Win32.Worm.Downladup.Gen.log dosyası

_OnuR_

18-04-2009, 16:04 | #1

OP Yıllanmış Üye

Teşekkür Sayısı: 0

890 mesaj

Kayıt Tarihi:Kayıt: Ağu 2008

Bugün c:\ sürücüsünde "Win32.Worm.Downladup.Gen.log" adında bi dosya buldum içinde şunlar yazıyordu:

Bu bilgisayara virüs bulaştığını mı gösterir?

Mustafa@PC

18-04-2009, 16:13 | #2

Yıllanmış Üye

Teşekkür Sayısı: 5

13,125 mesaj

Kayıt Tarihi:Kayıt: Şub 2008

Bilgisayarda bitdefenderin herhangi bir programı mı kurulu ?

Galiba taratma yapıp bazı işlemleri sonlandırmış.

_OnuR_

18-04-2009, 16:19 | #3

OP Yıllanmış Üye

Teşekkür Sayısı: 0

890 mesaj

Kayıt Tarihi:Kayıt: Ağu 2008

Hayır hiç kurmadım

Mustafa@PC

18-04-2009, 16:22 | #4

Yıllanmış Üye

Teşekkür Sayısı: 5

13,125 mesaj

Kayıt Tarihi:Kayıt: Şub 2008

O Zaman avira 2009 ile bi tarat bilgisayarı

Combofixlede güvenli modda tarat...

_OnuR_

18-04-2009, 17:15 | #5

OP Yıllanmış Üye

Teşekkür Sayısı: 0

890 mesaj

Kayıt Tarihi:Kayıt: Ağu 2008

Tarattım. c:\ ye combofix.txt adıda bi dosya bırakmış onda da şunlar yazıyor:

Son Düzenleme: _OnuR_ ~ 18 Nisan 2009 17:38

OnlyMann

18-04-2009, 17:29 | #6

Yıllanmış Üye

Teşekkür Sayısı: 5

2,779 mesaj

Kayıt Tarihi:Kayıt: Şub 2009

makinanızda conficker virüsü bulunmuş ve taranmış temizlenmiş. ona ait sonuç 8log) dosyasıdır. bunu muhtemelen (norton) W32.Downadup Removal Tool_FixDwndp.exe tarzında virüs temizleme programları veya yukarıda denildiği gibi combofix gibi koruma programlarının sonuç dosyalarıdır.

Son Düzenleme: OnlyMann ~ 18 Nisan 2009 18:02

_OnuR_

18-04-2009, 17:40 | #7

OP Yıllanmış Üye

Teşekkür Sayısı: 0

890 mesaj

Kayıt Tarihi:Kayıt: Ağu 2008

bu arada benim yolladığım mesaj la foruma çıkan mesaj aynı değil:S:S mesela 3. mesajım da
ComboFix 09-04-18.05 - TurkTorrent 18.04.2009 16:54.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.767.614 [GMT 3:00]
Running from: c:\documents and settings\Turktorrent\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090417-0] *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Turktorrent\Desktop\ıvır zıvır\masaüstü\pro\SnagIt_9.0.2.9_Portable\SnagIt 9.0.2.9 Portable\Extra\Desktop_.ini

.
((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-18 11:53 . 2009-04-18 11:53 -------- d-----w c:\documents and settings\All Users\Application Data\3A38C
2009-04-15 18:48 . 2009-04-15 18:48 -------- d-----w c:\documents and settings\Turktorrent\Local Settings\Application Data\Stardock
2009-04-15 18:37 . 2009-04-15 18:37 -------- d-----w c:\documents and settings\Turktorrent\Application Data\Stardock
2009-04-15 16:37 . 2008-11-20 19:19 9200 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-04-15 16:37 . 2008-11-20 19:19 9072 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-04-15 16:34 . 2009-04-15 16:34 -------- d-----w c:\windows\system32\IOSUBSYS
2009-04-14 17:35 . 2009-04-14 17:35 -------- d-----w c:\documents and settings\Turktorrent\Application Data\Desktopicon
2009-04-10 16:21 . 2009-04-17 20:52 -------- d-----w C:\downloads
2009-04-10 16:21 . 2009-04-10 20:44 -------- d-----w c:\documents and settings\Turktorrent\Application Data\GrabPro
2009-04-10 16:21 . 2009-04-18 13:41 -------- d-----w c:\documents and settings\Turktorrent\Application Data\Orbit
2009-04-08 21:25 . 2009-04-08 21:25 3366912 ----a-w c:\windows\system32\GPhotos.scr
2009-04-07 17:57 . 2009-04-07 17:57 -------- d-----w c:\documents and settings\All Users\Application Data\3241
2009-04-06 14:04 . 2009-04-06 14:04 -------- d-----w c:\documents and settings\Turktorrent\Application Data\SystemRequirementsLab
2009-04-05 13:58 . 2009-04-05 13:58 -------- d-----w c:\documents and settings\All Users\Application Data\2A38
2009-04-04 16:22 . 2009-04-04 16:22 -------- d-----w c:\documents and settings\All Users\Application Data\24320
2009-04-02 12:52 . 2009-04-02 12:52 -------- d-----w c:\documents and settings\All Users\Application Data\2818B
2009-04-01 18:57 . 2009-04-01 18:57 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-01 18:57 . 2009-01-05 13:18 90112 ----a-w c:\windows\system32\QuickTimeVR.qtx
2009-04-01 18:57 . 2009-01-05 13:18 57344 ----a-w c:\windows\system32\QuickTime.qts
2009-04-01 17:55 . 2009-04-14 13:25 -------- d-----w c:\documents and settings\Turktorrent\Local Settings\Application Data\Apple Computer
2009-04-01 17:54 . 2009-04-01 17:54 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-04-01 17:47 . 2009-04-01 19:13 -------- d-----w c:\documents and settings\All Users\Application Data\DynEd
2009-03-31 15:19 . 2009-03-31 15:19 -------- d-----w c:\documents and settings\Turktorrent\Application Data\Talkback
2009-03-30 19:09 . 2009-03-30 19:10 380 ---h--w c:\windows\WINRDPDN30.SYS
2009-03-30 19:08 . 2009-04-05 15:36 -------- d-----w C:\AceReader Pro (Server)
2009-03-30 14:40 . 2009-03-30 14:40 -------- d-----w c:\documents and settings\All Users\Application Data\99F
2009-03-30 13:14 . 2009-03-30 13:19 23392 ----a-w c:\windows\system32\nscompat.tlb
2009-03-30 13:14 . 2009-03-30 13:19 16832 ----a-w c:\windows\system32\amcompat.tlb
2009-03-30 10:44 . 2009-03-30 10:48 -------- d-----w c:\windows\system32\XPSViewer
2009-03-30 10:43 . 2006-06-29 10:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-03-29 09:41 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-03-29 09:41 . 2008-10-03 12:30 414 ----a-w c:\windows\system32\lame_acm.xml
2009-03-29 09:41 . 2008-09-24 18:41 839680 ----a-w c:\windows\system32\lameACM.acm
2009-03-29 09:41 . 2007-09-21 00:52 118784 ----a-w c:\windows\system32\ac3acm.acm
2009-03-29 09:41 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-03-29 09:41 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll
2009-03-29 09:41 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll
2009-03-29 09:41 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll
2009-03-29 09:41 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-03-29 09:41 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll
2009-03-29 09:41 . 2007-07-10 16:10 547 ----a-w c:\windows\system32\ff_vfw.dll.manifest
2009-03-29 09:41 . 2009-03-02 18:10 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-03-28 14:12 . 2003-03-18 20:20 1060864 ----a-w c:\windows\system32\MFC71.dll
2009-03-28 12:46 . 2009-03-28 12:46 -------- d-----r c:\documents and settings\LocalService\Sık Kullanılanlar
2009-03-27 20:49 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-03-27 11:15 . 2008-04-13 07:34 166912 -c--a-w c:\windows\system32\dllcache\s3gnbm.sys
2009-03-27 11:15 . 2008-04-13 07:34 166912 ----a-w c:\windows\system32\drivers\s3gnbm.sys
2009-03-27 11:15 . 2008-04-14 07:00 397056 -c--a-w c:\windows\system32\dllcache\s3gnb.dll
2009-03-27 11:15 . 2008-04-14 07:00 397056 ----a-w c:\windows\system32\s3gnb.dll
2009-03-25 19:11 . 2009-03-25 19:11 -------- d-----w c:\documents and settings\Turktorrent\Application Data\FastStone

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 18:54 . 2009-03-03 15:23 -------- d-----w c:\documents and settings\Turktorrent\Application Data\gtk-2.0
2009-04-16 14:13 . 2009-04-05 15:09 -------- d-----w c:\program files\temalar
2009-04-11 20:12 . 2009-04-10 16:21 -------- d-----w c:\program files\Orbitdownloader
2009-04-08 10:27 . 2009-04-07 11:36 -------- d-----w c:\program files\7-Zip
2009-04-07 10:51 . 2003-03-09 23:08 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-06 14:04 . 2009-04-06 14:04 -------- d-----w c:\program files\SystemRequirementsLab
2009-04-05 17:33 . 2009-03-02 17:01 69120 ----a-w c:\documents and settings\Turktorrent\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-01 18:57 . 2009-04-01 18:56 -------- d-----w c:\program files\QuickTime Alternative
2009-04-01 17:47 . 2009-04-01 17:40 -------- d-----w c:\program files\DynEd
2009-04-01 10:50 . 2008-03-09 23:13 -------- d-----w c:\program files\Java
2009-03-30 13:19 . 2009-03-01 19:59 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-30 13:16 . 2001-11-22 14:00 77124 ----a-w c:\windows\system32\perfc01F.dat
2009-03-30 13:16 . 2001-11-22 14:00 420430 ----a-w c:\windows\system32\perfh01F.dat
2009-03-30 10:44 . 2009-03-30 10:44 -------- d-----w c:\program files\MSBuild
2009-03-30 10:44 . 2009-03-30 10:44 -------- d-----w c:\program files\Reference Assemblies
2009-03-30 10:28 . 2009-03-30 10:28 183 ------w C:\Win32.Worm.Downladup.Gen.log
2009-03-29 10:41 . 2009-03-11 12:47 -------- d-----w c:\program files\Google
2009-03-29 09:42 . 2009-03-07 13:14 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-29 09:18 . 2001-11-22 14:00 2864 ----a-w c:\windows\system32\winsock.dll
2009-03-28 16:55 . 2009-03-28 16:55 -------- d-----w c:\program files\mplayerc_homecinema_x86_v1.2.908.0(2)
2009-03-28 14:12 . 2009-03-28 14:12 -------- d-----w c:\program files\Alwil Software
2009-03-26 20:05 . 2009-03-26 20:05 -------- d-----w c:\program files\EA SPORTS
2009-03-26 14:21 . 2009-03-26 14:21 -------- d-----w c:\program files\Microsoft Hesap Makinesi +
2009-03-25 08:36 . 2009-03-13 12:36 -------- d-----w c:\program files\Messenger Plus! Live
2009-03-17 14:33 . 2009-03-17 14:33 -------- d-----w c:\documents and settings\All Users\Application Data\2C32B
2009-03-16 20:08 . 2009-03-16 20:08 -------- d-----w c:\documents and settings\Turktorrent\Application Data\OpenOffice.org
2009-03-15 11:33 . 2009-03-15 11:32 -------- d-----w c:\program files\Winamp
2009-03-14 19:52 . 2009-03-14 19:52 -------- d-----w c:\program files\Gimp Themes v1.0
2009-03-14 19:52 . 2009-03-14 19:52 -------- d-----w c:\program files\GIMP-2.0
2009-03-14 16:53 . 2009-03-12 19:06 -------- d-----w c:\program files\Windows Live
2009-03-14 16:50 . 2009-03-14 16:50 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-14 15:17 . 2009-03-14 15:17 -------- d-----w c:\program files\Microsoft
2009-03-14 14:55 . 2009-03-11 19:14 -------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-03-13 16:11 . 2009-03-13 16:11 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-13 09:49 . 2009-03-13 09:49 2813351 ------w C:\3.xpi
2009-03-12 15:34 . 2009-03-12 15:34 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-11 19:27 . 2009-03-11 19:14 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-03-11 18:49 . 2009-03-11 18:49 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-11 15:16 . 2009-03-11 15:16 -------- d-----w c:\documents and settings\All Users\Application Data\73D3
2009-03-11 00:19 . 2009-03-11 00:19 -------- d-----w c:\documents and settings\Turktorrent\Application Data\Nero
2009-03-11 00:09 . 2009-03-11 00:09 -------- d-----w c:\program files\BearShare Applications
2009-03-10 18:17 . 2009-03-10 18:17 -------- d-----w c:\documents and settings\Turktorrent\Application Data\Thinstall
2009-03-10 17:40 . 2009-03-10 17:39 -------- d-----w c:\program files\Kopyası Internet Explorer
2009-03-09 02:19 . 2009-03-02 14:19 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 02:34 . 2008-04-14 09:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2008-04-14 09:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2008-04-14 09:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2008-04-14 09:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2008-04-14 09:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2008-04-14 09:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2008-04-14 09:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2008-04-14 08:35 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2008-04-14 09:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2001-11-22 14:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-07 18:53 . 2009-03-07 18:53 -------- d-----w c:\documents and settings\Turktorrent\Application Data\GRETECH
2009-03-07 17:30 . 2009-03-07 17:30 -------- d-----w c:\documents and settings\All Users\Application Data\132F7
2009-03-02 16:56 . 2003-03-09 23:06 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-02 11:06 . 2009-03-02 11:06 -------- d-----w c:\documents and settings\Turktorrent\Application Data\Foxit
2009-03-01 20:57 . 2009-03-01 20:57 172 ------w C:\sqmnoopt02.sqm
2009-03-01 20:57 . 2009-03-01 20:57 172 ------w C:\sqmdata02.sqm
2009-03-01 20:56 . 2009-03-01 20:56 172 ------w C:\sqmnoopt01.sqm
2009-03-01 20:56 . 2009-03-01 20:56 172 ------w C:\sqmdata01.sqm
2009-03-01 20:56 . 2009-03-01 20:56 268 ------w C:\sqmdata00.sqm
2009-03-01 20:56 . 2009-03-01 20:56 244 ------w C:\sqmnoopt00.sqm
2009-03-01 20:51 . 2009-03-01 20:51 -------- d-----w c:\documents and settings\Turktorrent\Application Data\Media Player Classic
2009-03-01 20:20 . 2003-03-09 22:42 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-06 17:31 . 2009-02-06 17:31 308104 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
.

------- Sigcheck -------

[-] 2008-05-04 05:18 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Turktorrent\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-14 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-29 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]
"VMSnap3"="c:\windows\VMSnap3.exe" [2006-08-30 49152]
"Domino"="c:\windows\Domino.exe" [2006-06-28 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\qsb.exe" [2009-03-29 68592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang#141;‡Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-4-10 1719496]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programlar\Başlangıç\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

R1 aswSP;avast! Self Protection; [x]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R3 cpuz130;cpuz130; [x]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2006-04-25 428160]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-813497703-1957994488-500.job
- c:\documents and settings\Turktorrent\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-14 17:32]

2009-04-18 c:\windows\Tasks\User_Feed_Synchronization-{E8193107-3048-4822-ABEC-137A981A8849}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-BigDog303 - c:\windows\VM303_STI.EXE
HKLM-Run-ClickIVO - f:\program files\ClickIVO\clickivo.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.tr/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
TCP: {1C9F7BBE-5832-40FE-BBE1-BCD572E079D3} = 208.67.222.222,208.67.220.220
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
FF - ProfilePath - c:\documents and settings\Turktorrent\Application Data\Mozilla\Firefox\Profiles\nq4du068.defaultFF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DijitalSozluk
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tr/
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\Turktorrent\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: f:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 16:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-842925246-813497703-1957994488-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d0,d6,12,2e,9b,7d,7e,4b,89,84,8f,"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d0,d6,12,2e,9b,7d,7e,4b,89,84,8f,"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d0,d6,12,2e,9b,7d,7e,4b,89,84,8f,
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d0,d6,12,2e,9b,7d,7e,4b,89,84,8f,"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d0,d6,12,2e,9b,7d,7e,4b,89,84,8f,.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1324)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
.
Completion time: 2009-04-18 17:02
ComboFix-quarantined-files.txt 2009-04-18 14:01

Pre-Run: 3.008.991.232 bayt boş
Post-Run: 3.009.933.312 bayt boş

257
yazıyodu fakat ilk mesajımdaki yazı çıkmış

OnlyMann

18-04-2009, 17:50 | #8

Yıllanmış Üye

Teşekkür Sayısı: 5

2,779 mesaj

Kayıt Tarihi:Kayıt: Şub 2009

bu bir sonuç rapor (log) dosyası içinde yapılan işlemlere ait bilgiler mevcut, bu tür çıktıları hemen hemen bir çok program verebilir. içeriğinde veya sonuç olarak ekrana gösterilen sonuçta genle bilgiler verilebilir.

Mustafa@PC

18-04-2009, 18:21 | #9

Yıllanmış Üye

Teşekkür Sayısı: 5

13,125 mesaj

Kayıt Tarihi:Kayıt: Şub 2008

VMSnap3.exe sisteminde veya görev yöneticinde bu dosya muhtemelen var onu bir tarat iyi bir antivirüsle benim önerim avira 2009 ?

Turkish Developer

18-04-2009, 18:21 | #10

Yıllanmış Üye

Teşekkür Sayısı: 0

671 mesaj

Kayıt Tarihi:Kayıt: Nis 2009

Merhaba.

Bu İçeriği Bulmanız Sisteminizde '' Conficker '' in Olduğunu Ortaya Koymaz.
İlgili Zararlı Zaten ,Güncellenmesinden Sonra , Kendini Sistemde Tanımlandırmıyor, veya Yolunu Göstermiyor.

Kullanmış Olduğunuz Güvenlik programının Bu Zararlı İçin Geçmiş / Girmiş ve Geliştirmekte Olduğu Bir Logging Raporudur.

Bir Çok Güvenlik Programı Tarafından Zaten

Net-Worm.Win32.Kido
W32/Conficker.worm.gen
Worm.Conficker
W32.Downadup
W32/Downadup.AL
W32/Confick-A
Win32/Conficker.A
Mal/Conficker
Worm:Win32/Conficker.B
Win32.Worm.Downadup.Gen

Bunlar ile İlgili Raporlar Alabilirsiniz.

Şayet Windows32 Gizli Dosya Özelliğinde
; Bu Adlarda ve Uzantılarda , exe / dll ve Diğer Uzantılarda Olabilir, Bulmuşsanız Sistemden Hedef Yolunu Görme Şansınız Varsa Bulup Orayı ve Kendisini İmha Ediniz.

Çünkü Conficker ve Varyantlarda Geçen Adlarda Malwareler Son Bir Haftadır Türemiş Durumda.

Kolay Gelsin.