combofix raporu (sorun varmı?)

HFG
28-12-2011, 15:17   |  #1  
OP Üye
Teşekkür Sayısı: 0
84 mesaj
Kayıt Tarihi:Kayıt: Oca 2009

ComboFix 11-12-27.01 - hakan 28.12.2011  15:04:49.1.2 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1254.90.1055.18.3071.2767 [GMT 2:00]
Running from: c:\documents and settings\hakan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\Internet Explorer\ie.bat
c:\windows\system32\muzapp.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-11-28 to 2011-12-28  )))))))))))))))))))))))))))))))
.
.
2011-12-28 12:56 . 2011-12-28 12:56        56200        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC2007E5-1129-44C6-B214-215402F598FC}\offreg.dll
2011-12-27 12:27 . 2011-12-27 12:27        --------        d-----w-        c:\program files\MSXML 6.0
2011-12-27 12:11 . 2011-11-21 00:47        6823496        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC2007E5-1129-44C6-B214-215402F598FC}\mpengine.dll
2011-12-27 12:03 . 2011-12-27 12:04        --------        d-----w-        c:\program files\Microsoft Security Client
2011-12-27 11:51 . 2011-07-15 13:29        456320        -c----w-        c:\windows\system32\dllcache\mrxsmb.sys
2011-12-26 19:26 . 2010-10-19 20:51        222080        ------w-        c:\windows\system32\MpSigStub.exe
2011-12-26 18:58 . 2011-12-26 18:58        --------        d-----w-        c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2011-12-26 18:19 . 2011-12-26 18:19        --------        d-----w-        c:\program files\Windows Live SkyDrive
2011-12-26 17:58 . 2011-12-26 17:58        --------        d-----w-        c:\program files\VS Revo Group
2011-12-25 17:00 . 2011-12-25 17:00        --------        d-----w-        c:\program files\Common Files\DirectX
2011-12-25 15:59 . 2000-05-22 00:00        203976        ----a-w-        c:\windows\system32\RICHTX32.OCX
2011-12-25 15:59 . 1998-06-23 21:00        115016        ----a-w-        c:\windows\system32\MSINET.OCX
2011-12-25 15:59 . 1998-06-23 21:00        108336        ----a-w-        c:\windows\system32\MSWINSCK.OCX
2011-12-25 15:18 . 2011-12-26 18:19        --------        d-----w-        c:\program files\Windows Live
2011-12-25 14:46 . 2011-12-25 14:46        3584        ----a-r-        c:\documents and settings\hakan\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-12-25 14:46 . 2011-12-25 14:46        --------        d-----w-        c:\program files\Windows Installer Clean Up
2011-12-25 14:30 . 2011-12-25 14:30        --------        d-----w-        c:\windows\system32\wbem\Repository
2011-12-25 14:29 . 2011-12-25 14:29        --------        d-----w-        c:\program files\Opera
2011-12-25 14:29 . 2011-12-25 14:29        --------        d-----w-        c:\documents and settings\hakan\Local Settings\Application Data\Windows Live Writer
2011-12-25 14:28 . 2011-12-25 14:28        --------        d-----w-        c:\documents and settings\hakan\Application Data\ENBSeries Configurator for GTA San Andreas
2011-12-25 14:28 . 2011-12-25 14:28        --------        d-----w-        c:\documents and settings\hakan\Application Data\doctor
2011-12-22 12:21 . 2011-12-22 12:21        --------        d-----w-        c:\program files\Microsoft Sync Framework
2011-12-22 12:21 . 2011-12-22 12:21        --------        d-----w-        c:\documents and settings\LocalService\IETldCache
2011-12-19 14:48 . 2011-12-19 14:48        --------        d-----w-        c:\documents and settings\hakan\Local Settings\Application Data\Chromium
2011-12-19 14:28 . 2011-12-19 14:49        --------        d-----w-        c:\documents and settings\hakan\Local Settings\Application Data\PMB Files
2011-12-19 14:24 . 2011-12-19 14:29        --------        d-----w-        c:\documents and settings\All Users\Application Data\PMB Files
2011-12-19 14:24 . 2011-12-19 14:24        --------        d-----w-        c:\program files\Pando Networks
2011-12-15 13:37 . 2011-12-15 13:37        --------        d-----w-        c:\program files\IObit
2011-12-13 14:23 . 2011-12-13 14:23        --------        d-----w-        c:\windows\system32\xlive
2011-12-13 14:23 . 2011-12-13 14:24        --------        d-----w-        c:\program files\Microsoft Games for Windows - LIVE
2011-12-13 14:23 . 2011-12-13 14:39        --------        d-----w-        c:\program files\Rockstar Games
2011-12-11 14:11 . 2011-12-22 18:33        --------        d-----w-        c:\program files\MSECACHE
2011-12-07 11:55 . 2011-12-07 11:55        84320        ----a-w-        c:\windows\system32\drivers\jraid.sys
2011-12-07 11:53 . 2011-12-07 11:53        40848        ----a-w-        c:\windows\system32\drivers\point32.sys
2011-12-05 17:22 . 2011-12-05 17:22        --------        dc-h--w-        c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-12-05 17:16 . 2011-12-05 17:16        --------        d-----w-        c:\documents and settings\All Users\Uniblue
2011-12-04 19:29 . 2011-12-04 19:29        159744        ----a-w-        c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-12-04 19:29 . 2011-12-04 19:29        159744        ----a-w-        c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-12-04 19:29 . 2011-12-04 19:29        159744        ----a-w-        c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-12-04 19:29 . 2011-12-04 19:29        159744        ----a-w-        c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-12-04 19:29 . 2011-12-04 19:29        159744        ----a-w-        c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-12-04 19:29 . 2011-12-04 19:29        159744        ----a-w-        c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-12-04 19:29 . 2011-12-04 19:29        159744        ----a-w-        c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-12-04 19:20 . 2011-12-04 19:20        --------        d-----w-        c:\program files\iPod
2011-12-02 13:23 . 2011-10-19 20:16        20312        ----a-w-        c:\windows\system32\RegistryDefragBootTime.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 16:57 . 2011-05-19 14:55        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-07 11:54 . 2011-04-20 08:41        46632        ----a-w-        c:\windows\system32\drivers\l1e51x86.sys
2011-12-07 11:53 . 2011-09-21 13:39        1461992        ----a-w-        c:\windows\system32\wdfcoinstaller01009.dll
2011-12-07 11:49 . 2011-04-20 09:05        84584        ----a-w-        c:\windows\SOUNDMAN.EXE
2011-12-07 11:49 . 2011-04-20 09:05        359016        ----a-w-        c:\windows\vncutil.exe
2011-12-07 11:49 . 2011-04-20 09:05        1833576        ----a-w-        c:\windows\SkyTel.exe
2011-12-07 11:49 . 2011-04-20 08:38        1489512        ----a-w-        c:\windows\RtlUpd.exe
2011-12-07 11:49 . 2011-04-20 09:05        9721960        ----a-w-        c:\windows\RTLCPL.EXE
2011-12-07 11:49 . 2011-04-20 09:05        53864        ----a-w-        c:\windows\system32\RtkCoInstXP.dll
2011-12-07 11:49 . 2011-04-20 09:05        129640        ----a-w-        c:\windows\RtkAudioService.exe
2011-12-07 11:49 . 2011-04-20 08:38        891496        ----a-w-        c:\windows\system32\RTSndMgr.CPL
2011-12-07 11:49 . 2011-04-20 08:38        6108776        ----a-w-        c:\windows\system32\drivers\RtkHDAud.sys
2011-12-07 11:49 . 2011-04-20 09:05        1395800        ----a-w-        c:\windows\system32\drivers\Monfilt.sys
2011-12-07 11:49 . 2011-04-20 08:38        2180712        ----a-w-        c:\windows\MicCal.exe
2011-12-07 11:49 . 2011-04-20 08:38        19557480        ----a-w-        c:\windows\RTHDCPL.EXE
2011-12-07 11:49 . 2011-04-20 09:05        64104        ----a-w-        c:\windows\ALCMTR.EXE
2011-12-07 11:49 . 2011-04-20 09:05        2815592        ----a-w-        c:\windows\ALCWZRD.EXE
2011-12-07 11:49 . 2011-04-20 09:05        285288        ----a-w-        c:\windows\system32\ALSNDMGR.CPL
2011-12-07 11:49 . 2011-04-20 09:05        1691480        ----a-w-        c:\windows\system32\drivers\Ambfilt.sys
2011-11-23 14:40 . 2004-08-03 21:38        1859584        ----a-w-        c:\windows\system32\win32k.sys
2011-11-17 13:59 . 2011-11-17 13:59        1700352        ----a-w-        c:\windows\system32\gdiplus.dll
2011-11-17 13:59 . 2011-11-17 13:59        1060864        ----a-w-        c:\windows\system32\mfc71.dll
2011-11-01 16:07 . 2004-08-03 21:45        1288192        ----a-w-        c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-03 21:45        33280        ----a-w-        c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2004-08-04 00:40        2029056        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:50 . 2004-08-03 21:40        2150912        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-10-24 12:29 . 2011-10-24 12:29        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx
2011-10-24 12:29 . 2011-10-24 12:29        69632        ----a-w-        c:\windows\system32\QuickTime.qts
2011-10-18 11:13 . 2004-08-03 21:45        186880        ----a-w-        c:\windows\system32\encdec.dll
2011-10-10 14:23 . 2011-04-20 08:04        692736        ----a-w-        c:\windows\system32\inetcomm.dll
2011-10-08 04:50 . 2011-11-08 14:47        877376        ----a-w-        c:\windows\system32\nvgenco32.dll
2011-10-08 04:50 . 2011-11-08 14:47        919872        ----a-w-        c:\windows\system32\nvdispco32.dll
2011-10-08 04:50 . 2011-04-22 11:01        65536        ----a-w-        c:\windows\system32\OpenCL.dll
2011-10-08 04:50 . 2011-04-22 11:01        5595136        ----a-w-        c:\windows\system32\nvcuda.dll
2011-10-08 04:50 . 2011-04-22 11:01        4226688        ----a-w-        c:\windows\system32\nv4_disp.dll
2011-10-08 04:50 . 2011-04-22 11:01        2449408        ----a-w-        c:\windows\system32\nvapi.dll
2011-10-08 04:50 . 2011-04-22 11:01        2398016        ----a-w-        c:\windows\system32\nvcuvid.dll
2011-10-08 04:50 . 2011-04-22 11:01        2099520        ----a-w-        c:\windows\system32\nvcuvenc.dll
2011-10-08 04:50 . 2011-04-22 11:01        17956864        ----a-w-        c:\windows\system32\nvoglnt.dll
2011-10-08 04:50 . 2011-04-22 11:01        17240064        ----a-w-        c:\windows\system32\nvcompiler.dll
2011-10-08 04:50 . 2011-04-22 11:01        12791488        ----a-w-        c:\windows\system32\drivers\nv4_mini.sys
2011-10-08 04:50 . 2011-04-07 19:15        602432        ----a-w-        c:\windows\system32\easyupdatusapiu.dll
2011-10-08 04:50 . 2011-04-07 19:15        54272        ----a-w-        c:\windows\system32\nvwddi.dll
2011-10-08 04:50 . 2011-04-07 19:15        203072        ----a-w-        c:\windows\system32\nvmctray.dll
2011-10-08 04:50 . 2011-04-07 19:15        16744256        ----a-w-        c:\windows\system32\nvcpl.dll
2011-10-08 04:50 . 2011-04-07 19:15        298304        ----a-w-        c:\windows\system32\nvsvc32.exe
2011-10-08 04:50 . 2011-04-07 19:15        220992        ----a-w-        c:\windows\system32\nvcolor.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\documents and settings\hakan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-11-21 137536]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-15 619352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-25 136192]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-03 143360]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-07 19557480]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IObitLogon]
2011-10-19 20:18        100696        ----a-w-        c:\program files\IObit\Advanced SystemCare 5\IObitLogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ           \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-03-25 01:10        166912        ----a-w-        c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-03-25 01:10        134656        ----a-w-        c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wlidsvc"=2 (0x2)
"ose"=3 (0x3)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Oyunlar\\Aksiyon\\ZombiRockTS\\bin\\PbLauncher.exe"=
"d:\\Oyunlar\\Aksiyon\\ZombiRockTS\\bin\\pbclient.exe"=
.
S2 .EsetTrialReset;Eset Trial Reset; [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [15.12.2011 15:37 494424]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [22.04.2011 13:01 2253120]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20.04.2011 11:05 1691480]
S3 apf001;apf001;d:\oyunlar\Aksiyon\WolfTeamTS\apf001.sys [12.11.2011 14:45 10872]
S3 CEDRIVER60;CEDRIVER60; [x]
S3 EagleXNt;EagleXNt; [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [20.04.2011 10:31 110080]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [21.09.2011 15:39 18432]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [22.04.2011 13:01 119656]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 14:57]
.
2011-12-27 c:\windows\Tasks\ASC5_AutoClean.job
- c:\program files\IObit\Advanced SystemCare 5\AutoSweep.exe [2011-12-15 15:59]
.
2011-12-25 c:\windows\Tasks\ASC5_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 5\AutoUpdate.exe [2011-12-15 13:41]
.
2011-12-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-527237240-1614895754-725345543-1003Core.job
- c:\documents and settings\hakan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-11-21 12:56]
.
2011-12-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-527237240-1614895754-725345543-1003UA.job
- c:\documents and settings\hakan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-11-21 12:56]
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1614895754-725345543-1003Core.job
- c:\documents and settings\hakan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-16 10:49]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1614895754-725345543-1003UA.job
- c:\documents and settings\hakan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-16 10:49]
.
2011-12-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2011-12-28 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2011-12-27 c:\windows\Tasks\User_Feed_Synchronization-{7AE3190C-09AA-4546-9A9B-19157EDCA23A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.tr/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 195.175.39.40 195.175.39.39
TCP: Interfaces\{239EFCB5-086B-4F4E-821C-9F85F8CCF090}: NameServer = 195.175.39.39,195.175.39.166,213.243.1.42
TCP: Interfaces\{29FD1790-75D3-412E-9F79-5D595D0CD7D2}: NameServer = 195.175.39.39,195.175.39.166,213.243.1.42
TCP: Interfaces\{71BD3998-192D-4661-8D7F-B96DEDAFB2FF}: NameServer = 195.175.39.39,195.175.39.166,213.243.1.42
TCP: Interfaces\{8040D4B2-4B5D-4548-92E8-4738CF01C325}: NameServer = 195.175.39.39,195.175.39.166,213.243.1.42
TCP: Interfaces\{D582EAE1-DF87-4E54-A74C-A7BAD10F82D5}: NameServer = 195.175.39.39,195.175.39.166,213.243.1.42
TCP: Interfaces\{E7165362-B8CE-44D6-9DB2-7B31A0A0EE43}: NameServer = 195.175.39.39,195.175.39.166,213.243.1.42
TCP: Interfaces\{FE71E3AB-8EA0-4D73-8947-033837B9FCDA}: NameServer = 195.175.39.39,195.175.39.166,213.243.1.42
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-28 15:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-527237240-1614895754-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:99,a0,ca,9e,e4,c7,fb,67,29,03,7e,18,7a,8a,67,f7,f4,ba,92,e3,c8,
   25,c1,d2,99,f9,f6,3c,6f,b6,02,34,bb,b1,f6,37,1d,2e,33,d2,aa,db,99,52,44,dc,"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\program files\IObit\Advanced SystemCare 5\IObitLogon.dll
.
Completion time: 2011-12-28  15:08:59
ComboFix-quarantined-files.txt  2011-12-28 13:08
.
Pre-Run: 50.587.688.960 bayt boş
Post-Run: 51.227.766.784 bayt boş
.
- - End Of File - - 75B7DC6FCBE122D7448B00BE4F3DCDAC
evet arkadaşlar herhangi bir sorun varmıdır bilgisayarımda ?? saygılar...