:57 -------- d-----w c:\program files\Game Cam v1.4
2009-04-11 20:18 . 2009-04-11 20:18 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\pLan
2009-04-11 18:12 . 2000-09-29 02:03 35712 ----a-r c:\windows\system32\drivers\daemon.sys
2009-04-06 14:36 . 2003-05-15 14:17 61440 ----a-w c:\windows\system32\VM31bSTI.dll
2009-04-06 14:36 . 2004-06-09 12:37 40960 ----a-w c:\windows\VM_STI.EXE
2009-04-06 14:36 . 2009-04-06 14:36 -------- d-----w c:\windows\CatRoot
2009-04-06 14:36 . 2004-09-07 13:11 90568 ----a-w c:\windows\system32\drivers\usbVM31b.sys
2009-04-06 13:40 . 2009-04-06 13:40 -------- d-----w c:\documents and settings\Administrator\Application Data\BSplayer Pro
2009-04-06 13:40 . 2009-04-06 14:29 -------- d-----w c:\documents and settings\Administrator\Application Data\BSplayer
2009-04-06 13:40 . 2009-04-06 13:40 -------- d-----w c:\program files\Webteh
2009-04-05 17:46 . 2009-04-05 17:46 -------- d-----w c:\windows\Military History Commander - Europe at War GOLD
2009-04-05 17:41 . 2009-04-05 17:41 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\RadonLabs
2009-04-05 15:51 . 2009-04-11 17:36 -------- d-----w c:\program files\EA Games
2009-04-04 16:51 . 2009-04-04 16:54 -------- d-----w c:\documents and settings\Administrator\Application Data\GanymedeNet
2009-04-01 17:13 . 2009-04-01 17:13 -------- d-----w c:\windows\Logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 17:52 . 2009-02-27 07:07 15216 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-24 10:27 . 2009-02-27 02:17 -------- d-----w c:\program files\Free Download Manager
2009-04-21 14:42 . 2001-11-22 09:00 72710 ----a-w c:\windows\system32\perfc01F.dat
2009-04-21 14:42 . 2001-11-22 09:00 409692 ----a-w c:\windows\system32\perfh01F.dat
2009-04-15 14:46 . 2009-03-19 18:35 22328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-15 14:46 . 2009-03-19 18:34 103736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-09 13:52 . 2009-03-19 18:34 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-06 14:36 . 2009-02-27 06:58 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-05 15:39 . 2009-03-22 19:35 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-25 16:45 . 2009-02-27 11:43 -------- d-----w c:\program files\Zoom Telephonics, Inc
2009-03-24 14:09 . 2009-02-27 06:58 -------- d-----w c:\program files\ATI Technologies
2009-03-22 18:36 . 2009-03-22 18:36 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-22 16:58 . 2009-02-27 06:57 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-19 17:40 . 2009-03-19 17:40 67336 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-17 17:23 . 2009-02-27 07:18 16608 ----a-w c:\windows\gdrv.sys
2009-03-10 14:11 . 2009-02-27 07:19 -------- d-----w c:\program files\Realtek
2009-03-09 17:42 . 2004-08-03 21:45 516096 ----a-w c:\windows\system32\logonuiX.exe
2009-03-06 21:04 . 2009-03-06 21:02 6026 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-03-06 21:04 . 2009-02-27 18:40 59405 ----a-w c:\windows\BricoPackUninst.cmd
2009-03-04 17:31 . 2004-07-17 08:36 163644 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-03-04 13:08 . 2009-03-04 13:07 -------- d-----w c:\program files\Winamp
2009-02-27 13:03 . 2009-02-27 13:03 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-27 07:19 . 2009-02-27 07:19 315392 ----a-w c:\windows\HideWin.exe
2009-02-27 07:06 . 2009-02-27 07:06 0 ----a-w c:\windows\ativpsrm.bin
2009-02-27 06:49 . 2001-11-22 09:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-02-27 06:46 . 2009-02-27 06:46 21736 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-27 02:18 . 2009-02-27 02:18 0 ----a-w c:\windows\nsreg.dat
2009-02-27 02:17 . 2009-02-27 06:49 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="m|\ü" [X]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]

c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
DSLMON.lnk - c:\program files\Zoom Telephonics, Inc.\Zoom ADSL USB Modem\dslmon.exe [2009-2-27 929889]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-02-10 10:54 210224 ----a-w c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programlar^Başlangıç^Styler.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programlar\Başlangıç\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA Games\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R3 CDAVVDm01;CDAVVDm01;c:\windows\system32\DRIVERS\CDAVVDm01.sys [2007-11-24 3072]
R3 CDAVVDm02;CDAVVDm02;c:\windows\system32\DRIVERS\CDAVVDm02.sys [2007-11-24 3072]
R3 CDAVVDm03;CDAVVDm03;c:\windows\system32\DRIVERS\CDAVVDm03.sys [2007-11-24 3072]
S0 Daemon;Daemon;c:\windows\system32\DRIVERS\daemon.sys [2000-09-29 35712]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-08 468224]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]

.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{2D2DE234-AB9F-4345-9D17-94FA78BA37E3} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.tr/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uSearchURL,(Default) = hxxp://www.speedapps.com/search.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
TCP: {ABB88C8B-EF2A-4E81-93F1-C892D3E53069} = 195.175.39.40 195.175.39.39
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-05-01 15:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-776561741-1343024091-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{27D2FE01-B6D1-38A3-B9E9-DC6540B4A724}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jaigapgjmjlpehghceoa"=hex:62,61,6d,6b,00,00
"jaigapgjmjlpehghceka"=hex:62,61,68,69,00,00
"iaijbkgiaepalgpoif"=hex:6b,61,6a,69,64,61,6f,6b,6b,6f,69,6f,6d,66,6e,61,6b,6b,
64,6e,65,62,00,00
"haoillipaffeclah"=hex:6b,61,6a,69,64,61,6f,6b,6a,6f,64,70,6c,6e,61,69,65,65,
65,66,64,6e,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'explorer.exe'(2744)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll
.
Completion time: 2009-05-01 15:04
ComboFix-quarantined-files.txt 2009-05-01 12:04

Pre-Run: 11,630,190,592 bayt boş
Post-Run: 11,808,034,816 bayt boş

174 --- E O F --- 2009-03-04 15:00"

___________________________________________________

bide acaba bu program gerçekten güvenli mi arkadaşlar yani güvenebilir miyim? Ayrıca tarama işlemi çok kısa sürdü 5 dk. falan acaba normal mi bu ?

< Bu mesaj bu kişi tarafından değiştirildi Kamikaze57 -- 1 Mayıs 2009; 15:12:16 >

Atif Zafrak

Yarbay

5020 Mesaj

Tüm Başarılarını Gör

Yapay Zeka’dan İlgili Konular

Regedit(kayıtDefteri) ile ilgili bir soru

14 yıl önce açıldı

Antibiyotik ile ilgili soru

7 yıl önce açıldı

Nörotransmitterler ile ilgili bir soru

8 yıl önce açıldı

Daha Fazla Göster

Sayfa: 1

Benzer içerikler

Ip işlemleri

Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara

KAPAT X

%40
Kazan

%2,8
Kazan

%6,5
Kazan

%25
Kazan

%1,6
Kazan

%3,2
Kazan

%5,5
Kazan

%3,2
Kazan

%5
Kazan

%3,2
Kazan

%5
Kazan

%2
Kazan

Alışveriş Yaptıkça Para Kazan Harekete Geç »