Buyrun bakalım, o kadar diyodunuz tarattık bu da log dosyası. Bir uzmana gösterebilirsiniz diyor nerden bulacaksak uzmanı. Şimdi ben ne yağayım bu yazıları :)
ComboFix 10-10-31.01 - Sertay 01.11.2010 0:05.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1254.90.1055.18.2046.1704 [GMT 2:00]
Running from: c:\users\Sertay\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Public\Documents\Server\admin.txt
c:\windows\system32\KBL.LOG
c:\windows\explorer.exe . . . is infected!!
c:\windows\System32\wininit.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.
2010-10-31 22:00 . 2010-10-31 22:01 -------- d-----w- C:\32788R22FWJFW
2010-10-29 00:55 . 2010-10-29 01:06 -------- d-----w- c:\programdata\TmForever
2010-10-28 18:53 . 2010-10-28 18:53 -------- d-----w- c:\program files\Machinarium
2010-10-27 18:04 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 18:04 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 18:03 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-15 11:06 . 2010-10-15 11:06 -------- d-----w- c:\program files\Microsoft Works
2010-10-15 11:04 . 2010-10-15 11:04 -------- d-----w- c:\users\Sertay\AppData\Local\Microsoft Help
2010-10-15 11:04 . 2010-10-15 11:11 -------- d-----w- c:\programdata\Microsoft Help
2010-10-15 11:03 . 2010-10-15 11:03 -------- d-----r- C:\MSOCache
2010-10-15 10:54 . 2010-10-15 10:54 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-15 10:54 . 2010-10-15 10:55 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-10-15 10:54 . 2010-10-15 10:59 -------- d-----w- c:\users\Sertay\AppData\Roaming\DAEMON Tools Lite
2010-10-15 10:54 . 2010-10-15 10:54 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-10-14 20:03 . 2010-10-23 18:54 -------- d-----w- c:\programdata\Test Drive Unlimited
2010-10-14 14:54 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 14:54 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 14:51 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 14:51 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 14:51 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-14 14:51 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 14:51 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 11:37 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-09-17 11:37 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-09-17 10:19 . 2010-09-17 10:19 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-09-17 10:18 . 2010-09-17 10:18 40960 ----a-w- c:\windows\system32\drivers\tr-TR\http.sys.mui
2010-09-17 10:18 . 2010-09-17 10:18 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2010-09-16 23:45 . 2010-09-16 23:45 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-09-16 23:45 . 2010-09-16 23:45 23552 ----a-w- c:\windows\system32\lpk.dll
2010-09-16 23:45 . 2010-09-16 23:45 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-09-16 23:39 . 2010-09-16 23:39 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-09-16 23:39 . 2010-09-16 23:39 272896 ----a-w- c:\windows\system32\polstore.dll
2010-09-16 23:35 . 2010-09-16 23:35 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-09-16 23:35 . 2010-09-16 23:35 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-09-16 23:35 . 2010-09-16 23:35 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-09-16 23:35 . 2010-09-16 23:35 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-09-16 23:35 . 2010-09-16 23:35 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-09-16 23:35 . 2010-09-16 23:35 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-09-16 23:35 . 2010-09-16 23:35 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-09-16 23:35 . 2010-09-16 23:35 10240 ----a-w- c:\windows\system32\finger.exe
2010-09-16 23:31 . 2010-09-16 23:31 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-09-16 23:31 . 2010-09-16 23:31 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-09-16 23:31 . 2010-09-16 23:31 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-09-16 23:31 . 2010-09-16 23:31 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-09-16 23:31 . 2010-09-16 23:31 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-09-16 23:31 . 2010-09-16 23:31 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-09-16 23:31 . 2010-09-16 23:31 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-09-16 23:30 . 2010-09-16 23:30 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-09-16 23:30 . 2010-09-16 23:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-09-16 23:30 . 2010-09-16 23:30 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-09-16 23:28 . 2010-09-16 23:28 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-09-16 23:27 . 2010-09-16 23:27 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-09-16 23:27 . 2010-09-16 23:27 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-09-16 23:27 . 2010-09-16 23:27 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-09-16 23:26 . 2010-09-16 23:26 98816 ----a-w- c:\windows\system32\mfps.dll
2010-09-16 23:26 . 2010-09-16 23:26 2868224 ----a-w- c:\windows\system32\mf.dll
2010-09-16 23:26 . 2010-09-16 23:26 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-09-16 23:26 . 2010-09-16 23:26 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-09-16 23:26 . 2010-09-16 23:26 2048 ----a-w- c:\windows\system32\mferror.dll
2010-09-16 23:21 . 2010-09-16 23:21 71680 ----a-w- c:\windows\system32\atl.dll
2010-09-16 23:14 . 2010-09-16 23:14 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-09-16 23:13 . 2010-09-16 23:13 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-09-16 23:13 . 2010-09-16 23:13 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-09-16 23:13 . 2010-09-16 23:13 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-09-16 23:10 . 2010-09-16 23:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-09-16 23:03 . 2010-09-16 23:03 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-09-16 22:58 . 2010-09-16 22:58 623616 ----a-w- c:\windows\system32\localspl.dll
2010-09-16 22:52 . 2010-09-16 22:52 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-09-16 22:50 . 2010-09-16 22:50 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-09-16 22:50 . 2010-09-16 22:50 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-09-16 22:50 . 2010-09-16 22:50 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-09-16 22:50 . 2010-09-16 22:50 9728 ----a-w- c:\windows\system32\lsass.exe
2010-09-16 22:50 . 2010-09-16 22:50 72704 ----a-w- c:\windows\system32\secur32.dll
2010-09-16 22:50 . 2010-09-16 22:50 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-09-16 22:45 . 2010-09-16 22:45 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2010-09-16 22:45 . 2010-09-16 22:45 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2010-09-16 22:45 . 2010-09-16 22:45 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2010-09-16 22:45 . 2010-09-16 22:45 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2010-09-16 22:45 . 2010-09-16 22:45 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2010-09-16 22:45 . 2010-09-16 22:45 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2010-09-16 22:45 . 2010-09-16 22:45 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2010-09-16 22:45 . 2010-09-16 22:45 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2010-09-16 22:45 . 2010-09-16 22:45 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2010-09-16 22:45 . 2010-09-16 22:45 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2010-09-16 22:45 . 2010-09-16 22:45 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2010-09-16 22:45 . 2010-09-16 22:45 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll
2010-09-16 22:45 . 2010-09-16 22:45 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll
2010-09-16 22:45 . 2010-09-16 22:45 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll
2010-09-16 22:45 . 2010-09-16 22:45 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll
2010-09-16 22:45 . 2010-09-16 22:45 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll
2010-09-16 22:45 . 2010-09-16 22:45 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll
2010-09-16 22:45 . 2010-09-16 22:45 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll
2010-09-16 22:45 . 2010-09-16 22:45 1452544 ----a-w- c:\windows\system32\NlsLexicons0003.dll
2010-09-16 22:45 . 2010-09-16 22:45 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll
2010-09-16 22:45 . 2010-09-16 22:45 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll
2010-09-16 22:45 . 2010-09-16 22:45 1702912 ----a-w- c:\windows\system32\NlsLexicons004b.dll
2010-09-16 22:45 . 2010-09-16 22:45 4096 ----a-w- c:\windows\system32\NlsLexicons002a.dll
2010-09-16 22:45 . 2010-09-16 22:45 4045824 ----a-w- c:\windows\system32\NlsLexicons003e.dll
2010-09-16 22:45 . 2010-09-16 22:45 1972736 ----a-w- c:\windows\system32\NlsLexicons004e.dll
2010-09-16 22:45 . 2010-09-16 22:45 6585856 ----a-w- c:\windows\system32\NlsLexicons001b.dll
2010-09-16 22:45 . 2010-09-16 22:45 6014976 ----a-w- c:\windows\system32\NlsLexicons001a.dll
2010-09-16 22:45 . 2010-09-16 22:45 6346240 ----a-w- c:\windows\system32\NlsLexicons001d.dll
2010-09-16 22:45 . 2010-09-16 22:45 9892864 ----a-w- c:\windows\system32\NlsLexicons000a.dll
2010-09-16 22:45 . 2010-09-16 22:45 6237696 ----a-w- c:\windows\system32\NlsLexicons000c.dll
2010-09-16 22:45 . 2010-09-16 22:45 1722368 ----a-w- c:\windows\system32\NlsLexicons000d.dll
2010-09-16 22:45 . 2010-09-16 22:45 5654528 ----a-w- c:\windows\system32\NlsLexicons000f.dll
2010-09-16 22:45 . 2010-09-16 22:45 4616192 ----a-w- c:\windows\system32\NlsLexicons0414.dll
2010-09-16 22:45 . 2010-09-16 22:45 5090816 ----a-w- c:\windows\system32\NlsLexicons0416.dll
2010-09-16 22:45 . 2010-09-16 22:45 7042560 ----a-w- c:\windows\system32\NlsLexicons081a.dll
2010-09-16 22:45 . 2010-09-16 22:45 5031936 ----a-w- c:\windows\system32\NlsLexicons0816.dll
2010-09-16 22:45 . 2010-09-16 22:45 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll
2010-09-16 22:45 . 2010-09-16 22:45 3104768 ----a-w- c:\windows\system32\NlsData0047.dll
2010-09-16 22:45 . 2010-09-16 22:45 3104768 ----a-w- c:\windows\system32\NlsData0046.dll
2010-09-16 22:45 . 2010-09-16 22:45 3104768 ----a-w- c:\windows\system32\NlsData0045.dll
2010-09-16 22:45 . 2010-09-16 22:45 3104768 ----a-w- c:\windows\system32\NlsData0049.dll
2010-09-16 22:45 . 2010-09-16 22:45 3104768 ----a-w- c:\windows\system32\NlsData0039.dll
2010-09-16 22:45 . 2010-09-16 22:45 3104768 ----a-w- c:\windows\system32\NlsData0020.dll
2010-09-16 22:45 . 2010-09-16 22:45 1965056 ----a-w- c:\windows\system32\NlsData0024.dll
2010-09-16 22:45 . 2010-09-16 22:45 1801216 ----a-w- c:\windows\system32\NlsData0022.dll
2010-09-16 22:45 . 2010-09-16 22:45 1801216 ----a-w- c:\windows\system32\NlsData0021.dll
2010-09-16 22:45 . 2010-09-16 22:45 1965056 ----a-w- c:\windows\system32\NlsData0026.dll
2010-09-16 22:45 . 2010-09-16 22:45 1966592 ----a-w- c:\windows\system32\NlsData0027.dll
.
------- Sigcheck -------
[7] 2010-09-16 . 6D06CD98D954FE87FB2DB8108793B399 . 2923520 . . [6.0.6000.16549] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[7] 2010-09-16 . BD06F0BF753BC704B653C3A50F89D362 . 2923520 . . [6.0.6000.20668] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[7] 2010-09-16 . 37440D09DEAE0B672A04DCCF7ABF06BE . 2923520 . . [6.0.6000.16771] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[7] 2010-09-16 . E7156B0B74762D9DE0E66BDCDE06E5FB . 2923520 . . [6.0.6000.20947] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[7] 2010-09-16 . 4F554999D7D5F05DAAEBBA7B5BA1089D . 2927104 . . [6.0.6001.18164] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[7] 2010-09-16 . 50BA5850147410CDE89C523AD3BC606E . 2927616 . . [6.0.6001.22298] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[-] 2009-04-11 . CA9F9B179787A3C5CAE058E6E2D6D86B . 2926592 . . [6.0.6000.16386] . . c:\windows\explorer.exe
[7] 2009-04-11 . D07D4C3038F3578FFCE1C0237F2A1253 . 2926592 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[7] 2008-01-19 . FFA764631CB70A30065C12EF8E174F9F . 2927104 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[7] 2006-11-02 . FD8C53FB002217F6F888BCF6F5D7084D . 2923520 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[-] 2008-01-19 . 607E1CEB1B658FD664523389A8FB53B8 . 96768 . . [6.0.6000.16386] . . c:\windows\System32\wininit.exe
[7] 2008-01-19 . 101BA3EA053480BB5D957EF37C06B5ED . 96768 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[7] 2006-11-02 . D4385B03E8CCCEE6F0EE249F827C1F3E . 95744 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 10:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 06:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 13:41 222128 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 19:10 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-08-17 13:27 4702208 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 08:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-16 21:13 218408 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 13:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-15 691696]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
R2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=tr_tr&c=81&bd=Pavilion&pf=laptop
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {0D2E5EA1-6B38-4849-8370-65C42A5CB253} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Sertay\AppData\Roaming\Mozilla\Firefox\Profiles\mdvrn4xm.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
ActiveSetup-{10880D85-AAD9-4558-ABDC-2AB1552D831F} - c:\program files\Common Files\LightScribe\LSRunOnce.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-11-01 00:19:35
ComboFix-quarantined-files.txt 2010-10-31 22:19
Pre-Run: 56.276.955.136 bayt boş
Post-Run: 56.798.408.704 bayt boş
- - End Of File - - 3786F9F846D8DA2613ADFE7283F91D8F
ComboFix 10-10-31.01 - Sertay 01.11.2010 0:05.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1254.90.1055.18.2046.1704 [GMT 2:00]
Running from: c:\users\Sertay\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Public\Documents\Server\admin.txt
c:\windows\system32\KBL.LOG
c:\windows\explorer.exe . . . is infected!!
c:\windows\System32\wininit.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.
2010-10-31 22:00 . 2010-10-31 22:01 -------- d-----w- C:\32788R22FWJFW
2010-10-29 00:55 . 2010-10-29 01:06 -------- d-----w- c:\programdata\TmForever
2010-10-28 18:53 . 2010-10-28 18:53 -------- d-----w- c:\program files\Machinarium
2010-10-27 18:04 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 18:04 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 18:03 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-15 11:06 . 2010-10-15 11:06 -------- d-----w- c:\program files\Microsoft Works
2010-10-15 11:04 . 2010-10-15 11:04 -------- d-----w- c:\users\Sertay\AppData\Local\Microsoft Help
2010-10-15 11:04 . 2010-10-15 11:11 -------- d-----w- c:\programdata\Microsoft Help
2010-10-15 11:03 . 2010-10-15 11:03 -------- d-----r- C:\MSOCache
2010-10-15 10:54 . 2010-10-15 10:54 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-15 10:54 . 2010-10-15 10:55 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-10-15 10:54 . 2010-10-15 10:59 -------- d-----w- c:\users\Sertay\AppData\Roaming\DAEMON Tools Lite
2010-10-15 10:54 . 2010-10-15 10:54 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-10-14 20:03 . 2010-10-23 18:54 -------- d-----w- c:\programdata\Test Drive Unlimited
2010-10-14 14:54 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 14:54 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 14:51 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 14:51 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 14:51 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-14 14:51 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 14:51 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 11:37 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-09-17 11:37 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-09-17 10:19 . 2010-09-17 10:19 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-09-17 10:18 . 2010-09-17 10:18 40960 ----a-w- c:\windows\system32\drivers\tr-TR\http.sys.mui
2010-09-17 10:18 . 2010-09-17 10:18 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2010-09-16 23:45 . 2010-09-16 23:45 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-09-16 23:45 . 2010-09-16 23:45 23552 ----a-w- c:\windows\system32\lpk.dll
2010-09-16 23:45 . 2010-09-16 23:45 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-09-16 23:39 . 2010-09-16 23:39 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-09-16 23:39 . 2010-09-16 23:39 272896 ----a-w- c:\windows\system32\polstore.dll
2010-09-16 23:35 . 2010-09-16 23:35 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-09-16 23:35 . 2010-09-16 23:35 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-09-16 23:35 . 2010-09-16 23:35 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-09-16 23:35 . 2010-09-16 23:35 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-09-16 23:35 . 2010-09-16 23:35 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-09-16 23:35 . 2010-09-16 23:35 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-09-16 23:35 . 2010-09-16 23:35 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-09-16 23:35 . 2010-09-16 23:35 10240 ----a-w- c:\windows\system32\finger.exe
2010-09-16 23:31 . 2010-09-16 23:31 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-09-16 23:31 . 2010-09-16 23:31 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-09-16 23:31 . 2010-09-16 23:31 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-09-16 23:31 . 2010-09-16 23:31 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-09-16 23:31 . 2010-09-16 23:31 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-09-16 23:31 . 2010-09-16 23:31 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-09-16 23:31 . 2010-09-16 23:31 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-09-16 23:30 . 2010-09-16 23:30 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-09-16 23:30 . 2010-09-16 23:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-09-16 23:30 . 2010-09-16 23:30 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-09-16 23:28 . 2010-09-16 23:28 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-09-16 23:27 . 2010-09-16 23:27 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-09-16 23:27 . 2010-09-16 23:27 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-09-16 23:27 . 2010-09-16 23:27 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-09-16 23:26 . 2010-09-16 23:26 98816 ----a-w- c:\windows\system32\mfps.dll
2010-09-16 23:26 . 2010-09-16 23:26 2868224 ----a-w- c:\windows\system32\mf.dll
2010-09-16 23:26 . 2010-09-16 23:26 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-09-16 23:26 . 2010-09-16 23:26 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-09-16 23:26 . 2010-09-16 23:26 2048 ----a-w- c:\windows\system32\mferror.dll
2010-09-16 23:21 . 2010-09-16 23:21 71680 ----a-w- c:\windows\system32\atl.dll
2010-09-16 23:14 . 2010-09-16 23:14 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-09-16 23:13 . 2010-09-16 23:13 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-09-16 23:13 . 2010-09-16 23:13 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-09-16 23:13 . 2010-09-16 23:13 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-09-16 23:10 . 2010-09-16 23:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-09-16 23:03 . 2010-09-16 23:03 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-09-16 22:58 . 2010-09-16 22:58 623616 ----a-w- c:\windows\system32\localspl.dll
2010-09-16 22:52 . 2010-09-16 22:52 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-09-16 22:50 . 2010-09-16 22:50 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-09-16 22:50 . 2010-09-16 22:50 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-09-16 22:50 . 2010-09-16 22:50 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-09-16 22:50 . 2010-09-16 22:50 9728 ----a-w- c:\windows\system32\lsass.exe
2010-09-16 22:50 . 2010-09-16 22:50 72704 ----a-w- c:\windows\system32\secur32.dll
2010-09-16 22:50 . 2010-09-16 22:50 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-09-16 22:45 . 2010-09-16 22:45 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2010-09-16 22:45 . 2010-09-16 22:45 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2010-09-16 22:45 . 2010-09-16 22:45 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2010-09-16 22:45 . 2010-09-16 22:45 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2010-09-16 22:45 . 2010-09-16 22:45 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2010-09-16 22:45 . 2010-09-16 22:45 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2010-09-16 22:45 . 2010-09-16 22:45 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2010-09-16 22:45 . 2010-09-16 22:45 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2010-09-16 22:45 . 2010-09-16 22:45 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2010-09-16 22:45 . 2010-09-16 22:45 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2010-09-16 22:45 . 2010-09-16 22:45 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2010-09-16 22:45 . 2010-09-16 22:45 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll
2010-09-16 22:45 . 2010-09-16 22:45 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll
2010-09-16 22:45 . 2010-09-16 22:45 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll
2010-09-16 22:45 . 2010-09-16 22:45 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll
2010-09-16 22:45 . 2010-09-16 22:45 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll
2010-09-16 22:45 . 2010-09-16 22:45 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll
2010-09-16 22:45 . 2010-09-16 22:45 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll
2010-09-16 22:45 . 2010-09-16 22:45 1452544 ----a-w- c:\windows\system32\NlsLexicons0003.dll
2010-09-16 22:45 . 2010-09-16 22:45 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll
2010-09-16 22:45 . 2010-09-16 22:45 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll
2010-09-16 22:45 . 2010-09-16 22:45 1702912 ----a-w- c:\windows\system32\NlsLexicons004b.dll
2010-09-16 22:45 . 2010-09-16 22:45 4096 ----a-w- c:\windows\system32\NlsLexicons002a.dll
2010-09-16 22:45 . 2010-09-16 22:45 4045824 ----a-w- c:\windows\system32\NlsLexicons003e.dll
2010-09-16 22:45 . 2010-09-16 22:45 1972736 ----a-w- c:\windows\system32\NlsLexicons004e.dll
2010-09-16 22:45 . 2010-09-16 22:45 6585856 ----a-w- c:\windows\system32\NlsLexicons001b.dll
2010-09-16 22:45 . 2010-09-16 22:45 6014976 ----a-w- c:\windows\system32\NlsLexicons001a.dll
2010-09-16 22:45 . 2010-09-16 22:45 6346240 ----a-w- c:\windows\system32\NlsLexicons001d.dll
2010-09-16 22:45 . 2010-09-16 22:45 9892864 ----a-w- c:\windows\system32\NlsLexicons000a.dll
2010-09-16 22:45 . 2010-09-16 22:45 6237696 ----a-w- c:\windows\system32\NlsLexicons000c.dll
2010-09-16 22:45 . 2010-09-16 22:45 1722368 ----a-w- c:\windows\system32\NlsLexicons000d.dll
2010-09-16 22:45 . 2010-09-16 22:45 5654528 ----a-w- c:\windows\system32\NlsLexicons000f.dll
2010-09-16 22:45 . 2010-09-16 22:45 4616192 ----a-w- c:\windows\system32\NlsLexicons0414.dll
2010-09-16 22:45 . 2010-09-16 22:45 5090816 ----a-w- c:\windows\system32\NlsLexicons0416.dll
2010-09-16 22:45 . 2010-09-16 22:45 7042560 ----a-w- c:\windows\system32\NlsLexicons081a.dll
2010-09-16 22:45 . 2010-09-16 22:45 5031936 ----a-w- c:\windows\system32\NlsLexicons0816.dll
2010-09-16 22:45 . 2010-09-16 22:45 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll
2010-09-16 22:45 . 2010-09-16 22:45 3104768 ----a-w- c:\windows\system32\NlsData0047.dll
2010-09-16 22:45 . 2010-09-16 22:45 3104768 ----a-w- c:\windows\system32\NlsData0046.dll
2010-09-16 22:45 . 2010-09-16 22:45 3104768 ----a-w- c:\windows\system32\NlsData0045.dll
2010-09-16 22:45 . 2010-09-16 22:45 3104768 ----a-w- c:\windows\system32\NlsData0049.dll
2010-09-16 22:45 . 2010-09-16 22:45 3104768 ----a-w- c:\windows\system32\NlsData0039.dll
2010-09-16 22:45 . 2010-09-16 22:45 3104768 ----a-w- c:\windows\system32\NlsData0020.dll
2010-09-16 22:45 . 2010-09-16 22:45 1965056 ----a-w- c:\windows\system32\NlsData0024.dll
2010-09-16 22:45 . 2010-09-16 22:45 1801216 ----a-w- c:\windows\system32\NlsData0022.dll
2010-09-16 22:45 . 2010-09-16 22:45 1801216 ----a-w- c:\windows\system32\NlsData0021.dll
2010-09-16 22:45 . 2010-09-16 22:45 1965056 ----a-w- c:\windows\system32\NlsData0026.dll
2010-09-16 22:45 . 2010-09-16 22:45 1966592 ----a-w- c:\windows\system32\NlsData0027.dll
.
------- Sigcheck -------
[7] 2010-09-16 . 6D06CD98D954FE87FB2DB8108793B399 . 2923520 . . [6.0.6000.16549] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[7] 2010-09-16 . BD06F0BF753BC704B653C3A50F89D362 . 2923520 . . [6.0.6000.20668] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[7] 2010-09-16 . 37440D09DEAE0B672A04DCCF7ABF06BE . 2923520 . . [6.0.6000.16771] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[7] 2010-09-16 . E7156B0B74762D9DE0E66BDCDE06E5FB . 2923520 . . [6.0.6000.20947] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[7] 2010-09-16 . 4F554999D7D5F05DAAEBBA7B5BA1089D . 2927104 . . [6.0.6001.18164] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[7] 2010-09-16 . 50BA5850147410CDE89C523AD3BC606E . 2927616 . . [6.0.6001.22298] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[-] 2009-04-11 . CA9F9B179787A3C5CAE058E6E2D6D86B . 2926592 . . [6.0.6000.16386] . . c:\windows\explorer.exe
[7] 2009-04-11 . D07D4C3038F3578FFCE1C0237F2A1253 . 2926592 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[7] 2008-01-19 . FFA764631CB70A30065C12EF8E174F9F . 2927104 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[7] 2006-11-02 . FD8C53FB002217F6F888BCF6F5D7084D . 2923520 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[-] 2008-01-19 . 607E1CEB1B658FD664523389A8FB53B8 . 96768 . . [6.0.6000.16386] . . c:\windows\System32\wininit.exe
[7] 2008-01-19 . 101BA3EA053480BB5D957EF37C06B5ED . 96768 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[7] 2006-11-02 . D4385B03E8CCCEE6F0EE249F827C1F3E . 95744 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 10:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 06:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 13:41 222128 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 19:10 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-08-17 13:27 4702208 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 08:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-16 21:13 218408 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 13:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-15 691696]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
R2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=tr_tr&c=81&bd=Pavilion&pf=laptop
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {0D2E5EA1-6B38-4849-8370-65C42A5CB253} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Sertay\AppData\Roaming\Mozilla\Firefox\Profiles\mdvrn4xm.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
ActiveSetup-{10880D85-AAD9-4558-ABDC-2AB1552D831F} - c:\program files\Common Files\LightScribe\LSRunOnce.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-11-01 00:19:35
ComboFix-quarantined-files.txt 2010-10-31 22:19
Pre-Run: 56.276.955.136 bayt boş
Post-Run: 56.798.408.704 bayt boş
- - End Of File - - 3786F9F846D8DA2613ADFE7283F91D8F
Bir şey yapmana gerek yok, tarama sonucunda bulduklarını ve yaptıklarını yazıyor. Silmiş yani sileceğini, olmuş bitmiş.
shangrilla
adınızın da Sertay olduğunu görmüş olduk.
rexnebular
olan olmuş, explorer.exe falan artık lekelenmiş... bi de minimal çalışmış combofix, güvenli modda tekrar taratsanız ya? daha çok şey bulabilir belki...
mortar
1