ComboFix Bittikten Sonra Çıkan Yazı

Bu konuyu okuyanlar

Kenpachi

Profesör
Katılım
23 Haz 2012
Mesajlar
1,590
Reaksiyon puanı
24
Puanları
38
Öncelikle herkese iyi forumlar.Bilgisayarımın aşırı kasması nedeniyle combofix ile tarattım bugün ve sonunda bi .txt uzantılı bir yazı çıktı (İlk defa combofix kullandım).Yazı neyden bahsediyor birşey anlamadım anlayan varsa ve anlatırsa sevaba girer

Yazı:

ComboFix 14-04-19.01 - Kenpachi 20.04.2014 16:20:21.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1254.90.1033.18.4094.2318 [GMT 3:00]
Running from: c:\users\Kenpachi\Desktop\ComboFix-tamindir.exe
AV: Kaspersky PURE 3.0 *Disabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DFX\DFX.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-03-20 to 2014-04-20 )))))))))))))))))))))))))))))))
.
.
2014-04-20 13:45 . 2014-04-20 13:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-20 03:28 . 2014-04-20 03:28 -------- d-----w- c:\users\Kenpachi\AppData\Local\Max Secure Software
2014-04-20 03:28 . 2014-04-20 03:29 -------- d-----w- c:\users\Kenpachi\AppData\Roaming\GetRightToGo
2014-04-18 18:04 . 2014-04-18 18:04 -------- d-----w- c:\users\Kenpachi\AppData\Local\Ubisoft
2014-04-13 08:51 . 2014-04-13 08:51 -------- d-----w- c:\users\Kenpachi\AppData\Local\Chromium
2014-04-13 08:50 . 2014-04-13 08:50 -------- d-----w- c:\programdata\Rockstar Games
2014-04-13 08:50 . 2014-04-13 08:50 -------- d-----w- c:\program files (x86)\Rockstar Games
2014-04-13 00:11 . 2014-04-13 00:11 -------- d-----w- c:\users\Kenpachi\AppData\Roaming\2K Sports
2014-04-12 23:32 . 2014-04-12 23:32 -------- d-----w- c:\program files (x86)\2K Sports
2014-04-12 19:43 . 2014-04-12 19:43 -------- d-----w- c:\users\Kenpachi\AppData\Local\EMU
2014-04-05 13:57 . 2014-04-05 13:57 -------- d-----w- c:\program files (x86)\Microsoft
2014-04-05 13:56 . 2014-04-05 13:56 -------- d-----w- c:\windows\F9835182794B4F24902AE2CA9D43380F.TMP
2014-03-30 16:20 . 2014-03-30 16:20 -------- d-----w- c:\users\Kenpachi\AppData\Local\CrashRpt
2014-03-30 16:11 . 2014-03-30 16:11 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls
2014-03-30 15:32 . 2014-03-30 15:32 -------- d-----w- c:\program files (x86)\Dishonored
2014-03-30 15:25 . 2014-03-30 15:25 -------- d-----w- c:\users\Kenpachi\AppData\Local\FLT
2014-03-30 14:29 . 2014-03-30 15:16 -------- d-----w- c:\program files (x86)\BioShock Infinite
2014-03-29 09:26 . 2014-03-29 09:26 -------- d-----w- c:\users\Kenpachi\AppData\Local\Mozilla
2014-03-29 09:26 . 2014-03-29 09:26 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-03-27 13:09 . 2014-03-30 12:40 -------- d-----w- c:\users\Kenpachi\AppData\Local\dxhr
2014-03-27 13:08 . 2014-03-27 13:08 -------- d-----w- c:\users\Kenpachi\AppData\Local\28050
2014-03-27 12:52 . 2014-03-27 12:52 -------- d-----w- c:\program files (x86)\SQUARE ENIX
2014-03-25 18:11 . 2014-03-25 18:11 -------- d-----w- c:\programdata\McAfee
2014-03-25 17:02 . 2014-03-25 17:02 -------- d-----w- c:\users\Kenpachi\AppData\Local\CAPCOM
2014-03-25 16:50 . 2014-03-25 16:50 -------- d-----w- c:\program files (x86)\CAPCOM
2014-03-22 17:48 . 2014-03-22 17:59 -------- d-----w- c:\program files (x86)\S4League
2014-03-22 17:48 . 2003-08-15 14:02 69632 ------w- c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2014-03-22 17:48 . 2003-08-15 14:01 380928 ------w- c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2014-03-22 17:48 . 2003-08-15 13:57 212992 ------w- c:\program files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2014-03-22 17:46 . 2003-09-03 00:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2014-03-22 17:46 . 2003-09-03 00:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2014-03-22 17:46 . 2003-09-03 00:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2014-03-22 17:46 . 2003-09-03 00:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2014-03-22 17:46 . 2003-09-03 00:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2014-03-22 17:46 . 2014-03-22 17:46 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2014-03-22 17:46 . 2014-03-22 17:46 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-18 18:28 . 2014-02-01 08:43 291488 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-04-18 18:28 . 2013-10-05 18:31 291488 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-04-18 18:04 . 2013-10-05 18:31 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-04-18 18:04 . 2013-10-05 18:31 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-03-12 18:08 . 2013-12-28 07:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 18:08 . 2013-12-28 07:27 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-25 14:48 . 2014-03-08 14:48 144664 ----a-w- c:\windows\SysWow64\secman.dll
2014-01-23 03:21 . 2014-02-20 21:43 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2014-01-23 03:21 . 2014-02-20 21:43 206080 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2014-01-23 03:21 . 2014-02-20 21:43 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2014-01-23 03:21 . 2014-02-20 21:43 108800 ----a-w- c:\windows\system32\drivers\ssudbus.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-10-31 20:08 277560 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 15:20 459784 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-02-25 1821888]
"UpdateChecker"="c:\program files (x86)\SqueakyChocolate\UpdateChecker\UpdateCheckerApp.exe" [2013-08-25 7168]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"musiXmatch lyrics"="c:\users\Kenpachi\AppData\Local\Apps\2.0\VRERMV0J.Y1R\ZVBEHT93.2J8\lyri..tion_7f4fb2453a94cfd0_0001.0001_af964fa744078543\lyriXmatchDesktop.exe" [2014-01-30 990208]
"KiesPDLR.exe"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2014-02-14 845120]
"Keyboard Inf."="c:\users\Kenpachi\AppData\Roaming\Awesomium\ybio.exe" [2014-03-30 5127680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2013-10-16 356128]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-02-14 311616]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"Philips Device Listener"="c:\program files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-06-27 380416]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Philips SA4VD4 Device Manager.lnk - c:\program files (x86)\Philips\GoGear SA4VD4 Device Manager\main.exe [2013-12-6 127120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BCMH43XX;AirTies Air2410/Air2411 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 Rockusb;Driver for Rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys;c:\windows\SYSNATIVE\DRIVERS\rockusb.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 X6va014;X6va014;c:\windows\SysWOW64\Drivers\X6va014;c:\windows\SysWOW64\Drivers\X6va014 [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 Airties AirTouch Service;Airties AirTouch Service;c:\program files (x86)\AirTies\AirTies Wireless USB Adapter\WPSService.exe;c:\program files (x86)\AirTies\AirTies Wireless USB Adapter\WPSService.exe [x]
S2 AirTouch Check Service;AirTouch Check Service;c:\program files (x86)\AirTies\AirTies Wireless USB Adapter\AirTouch Check Service.exe;c:\program files (x86)\AirTies\AirTies Wireless USB Adapter\AirTouch Check Service.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe [x]
S3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-10 18:19 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-28 18:08]
.
2014-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-05 11:17]
.
2014-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-05 11:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-10-31 20:08 336952 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 15:22 492040 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Microsoft Excel'e &Ver - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A1E12860-C55D-4206-B887-706957297E14}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B29CDA05-6B15-4BA9-AEBB-EEBA0D522F33}: NameServer = 216.55.186.206,216.55.186.207
FF - ProfilePath - c:\users\Kenpachi\AppData\Roaming\Mozilla\Firefox\Profiles\xenhfoar.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RSS - wscript c:\users\Kenpachi\AppData\Roaming\Adobe\Flash Player\File Cache\file.vbs
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKLM-Run-DFX - c:\program files (x86)\DFX\DFX.exe
AddRemove-The Elder Scrolls IV: Oblivion GOTY Deluxe_is1 - c:\program files (x86)\Bethesda Softwork\Oblivion\unins000.exe
AddRemove-{6D87CAD9-9B94-4421-A439-B25F8DE14575} - c:\program files (x86)\InstallShield Installation Information\{6D87CAD9-9B94-4421-A439-B25F8DE14575}\setup.exe
AddRemove-{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF} - c:\program files (x86)\InstallShield Installation Information\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va014]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va014"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-704558250-1836905551-1210022463-1001_Classes\Wow6432Node\CLSID\{6a0441e7-0a41-46ce-b763-ce0a63e46ceb}] [MENTION=83344]Deni[/MENTION]ed: (Full) (Everyone) [MENTION=53985]allo[/MENTION]wed: (Read) (RestrictedCode)
"Model"=dword:0000002c
"Therad"=dword:00000018
"SpecVersion"=dword:00000164
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-704558250-1836905551-1210022463-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] [MENTION=83344]Deni[/MENTION]ed: (Full) (Everyone) [MENTION=53985]allo[/MENTION]wed: (Read) (RestrictedCode)
"scansk"=hex(0):c3,2a,68,ff,b3,ba,54,3e,ff,f5,c3,36,57,67,37,3a,26,06,91,56,df,
63,5e,02,d6,18,5c,9c,4b,1d,56,75,ec,1d,c9,a0,07,e5,72,27,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] [MENTION=83344]Deni[/MENTION]ed: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] [MENTION=83344]Deni[/MENTION]ed: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] [MENTION=83344]Deni[/MENTION]ed: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] [MENTION=83344]Deni[/MENTION]ed: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] [MENTION=83344]Deni[/MENTION]ed: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] [MENTION=83344]Deni[/MENTION]ed: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] [MENTION=83344]Deni[/MENTION]ed: (A) (Users) [MENTION=83344]Deni[/MENTION]ed: (A) (Everyone) [MENTION=53985]allo[/MENTION]wed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] [MENTION=83344]Deni[/MENTION]ed: (A) (Users) [MENTION=83344]Deni[/MENTION]ed: (A) (Everyone) [MENTION=53985]allo[/MENTION]wed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] [MENTION=83344]Deni[/MENTION]ed: (Full) (Everyone)
.
Completion time: 2014-04-20 16:47:21
ComboFix-quarantined-files.txt 2014-04-20 13:47
.
Pre-Run: 61.543.256.064 bytes free
Post-Run: 61.486.702.592 bytes free
.
- - End Of File - - 6C9EA13F60CD0E7B59591B067BD4857E
A36C5E4F47E84449FF07ED3517B43A31
 

SwateR

Rektör
Katılım
19 Nis 2009
Mesajlar
10,169
Reaksiyon puanı
621
Puanları
113
c:\program files (x86)\DFX\DFX.exe

Other Deletions kısmında üstteki yazı var. Yani sildiği dosya. Zararlı veya şüpheli bulduğundan silmiştir.

Files Created from 2014-03-20 to 2014-04-20

Yazan yerde ise o tarihler arasında oluşturulan, yüklenen dosyaları listeliyor.

Diğerleri ise pek önemli değil. Zamanlanan görevler, registry kayıtlarını filan gösteriyor.

Ayrıca sildiği dosyaları C: sürücüsünün içinde Combofix/Quarentina (tam hatırlamıyorum) içine atıyor. Uzantısınıda VIR olarak değiştiriyor.
 

Kenpachi

Profesör
Katılım
23 Haz 2012
Mesajlar
1,590
Reaksiyon puanı
24
Puanları
38
Other Deletions kısmında üstteki yazı var. Yani sildiği dosya. Zararlı veya şüpheli bulduğundan silmiştir.



Yazan yerde ise o tarihler arasında oluşturulan, yüklenen dosyaları listeliyor.

Diğerleri ise pek önemli değil. Zamanlanan görevler, registry kayıtlarını filan gösteriyor.

Ayrıca sildiği dosyaları C: sürücüsünün içinde Combofix/Quarentina (tam hatırlamıyorum) içine atıyor. Uzantısınıda VIR olarak değiştiriyor.

Çok teşekkürler
 

Son mesajlar

Üst