Combofix le pc mi tarattım.

acabuco4 · 11 Nisan 2009

Arkadaşlar başlıktaki gibi combofixle pc mi tarattım böle bi sonuç geldi burda yazan tüm dosyalar silindimi yani :S

ComboFix 09-04-04.01 - Administrator 2009-04-11 17:04:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.2047.1655 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.

2009-04-08 03:43 . 2009-04-08 03:43 <DIR> d-------- c:\program files\uTorrent
2009-04-08 03:42 . 2009-04-08 04:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\uTorrent
2009-04-06 04:21 . 2009-04-06 04:21 <DIR> d-------- c:\program files\MajorShare
2009-04-06 04:21 . 2009-04-09 18:11 <DIR> d-------- C:\MS Rapid Downloads
2009-04-04 11:52 . 2009-04-04 11:52 2,932,736 --a------ c:\documents and settings\Administrator\BvtLiveTv.exe
2009-04-02 22:36 . 2009-04-02 22:36 <DIR> d-------- c:\program files\Teamspeak2_RC2
2009-03-29 13:26 . 2009-03-29 13:26 <DIR> d-------- c:\program files\Webteh
2009-03-29 13:26 . 2009-03-29 13:27 <DIR> d-------- c:\documents and settings\Administrator\Application Data\BSplayer
2009-03-28 04:28 . 2009-04-07 19:14 <DIR> d-------- c:\program files\sXe Injected
2009-03-26 17:06 . 2009-03-09 16:27 4,178,264 --a------ c:\windows\system32\D3DX9_41.dll
2009-03-26 17:06 . 2009-03-09 16:27 1,846,632 --a------ c:\windows\system32\D3DCompiler_41.dll
2009-03-26 17:06 . 2009-03-16 15:18 517,448 --a------ c:\windows\system32\XAudio2_4.dll
2009-03-26 17:06 . 2009-03-09 16:27 453,456 --a------ c:\windows\system32\d3dx10_41.dll
2009-03-26 17:06 . 2009-03-16 15:18 235,352 --a------ c:\windows\system32\xactengine3_4.dll
2009-03-26 17:06 . 2009-03-16 15:18 69,448 --a------ c:\windows\system32\XAPOFX1_3.dll
2009-03-26 17:06 . 2009-03-16 15:18 22,360 --a------ c:\windows\system32\X3DAudio1_6.dll
2009-03-26 17:04 . 2009-03-26 17:04 <DIR> d-------- c:\program files\CCleaner
2009-03-25 19:53 . 2009-03-25 19:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-24 16:40 . 2009-03-24 16:40 <DIR> d-------- c:\program files\Messenger Plus! Live
2009-03-20 04:14 . 2009-03-20 04:14 <DIR> d--hs---- c:\documents and settings\Administrator\IECompatCache
2009-03-20 04:13 . 2009-03-20 04:13 <DIR> d--hs---- c:\documents and settings\Administrator\PrivacIE
2009-03-20 04:12 . 2009-03-20 04:12 <DIR> d--hs---- c:\documents and settings\NetworkService\IETldCache
2009-03-20 04:12 . 2009-03-20 04:12 <DIR> d--hs---- c:\documents and settings\Administrator\IETldCache
2009-03-20 03:51 . 2009-03-20 03:52 <DIR> d--h-c--- c:\windows\ie8
2009-03-19 10:10 . 2009-02-25 16:15 593,920 --------- c:\windows\system32\ati2sgag.exe
2009-03-19 10:05 . 2009-03-19 10:05 <DIR> d-------- c:\program files\Defraggler

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 11:09 --------- d-----w c:\program files\a-squared Free
2009-04-07 11:52 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 12:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 12:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 08:59 --------- d-----w c:\documents and settings\Administrator\Application Data\teamspeak2
2009-03-29 10:34 --------- d-----w c:\program files\Java
2009-03-27 06:32 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
2009-03-27 06:00 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-14 05:52 --------- d-----w c:\program files\Common Files\Adobe
2009-03-09 02:19 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 02:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 45,568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:31 34,816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-02-26 07:54 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-26 07:51 --------- d-----w c:\documents and settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-02-25 22:58 3,565,568 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 21:42 442,368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-25 21:41 325,120 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-25 21:30 204,800 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-25 21:30 11,841,536 ----a-w c:\windows\system32\atioglxx.dll
2009-02-25 21:29 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-25 21:29 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-25 21:29 155,648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-25 21:29 155,648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-25 21:27 602,112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-25 21:26 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-25 21:16 3,817,984 ----a-w c:\windows\system32\ati3duag.dll
2009-02-25 21:09 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-25 20:59 2,670,080 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-25 20:44 49,664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-25 20:40 475,136 ----a-w c:\windows\system32\atikvmag.dll
2009-02-25 20:38 17,408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-25 20:38 126,976 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-25 20:37 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-25 20:35 290,816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-25 20:32 626,688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-25 20:32 45,056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-25 20:32 45,056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-25 20:30 3,227,648 ----a-w c:\windows\system32\aticaldd.dll
2009-02-24 06:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-16 03:57 --------- d-----w c:\documents and settings\Administrator\Application Data\Leadertech
2009-02-13 22:36 --------- d-----w c:\program files\NOS
2009-02-13 22:36 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-02-13 15:19 --------- d-----w c:\program files\Adobe Reader 9 Installer
2009-02-13 07:28 --------- d-----w c:\program files\K-Lite Codec Pack
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 14:05 1,846,784 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"CameraFixer"="c:\windows\CameraFixer.exe" [2005-10-03 20480]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-11-04 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 c:\windows\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\alcwzrd.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\oyunlarım\\Valve\\hl.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"d:\\oyunlarım\\Softnyx\\WolfTeam\\Wolfteam.bin"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\oyunlarım\\alaplaya\\S4League\\S4Client.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"d:\\oyunlarım\\Counter-Strike Source\\hl2.exe"=
"d:\\oyunlarım\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\oyunlarım\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"d:\\oyunlarım\\EA Sports\\FIFA 08\\FIFA08.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.tr/
TCP: {FE0ECAFC-C799-4673-A9D4-30659445B111} = 208.67.222.222,208.67.220.220
DPF: {D0BB3ACE-4ED3-4D65-BB86-1A0C6CAF351F} - hxxp://212.175.239.246:81/avaLaunch94.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\in58dcc1.default\
FF - prefs.js: browser.startup.homepage - Google
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 17:05:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-484763869-362288127-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,85,95,d7,3c,20,ee,4b,87,5b,89,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,85,95,d7,3c,20,ee,4b,87,5b,89,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-11 17:06:26
ComboFix-quarantined-files.txt 2009-04-11 14:06:24

Pre-Run: 33.622.474.752 bayt boş
Post-Run: 33,652,101,120 bayt boş

185 --- E O F --- 2009-03-15 13:55:58

Programı kurduktan sonra varsayılan tarayıcım sıfırlandı firefoxu açınca uyarı verdi tekrar ayarladım ve güvenlik duvarım kapandı,tekrar açtım şimdiye kadar 2 tane etkisini gördüm :S şimdi bu rapordaki dosyalara noldu onu merak ediyorum :S

Rom. · 11 Nisan 2009

combofix'le tarttığın an diğer antivirüs programlarını kapattıysan herhangi bi aksalklık olmamıştır ama sen yine de bi güvenli modda açıp tarat bilgisayarı çünkü bormal oturumda faaliyette olan virüs, solucan v.b mahluklar çalıştığı için silinmemiş de olabiliyor...

acabuco4 · 11 Nisan 2009

RoMaNTiC ReBeLLiOuS dedi ki:
combofix'le tarttığın an diğer antivirüs programlarını kapattıysan herhangi bi aksalklık olmamıştır ama sen yine de bi güvenli modda açıp tarat bilgisayarı çünkü bormal oturumda faaliyette olan virüs, solucan v.b mahluklar çalıştığı için silinmemiş de olabiliyor...

ya bnm virüs şikayetim yoktu ölesine canım sıkıldı taratıyım dedim,bu sonuç çıktı ? şimdi orda yazılan tüm exeler dll ler fln silindimi ?

Darknes$ · 11 Nisan 2009

acabuco4 dedi ki:
ya bnm virüs şikayetim yoktu ölesine canım sıkıldı taratıyım dedim,bu sonuç çıktı ? şimdi orda yazılan tüm exeler dll ler fln silindimi ?

Hayır,Raporda Şuan çalışan program vs. ve System32 dosyasindaki exe. , dll'leri ve bunların hangi tarihler arasıdna kurulduğu gösteriyor

Silinen birşey olsaydi Deletions diye yazardi.

acabuco4 · 11 Nisan 2009

Darknes$ dedi ki:
Hayır,Raporda Şuan çalışan program vs. ve System32 dosyasindaki exe. , dll'leri ve bunların hangi tarihler arasıdna kurulduğu gösteriyor

Silinen birşey olsaydi Deletions diye yazardi.

peki varsayılan tarayıcım neden değişti ve güvenlik duvarım ndn kapandı ?

PC MERAKLISI · 11 Nisan 2009

sadece nereleri taradıgını göstermiş o kadar

bende geçen bi tarattım avmo virüsünü(gizli klasörleri engelleyen virüs )temizledim

Darknes$ · 11 Nisan 2009

acabuco4 dedi ki:
peki varsayılan tarayıcım neden değişti ve güvenlik duvarım ndn kapandı ?

Combofix ile tarama yaptırdığında Antivirüsünün kapalı olmasi gerekir Combofix tarama yaptığı sırada antivürüsünü devre dışı bırakmıştır, Güvenlik merkezi uyari vermiştir.

Tarayıcı ise sadece değil herkesde oluyor.Masaüstüne İe'simgesini getiriyor.

Sorun yok yani......

tonce · 11 Nisan 2009

Combo Fix'i hiç sevemedim ben şimdiye kadar sistemileri ne zaman taratsam hepi kıyameti kopardı birşey vamış gibi. Amvo Kill bu konularda daha başarılı. Gizli klasötleri gösterme, HDD birlikte aç hatsı giderme, HDD ayrı pencerelerde açılma hatası gibi hatalara birebir ve kurulum gerektirmeyen anında çözüm.

NikeSteeL · 11 Nisan 2009

Windows u Korsan Ayarlar Uygulamasından Etkilenmesin Die Varsayılan Tarayıcı Gibi Değerleri Sıfırlıyor DNS kullanıyorsan Kapatıyor.!!

NikeSteeL · 11 Nisan 2009

2009-03-26 17:06 . 2009-03-16 15:18 517,448 --a------ c:\windows\system32\XAudio2_4.dll
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
Bunları Fix'Le

Combofix le pc mi tarattım.

acabuco4

Profesör

Rom.

Rektör

acabuco4

Profesör

Darknes$

Rektör

acabuco4

Profesör

PC MERAKLISI

Dekan

Darknes$

Rektör

tonce

Profesör

NikeSteeL

Dekan

NikeSteeL

Dekan

Benzer konular

SDN Haberleri

Son mesajlar

Forum istatistikleri

Sosyal ağlar