Combofix ile tarama sonucları.

[Zaur]

Combofix ile tarama sonuclarım, tehlikeli bir durum varmı?

Kod: Tümünü seç

ComboFix 11-04-17.03 - Turk 18.04.2011  21:50:12.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1254.90.1033.18.3070.2523 [GMT 5:00]
Running from: c:\documents and settings\Turk\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Start Menu\Windows Live Messenger .lnk
c:\documents and settings\Turk\Application Data\chrtmp
c:\documents and settings\Turk\Application Data\Kaspersky_Key_Finder_(KKF
c:\documents and settings\Turk\Application Data\Kaspersky_Key_Finder_(KKF\Kaspersky_Key_Finder_v1.4_Url_j4rfkxmcju4pur4weyte3bywb1ydtyhs\1.4.4.0\user.config
c:\documents and settings\Turk\Application Data\Kaspersky_Key_Finder_(KKF\Kaspersky_Key_Finder_v1.4_Url_jri0oifnycpgv20v4hq1jrl2udjexwm5\1.4.4.0\user.config
c:\documents and settings\Turk\Application Data\Kaspersky_Key_Finder_(KKF\Kaspersky_Key_Finder_v1.4_Url_oilw5ggyzkdjqzgl45t2tsyboiahgunc\1.4.4.0\user.config
c:\documents and settings\Turk\Application Data\Kaspersky_Key_Finder_(KKF\Kaspersky_Key_Finder_v1.4_Url_ucmvwbss41ef3fv0die4x1rxycjpnwjp\1.4.4.0\user.config
c:\documents and settings\Turk\Application Data\Kaspersky_Key_Finder_(KKF\Kaspersky_Key_Finder_v1.4_Url_ud2b0qtaxlft1kvokq3oer4heacplqab\1.4.4.0\user.config
c:\documents and settings\Turk\Application Data\Microsoft\Google
c:\documents and settings\Turk\Application Data\Microsoft\Google\s.txt
c:\program files\INSTALL.LOG
c:\program files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll
c:\restoration\Restoration.exe
c:\windows\system32\1055
c:\windows\system32\1055\dwintl.dll
c:\windows\system32\CoolXPProgress.ocx
c:\windows\system32\explorer32
c:\windows\TEMP\GuardGuard.exe
c:\windows\XSxS
.
----- BITS: Possible infected sites -----
.
hxxp://soft.export.yandex.ru
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
-------\Service_SSHNAS
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-18 to 2011-04-18  )))))))))))))))))))))))))))))))
.
.
2011-04-18 14:16 . 2011-04-18 14:16	--------	d-----w-	c:\documents and settings\Turk\Application Data\WinPatrol
2011-04-18 14:16 . 2011-04-18 14:16	--------	d-----w-	c:\program files\BillP Studios
2011-04-17 18:33 . 2011-04-17 18:33	--------	d-----w-	c:\windows\LastGood.Tmp
2011-04-16 20:09 . 2011-04-16 20:09	--------	d-----w-	c:\documents and settings\Turk\Application Data\EDesksoft
2011-04-16 19:49 . 2011-04-07 15:53	--------	d-----w-	c:\program files\Desktop Clock
2011-04-16 16:22 . 2008-04-13 17:06	10880	-c--a-w-	c:\windows\system32\dllcache\admjoy.sys
2011-04-16 15:43 . 2011-04-16 15:43	388096	----a-r-	c:\documents and settings\Turk\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-16 15:43 . 2011-04-16 15:43	--------	d-----w-	c:\program files\Trend Micro
2011-04-16 14:02 . 2011-04-16 18:47	--------	d-----w-	c:\windows\system32\NtmsData
2011-04-15 18:51 . 2011-03-11 08:36	83968	----a-w-	c:\windows\system32\bvcsky.dll
2011-04-15 18:40 . 2011-04-07 15:58	--------	d-----w-	c:\program files\DirectX Happy Uninstall
2011-04-15 18:06 . 2009-08-28 06:49	169064	----a-w-	c:\windows\system32\drivers\tosrfbd.sys
2011-04-15 18:06 . 2009-08-05 09:44	49400	----a-w-	c:\windows\system32\drivers\tosrfusb.sys
2011-04-15 18:06 . 2009-05-20 05:23	74368	----a-w-	c:\windows\system32\drivers\Tosrfhid.sys
2011-04-15 18:06 . 2009-07-24 06:31	21608	----a-w-	c:\windows\system32\drivers\tosrfnds.sys
2011-04-15 18:06 . 2009-06-11 09:05	36992	----a-w-	c:\windows\system32\drivers\tosrfbnp.sys
2011-04-15 18:06 . 2009-08-10 11:54	59888	----a-w-	c:\windows\system32\drivers\TosRfSnd.sys
2011-04-15 18:06 . 2009-07-28 15:01	69480	----a-w-	c:\windows\system32\drivers\tosrfcom.sys
2011-04-15 18:06 . 2009-06-17 06:59	46984	----a-w-	c:\windows\system32\drivers\tosporte.sys
2011-04-15 18:05 . 2011-04-07 16:45	--------	d-----w-	c:\program files\Toshiba
2011-04-15 16:10 . 2002-04-15 04:50	68816	------w-	c:\windows\system32\drivers\lmouflt2.sys
2011-04-15 16:10 . 2002-04-15 04:50	5840	------w-	c:\windows\system32\drivers\lkbdflt2.sys
2011-04-15 16:09 . 2011-04-15 16:10	--------	d-----w-	C:\compaq
2011-04-15 16:05 . 2009-02-26 11:39	143360	----a-w-	c:\windows\system32\RTInstaller32.exe
2011-04-15 15:05 . 2011-04-07 16:37	--------	d-----w-	c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2011-04-15 13:10 . 2009-08-06 14:24	15064	----a-w-	c:\windows\system32\wuapi.dll.mui
2011-04-14 14:38 . 2006-12-15 04:53	63488	----a-w-	c:\windows\system32\shdocvw.oca
2011-04-13 11:11 . 2011-04-13 11:11	--------	d-----w-	c:\documents and settings\Turk\Application Data\TuneUp Software
2011-04-13 11:11 . 2011-04-07 16:35	--------	d-----w-	c:\documents and settings\All Users\Application Data\TuneUp Software
2011-04-12 11:50 . 2011-04-10 12:35	218624	----a-w-	c:\windows\system32\uxtheme.uxtender
2011-04-11 16:54 . 2011-04-07 16:28	--------	dc-h--w-	c:\windows\$968930Uinstall_KB968930$
2011-04-10 13:19 . 2008-04-26 10:14	42672	----a-w-	c:\windows\system32\wbsys(2).dll
2011-04-10 12:45 . 2011-04-10 12:35	218624	----a-w-	c:\windows\system32\uxtheme.backup
2011-04-10 12:35 . 2008-04-14 00:42	218624	----a-w-	c:\windows\system32\uxtheme.dll.backup
2011-04-09 19:32 . 2011-04-09 19:32	--------	d-----w-	c:\documents and settings\Turk\Application Data\GlarySoft
2011-04-09 12:31 . 2011-04-09 12:31	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype Extras
2011-04-08 18:30 . 2011-04-08 18:30	--------	d-----w-	c:\program files\RocketDock
2011-04-08 14:51 . 2011-04-08 14:51	--------	d-----w-	c:\windows\system32\wbem\Repository
2011-04-08 11:40 . 2010-12-09 13:07	2027008	----a-w-	c:\windows\system32\ntkrnlpa.exe.zottel
2011-04-08 11:40 . 2010-12-09 13:42	2148864	----a-w-	c:\windows\system32\ntoskrnl.exe.zottel
2011-04-08 09:26 . 2011-04-12 10:44	--------	d-----w-	c:\documents and settings\Turk\Application Data\KKL
2011-04-07 18:43 . 2011-04-07 18:43	--------	d-----w-	c:\program files\xpspeed
2011-04-07 16:49 . 2011-04-07 16:49	--------	d-----w-	c:\program files\EDesksoft
2011-04-07 16:49 . 2011-04-07 16:49	--------	d-sh--w-	c:\windows\ftpcache
2011-04-07 16:46 . 2011-04-07 16:46	--------	d-----w-	c:\documents and settings\Turk\Application Data\bvcsky
2011-04-07 16:38 . 2011-04-07 16:38	--------	d-----w-	c:\documents and settings\Turk\Application Data\WinBatch
2011-04-07 16:37 . 2011-04-07 16:37	--------	d--h--w-	c:\windows\PIF
2011-04-07 16:34 . 2011-04-07 16:35	--------	d-----w-	c:\program files\Smart Projects
2011-04-07 16:34 . 2011-04-07 16:34	--------	d-----w-	c:\program files\Smart File Advisor
2011-04-07 16:32 . 2011-04-07 16:32	--------	d-sh--w-	c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-04-07 16:30 . 2011-04-07 16:30	--------	d-----w-	c:\windows\system32\winrm
2011-04-07 16:29 . 2011-04-07 16:29	--------	d-----w-	c:\program files\FileHippo.com
2011-04-05 13:03 . 2011-04-05 13:03	--------	d-----w-	c:\documents and settings\Turk\Local Settings\Application Data\PCHealth
2011-04-05 12:45 . 2011-04-05 12:45	--------	d-----w-	c:\documents and settings\Turk\Application Data\CheeseSoft
2011-04-05 12:44 . 2011-04-05 12:45	--------	d-----w-	c:\program files\FinalUninstaller
2011-04-05 11:51 . 2011-04-06 16:16	--------	d-----w-	c:\documents and settings\Turk\Local Settings\Application Data\ApplicationHistory
2011-04-04 14:40 . 2008-04-14 00:42	26624	----a-w-	c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-04-04 12:42 . 2009-12-18 12:19	3482240	----a-w-	c:\windows\system32\drivers\snp2uvc.sys
2011-04-04 12:42 . 2009-02-11 09:45	27264	----a-w-	c:\windows\system32\drivers\sncduvc.sys
2011-04-04 12:42 . 2008-08-20 14:04	291328	----a-w-	c:\windows\system32\vsnp2uvc.dll
2011-04-04 12:42 . 2008-08-01 12:10	675840	----a-w-	c:\windows\vsnp2uvc.exe
2011-04-04 12:42 . 2007-07-04 13:28	176128	----a-w-	c:\windows\system32\csnp2uvc.dll
2011-04-04 12:42 . 2011-04-04 12:42	--------	d-----w-	c:\program files\Common Files\SNP2UVC
2011-04-04 12:42 . 2009-12-11 11:16	320512	----a-w-	c:\windows\tsnp2uvc.exe
2011-04-04 12:42 . 2009-12-11 10:29	184320	----a-w-	c:\windows\system32\rsnp2uvc.dll
2011-04-04 12:41 . 2011-04-04 12:41	--------	d-----w-	c:\documents and settings\Turk\Application Data\InstallShield
2011-04-03 16:16 . 2003-12-30 06:02	49152	----a-w-	c:\windows\system32\TaskKeyHook.dll
2011-04-03 16:16 . 2005-11-24 18:39	16896	----a-w-	c:\windows\system32\drivers\GMFILTR.SYS
2011-04-03 16:16 . 2005-07-11 22:53	7808	----a-w-	c:\windows\system32\drivers\gflmouhid.sys
2011-04-03 16:16 . 2005-07-11 07:03	12800	----a-w-	c:\windows\system32\drivers\gHidUsbF.sys
2011-04-03 16:16 . 2011-04-03 16:16	--------	d-----w-	c:\program files\SlimStar R610
2011-04-03 12:26 . 2011-04-03 12:26	--------	d-----w-	c:\program files\Noel Danjou
2011-04-03 11:08 . 2011-04-03 11:08	--------	d-----w-	c:\windows\system32\XPSViewer
2011-04-03 11:07 . 2011-04-03 11:07	--------	d-----w-	c:\program files\MSBuild
2011-04-03 11:07 . 2011-04-03 11:07	--------	d-----w-	c:\program files\Reference Assemblies
2011-04-03 11:07 . 2008-07-06 12:06	89088	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-04-03 11:07 . 2008-07-06 12:06	89088	-c----w-	c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-04-03 11:07 . 2008-07-06 12:06	575488	-c----w-	c:\windows\system32\dllcache\xpsshhdr.dll
2011-04-03 11:07 . 2008-07-06 12:06	575488	------w-	c:\windows\system32\xpsshhdr.dll
2011-04-03 11:07 . 2008-07-06 12:06	1676288	-c----w-	c:\windows\system32\dllcache\xpssvcs.dll
2011-04-03 11:07 . 2008-07-06 12:06	1676288	------w-	c:\windows\system32\xpssvcs.dll
2011-04-03 11:07 . 2008-07-06 12:06	117760	------w-	c:\windows\system32\prntvpt.dll
2011-04-03 11:07 . 2008-07-06 10:50	597504	-c----w-	c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-04-03 11:07 . 2008-07-06 10:50	597504	------w-	c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-04-03 10:55 . 2011-04-03 10:55	--------	d-----w-	c:\documents and settings\Turk\Application Data\Windows Search
2011-04-03 10:55 . 2011-04-03 10:55	--------	d-----w-	c:\documents and settings\Turk\Local Settings\Application Data\Identities
2011-04-03 10:55 . 2011-04-03 10:55	--------	d-----w-	c:\documents and settings\Turk\Application Data\Windows Desktop Search
2011-04-03 10:54 . 2011-04-05 11:52	--------	d-----w-	c:\program files\Windows Desktop Search
2011-04-03 10:54 . 2008-03-07 17:02	29696	-c----w-	c:\windows\system32\dllcache\mimefilt.dll
2011-04-03 10:54 . 2008-03-07 17:02	98304	-c----w-	c:\windows\system32\dllcache\nlhtml.dll
2011-04-03 10:54 . 2008-03-07 17:02	192000	-c----w-	c:\windows\system32\dllcache\offfilt.dll
2011-04-03 10:53 . 2008-04-14 00:42	221184	----a-w-	c:\windows\system32\wmpns.dll
2011-04-03 10:53 . 2011-04-03 10:53	--------	d-----w-	c:\program files\Windows Media Connect 2
2011-04-03 10:49 . 2011-04-03 10:49	--------	d-----w-	c:\windows\system32\URTTEMP
2011-04-03 09:59 . 2011-04-15 17:30	--------	d--h--w-	c:\windows\$hf_mig$
2011-04-03 09:57 . 2011-04-03 09:58	--------	dc-h--w-	c:\windows\ie8
2011-04-03 09:52 . 2010-10-18 11:10	7680	-c----w-	c:\windows\system32\dllcache\iecompat.dll
2011-04-03 09:51 . 2011-02-22 23:06	602112	-c----w-	c:\windows\system32\dllcache\msfeeds.dll
2011-04-03 09:51 . 2011-02-22 23:06	55296	-c----w-	c:\windows\system32\dllcache\msfeedsbs.dll
2011-04-03 09:51 . 2011-02-22 23:06	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll
2011-04-03 09:51 . 2011-02-22 23:06	743424	-c----w-	c:\windows\system32\dllcache\iedvtool.dll
2011-04-03 09:51 . 2011-02-22 23:06	247808	-c----w-	c:\windows\system32\dllcache\ieproxy.dll
2011-04-03 09:51 . 2011-02-22 23:06	1991680	-c----w-	c:\windows\system32\dllcache\iertutil.dll
2011-04-03 09:51 . 2011-02-22 23:06	11080704	-c----w-	c:\windows\system32\dllcache\ieframe.dll
2011-04-02 21:54 . 2011-02-02 07:58	2067456	-c----w-	c:\windows\system32\dllcache\lhmstscx.dll
2011-04-02 21:54 . 2011-01-27 11:57	677888	-c----w-	c:\windows\system32\dllcache\lhmstsc.exe
2011-04-02 21:54 . 2011-02-09 13:53	270848	-c----w-	c:\windows\system32\dllcache\sbe.dll
2011-04-02 21:54 . 2011-02-09 13:53	186880	-c----w-	c:\windows\system32\dllcache\encdec.dll
2011-04-02 21:54 . 2009-07-27 23:17	135168	-c----w-	c:\windows\system32\dllcache\shsvcs.dll
2011-04-02 21:53 . 2010-12-09 14:30	33280	-c----w-	c:\windows\system32\dllcache\csrsrv.dll
2011-04-02 21:51 . 2011-03-03 13:21	1857920	-c----w-	c:\windows\system32\dllcache\win32k.sys
2011-04-02 21:50 . 2011-01-21 14:44	8462336	-c----w-	c:\windows\system32\dllcache\shell32.dll
2011-04-02 21:50 . 2011-01-21 14:44	439296	-c----w-	c:\windows\system32\dllcache\shimgvw.dll
2011-04-02 21:49 . 2010-11-09 14:52	536576	-c--a-w-	c:\windows\system32\dllcache\msado15.dll
2011-04-02 21:49 . 2010-11-09 14:52	249856	-c--a-w-	c:\windows\system32\dllcache\odbc32.dll
2011-04-02 21:49 . 2010-11-09 14:52	200704	-c--a-w-	c:\windows\system32\dllcache\msadox.dll
2011-04-02 21:49 . 2010-11-09 14:52	180224	-c--a-w-	c:\windows\system32\dllcache\msadomd.dll
2011-04-02 21:49 . 2010-11-09 14:52	143360	-c--a-w-	c:\windows\system32\dllcache\msadco.dll
2011-04-02 21:49 . 2010-11-09 14:52	102400	-c--a-w-	c:\windows\system32\dllcache\msjro.dll
2011-04-02 21:49 . 2010-11-02 15:17	40960	-c----w-	c:\windows\system32\dllcache\ndproxy.sys
2011-04-02 21:43 . 2010-11-18 18:12	81920	-c----w-	c:\windows\system32\dllcache\isign32.dll
2011-04-02 21:42 . 2010-10-11 14:59	45568	-c----w-	c:\windows\system32\dllcache\wab.exe
2011-04-02 21:41 . 2010-08-16 08:45	590848	-c----w-	c:\windows\system32\dllcache\rpcrt4.dll
2011-04-02 21:40 . 2010-09-18 06:53	953856	-c--a-w-	c:\windows\system32\dllcache\mfc40u.dll
2011-04-02 21:38 . 2010-08-23 16:12	617472	-c--a-w-	c:\windows\system32\dllcache\comctl32.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-12 11:50 . 2004-08-03 19:56	218624	----a-w-	c:\windows\system32\uxtheme.dll
2011-04-10 12:45 . 2004-08-03 19:56	218624	----a-w-	c:\windows\system32\uxtheme(2).dll
2011-03-28 17:46 . 2010-09-06 15:36	98160	----a-w-	c:\windows\system32\drivers\idmtdi.sys
2011-03-26 18:44 . 2010-10-30 11:24	431672	----a-w-	c:\windows\system32\drivers\sptd.sys
2011-03-11 14:13 . 2011-03-11 14:12	695578	----a-w-	c:\windows\unins000.exe
2011-03-07 05:33 . 2010-10-27 16:25	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-03 19:56	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-03 18:17	1857920	----a-w-	c:\windows\system32\win32k.sys
2011-02-27 16:20 . 2011-02-27 16:20	81920	----a-w-	c:\windows\system32\bsrgvas.dll
2011-02-27 16:20 . 2011-02-27 16:20	692224	----a-w-	c:\windows\system32\bsrmgcv.dll
2011-02-27 16:20 . 2011-02-27 16:20	192512	----a-w-	c:\windows\system32\bsrmgps.dll
2011-02-25 17:29 . 2011-02-21 17:24	83339	----a-w-	c:\program files\Uninstal.exe
2011-02-24 13:21 . 2010-10-28 17:47	6340200	----a-w-	c:\windows\system32\drivers\RtkHDAud.sys
2011-02-23 03:27 . 2011-03-14 14:48	941160	----a-w-	c:\windows\system32\nvdispco322090.dll
2011-02-23 03:27 . 2011-03-14 14:48	837736	----a-w-	c:\windows\system32\nvgenco322040.dll
2011-02-23 03:27 . 2010-10-28 17:45	61440	----a-w-	c:\windows\system32\OpenCL.dll
2011-02-23 03:27 . 2010-10-28 17:45	4980736	----a-w-	c:\windows\system32\nvcuda.dll
2011-02-23 03:27 . 2010-10-28 17:45	2916968	----a-w-	c:\windows\system32\nvcuvid.dll
2011-02-23 03:27 . 2010-10-28 17:45	2251368	----a-w-	c:\windows\system32\nvcuvenc.dll
2011-02-23 03:27 . 2010-10-28 17:45	1958400	----a-w-	c:\windows\system32\nvapi.dll
2011-02-23 03:27 . 2010-10-28 17:45	14671872	----a-w-	c:\windows\system32\nvoglnt.dll
2011-02-23 03:27 . 2010-10-28 17:45	13004800	----a-w-	c:\windows\system32\nvcompiler.dll
2011-02-23 03:27 . 2010-10-28 17:20	6398720	----a-w-	c:\windows\system32\nv4_disp.dll
2011-02-23 03:27 . 2010-10-28 17:18	9888384	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
2011-02-22 23:06 . 2004-08-03 19:56	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-02-22 23:06 . 2004-08-03 19:56	916480	----a-w-	c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-03 19:56	43520	------w-	c:\windows\system32\licmgr10.dll
2011-02-22 11:41 . 2004-08-03 17:59	385024	------w-	c:\windows\system32\html.iec
2011-02-20 13:56 . 2011-02-20 13:56	127234	----a-w-	c:\windows\system32\S6E_RaRXRdiQ.exe
2011-02-17 13:18 . 2004-08-03 18:15	455936	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-03 18:14	357888	----a-w-	c:\windows\system32\drivers\srv.sys
2011-02-17 09:02 . 2010-10-28 17:47	20029032	----a-w-	c:\windows\RTHDCPL.EXE
2011-02-15 12:56 . 2004-08-03 19:56	290432	----a-w-	c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-03 19:56	270848	----a-w-	c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-03 19:56	186880	----a-w-	c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-03 19:56	978944	----a-w-	c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-03 19:56	974848	----a-w-	c:\windows\system32\mfc42u.dll
2011-02-02 17:40 . 2011-01-12 13:36	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-02-02 15:19 . 2011-01-12 13:36	73728	----a-w-	c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2010-10-27 16:24	2067456	----a-w-	c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-10-27 16:24	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-01-22 15:24 . 2011-01-22 15:24	278528	------w-	c:\windows\Setup1.exe
2011-01-22 15:24 . 2011-01-22 15:24	73216	----a-w-	c:\windows\ST6UNST.EXE
2011-01-21 14:44 . 2004-08-03 19:56	439296	----a-w-	c:\windows\system32\shimgvw.dll
2011-03-18 18:07 . 2011-03-23 15:03	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 07:06	163328	--sha-r-	c:\windows\system32\flvDX.dll
2007-02-21 08:47	31232	--sha-r-	c:\windows\system32\msfDX.dll
2008-03-16 10:30	216064	--sha-r-	c:\windows\system32\nbDX.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23	68216	----a-w-	c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMAN.EXE" [2011-04-05 3278232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]
"mouseElf"="c:\progra~1\SLIMST~1\MouseElf.EXE" [2006-03-13 471157]
"FixCamera"="c:\windows\FixCamera.exe" [2008-08-21 188928]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-01 675840]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2009-12-11 320512]
"Guard.Mail.ru.gui"="c:\program files\Mail.Ru\Guard\GuardMailRu.exe" [2011-04-11 1472720]
"RTHDCPL"="RTHDCPL.EXE" [2011-02-17 20029032]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-26 292152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDesktopIniCache"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-02-25 20:01	437160	----a-w-	c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 08:41	196608	----a-w-	c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management 
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [07.01.2009 23:39 20744]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [23.03.2011 17:13 218688]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19.03.2009 11:44 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [19.03.2009 11:45 93848]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [06.09.2010 20:36 98160]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09.06.2010 16:43 11352]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27.02.2009 16:40 143467]
R2 Guard.Mail.ru;Guard.Mail.ru;c:\program files\Mail.Ru\Guard\GuardMailRu.exe [30.10.2010 20:16 1472720]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [07.12.2008 12:44 30088]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [03.04.2011 21:16 7808]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [02.07.2008 14:58 26248]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [07.05.2010 11:06 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02.11.2009 19:27 19472]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [28.10.2010 22:45 100456]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [12.01.2011 14:42 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 14:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.10.2010 22:47 1691480]
S3 gupdate;Google Güncelleme Hizmeti (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.11.2010 23:51 136176]
S3 PAC207;SoC PC-Camer@; [x]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [03.04.2011 00:44 12984]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [04.08.2004 00:56 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 14:16 753504]
S4 ekrn;ESET Service; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ   	WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 14:02	114688	----a-w-	c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 18:51]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 18:51]
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1659004503-839522115-1003Core.job
- c:\documents and settings\Turk\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-26 13:42]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1659004503-839522115-1003UA.job
- c:\documents and settings\Turk\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-26 13:42]
.
2011-04-18 c:\windows\Tasks\User_Feed_Synchronization-{A4949B71-9500-4CAF-9696-5F8A7CD82246}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 23:31]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: Bütün linkleri IDM ile indir - c:\program files\Internet Download Manager\IEGetAll.htm
IE: FLV video içeriğini IDM ile indir - c:\program files\Internet Download Manager\IEGetVL.htm
IE: IDM ile indir - c:\program files\Internet Download Manager\IEExt.htm
FF - ProfilePath - c:\documents and settings\Turk\Application Data\Mozilla\Firefox\Profiles\offazt9v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-WBSrv - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-18 21:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2d8c0eb5-c3ca-45a9-b22c-c480308816d2}]
@Denied: (Full) (Everyone)
"Model"=dword:00000033
"Therad"=dword:00000011
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):1f,f5,54,04,ca,65,aa,fc,b8,54,47,29,a7,01,e9,2e,46,30,60,70,e2,
   70,a3,b1,56,3f,ff,b0,00,5f,d2,fc,55,74,9b,c9,0b,45,d7,44,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):9d,29,1b,1c,f1,1b,a1,04,f5,f4,bc,23,5d,82,0c,28,ee,64,7a,a1,00,
   15,d1,c6,d4,6b,cc,47,2a,80,28,de,80,92,a5,5c,c2,c3,4f,09,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{925ced7a-fadc-4b3f-b993-fa5ccdd5d4e4}]
@Denied: (Full) (Everyone)
"Model"=dword:00000042
"Therad"=dword:0000002a
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,7c,a3,58,23,ec,af,2d,15,15,ef,a1,46,54,19,6c,0d,35,95,e0,f3,7c,6d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2392)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\TEMP\GuardGuard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\PAStiSvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2011-04-18  22:01:08 - machine was rebooted
ComboFix-quarantined-files.txt  2011-04-18 17:01
.
Pre-Run: 114.703.048.704 bytes free
Post-Run: 114.722.856.960 bayt boş
.
- - End Of File - - FE2A957E47F48C8EC7B0373B36FE68C6

[Zaur]

Birde Combofix ile tarama sonrası Winpatrol bu uyarıları verdi bunlar neyin nesidir acaba? VİDEO

[velociraptor]

combofix e güvenebilirsin ,winpatrol aldigi sistem resmi ile son degisikliklerden sonrakini karsilastirip sana o uyariyi vermis , aldirma derim ve degisikligi onayla

[Zaur]

Combofix çalıştığında Microsoft Windows Recovery Console diye birşey yükledi ve pc başlanğıcda sistem seçimi önerdiyi yere bunuda eklemiş, bu nedir ki böyle?

Kod: Tümünü seç

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional Turk" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional Eng" /noexecute=optin /fastdetect

[velociraptor]

o boot menüsüne göre sende iki ayri dizinde iki farkli dilde xp kurulu C:\ türkce Xp , D:\ingilizce XP, öylemi gercekten ?

[Zaur]

Ben pc'ni alarken öyle istemişdim ve ingilizce XP'ni ruscada edile bilmesin istemişdim (dil paketi ile) amma galiba salaklar sadece ingilizce XP kurmuşlar ve dil paketi ile üç dile ayarlamışlar, boot menüsündede yalandan iki ayri dizin yapmışlar.

Eger gerçekden C:\ Türkce Xp olsaydı Bilgisayarımdakı ve Internet Explorer'de ki menüler ingilizce olmazdı değilmi?

Peki bu Combofix çalıştığında Microsoft Windows Recovery Console diye birşey yükledi ve C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug oluşmuş, bu neyin nesidir?

[velociraptor]

boot menüsünde yeralmasini istemedigini sil gitsin , normalde combofix boot menüsüne birsey eklemez , sanirim sende recovery konsol u gördü ve bunun boot menüsüne ekledi

[Zaur]

Recovery konsolu nedir ki?

[velociraptor]

kurtarma konsolu pc acilirken bir tusa basilir (hangi tus oldugu degiskendir) ve bilgisayar ik alindigi haline geri döner

[Zaur]

Bu ilk hali silinmişsedemi yoksa sadece sistem onarıyornu?

[velociraptor]

Pc yi aldiginda olusturulmussa , bu hem ilk hali oluyor hemde isletim sistemin bozuldugunda calisir zaviyete getirdiginden onariyor olarak varsayilabiliyor

[Zaur]

Ama bende xpspeed ilk alındığı tarihi silmiş sadece nisan ayınınkı kalmış halbu ki 8 aydır pc alındığı, peki bu zaman ne yapacak?

[velociraptor]

meraklanma onlar zaten isine yaramazdi , ben sebebini muhtelif tarihlerde aciklamistim

[Zaur]

Neyin sebebin?