Hijackthis ve Combofix Log'uma bakarmısınız

19-09-2019, 11:55:48

#1
Diaz

Açık Profil bilgileri

Özel Mesaj Gönder

Diaz tarafından gönderilen tüm mesajları bul

Diaz'ı arkadaş olarak ekle

Platinum
HiJAK

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:14, on 29.10.2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Users\OKANCA~1\AppData\Local\Temp\~nsu.tmp\Au_. exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Users\Okan Calıskan\Downloads\tdsskiller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\: NameServer = 8.8.8.8,8.8.4.4
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Guncelleme Hizmeti (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Guncelleme Hizmeti (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Servisi (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6147 bytes

__________________________________________________ ___________

ComboFix 14-10-27.01 - Okan Calıskan 29.10.2014 10:39:39.1.4 - x64
Microsoft Windows 7 Home Basic 6.1.7601.1.1254.90.1055.18.4094.3010 [GMT 2:00]
Running from: c:\users\Okan Cal²skan\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated*
.
.
((((((((((((((((((((((((( Files Created from 2014-09-28 to 2014-10-29 )))))))))))))))))))))))))))))))
.
.
2014-10-29 08:43 . 2014-10-29 08:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-27 18:37 . 2014-10-27 18:37 -------- d-----w- c:\program files\CCleaner
2014-10-22 17:56 . 2014-10-22 17:56 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-10-22 17:56 . 2014-10-22 17:56 -------- d-----r- c:\program files (x86)\Skype
2014-10-22 17:56 . 2014-10-22 17:56 -------- d-----w- c:\programdata\Skype
2014-10-22 13:59 . 2014-10-27 18:38 -------- d-----w- c:\windows\Panther
2014-10-22 13:58 . 2014-10-22 13:58 -------- d-----w- C:\Boot
2014-10-22 13:41 . 2014-10-22 13:41 -------- d-----w- c:\programdata\ATI
2014-10-22 13:41 . 2014-10-22 13:41 -------- d-----w- c:\programdata\AMD
2014-10-22 13:41 . 2014-10-22 13:41 -------- d-----w- c:\program files (x86)\AMD AVT
2014-10-22 13:41 . 2014-10-22 13:41 -------- d-----w- c:\program files (x86)\AMD APP
2014-10-22 13:41 . 2014-10-22 13:41 -------- d-----w- c:\program files\Common Files\ATI Technologies
2014-10-22 13:41 . 2014-10-22 13:41 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2014-10-22 13:40 . 2014-10-22 13:40 -------- d-----w- c:\program files\ATI
2014-10-22 13:40 . 2014-10-22 13:40 -------- d-----w- c:\program files (x86)\ATI Technologies
2014-10-22 13:40 . 2014-10-22 13:41 -------- d-----w- c:\program files\ATI Technologies
2014-10-22 13:40 . 2014-10-22 13:40 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2014-10-22 13:40 . 2014-10-22 13:40 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-10-22 13:40 . 2014-10-22 13:40 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-10-22 13:40 . 2014-10-22 13:40 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-10-22 13:40 . 2014-10-22 13:40 95760 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2014-10-22 13:40 . 2014-10-22 13:40 64000 ----a-w- c:\windows\system32\coinst.dll
2014-10-22 13:40 . 2014-10-22 13:40 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2014-10-22 13:38 . 2014-10-22 13:38 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-10-22 13:38 . 2014-10-22 13:38 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2014-10-22 13:38 . 2014-10-22 13:38 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2014-10-22 13:38 . 2014-10-22 13:38 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-10-22 13:38 . 2014-10-22 13:38 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2014-10-22 13:38 . 2014-10-22 13:38 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-10-22 13:38 . 2014-10-22 13:38 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-10-22 13:38 . 2014-10-22 13:38 118784 ----a-w- c:\windows\system32\atibtmon.exe
2014-10-22 13:32 . 2009-09-04 14:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2014-10-22 13:25 . 2014-10-22 13:31 -------- d-----w- c:\program files\TeamSpeak 3 Client
2014-10-22 13:19 . 2014-10-28 04:59 -------- d-sh--w- c:\windows\Installer
2014-10-22 13:14 . 2014-10-22 13:15 -------- d-----w- c:\program files (x86)\Google
2014-10-22 13:13 . 2014-10-22 13:13 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-22 13:13 . 2014-10-22 13:13 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-22 13:13 . 2014-10-22 13:13 -------- d-----w- c:\windows\SysWow64\Macromed
2014-10-22 13:12 . 2014-10-22 13:12 -------- d-----w- c:\windows\system32\Macromed
2014-10-22 13:09 . 2014-10-22 13:12 -------- d-----w- c:\program files (x86)\Common Files\Steam
2014-10-22 13:09 . 2014-10-29 08:36 -------- d-----w- c:\program files (x86)\Steam
2014-10-22 13:07 . 2014-10-22 13:07 -------- d-----w- c:\users\Okan Calıskan
2014-10-22 13:07 . 2014-10-22 13:07 -------- d-sh--we c:\programdata\Sık Kullanılanlar
2014-10-22 13:07 . 2014-10-22 13:07 -------- d-sh--we c:\programdata\Belgeler
2014-10-22 13:07 . 2014-10-22 13:07 -------- d-----w- C:\Recovery
2014-10-22 13:07 . 2014-10-22 13:07 -------- d-sh--we c:\users\Default\Belgelerim
2014-10-22 13:02 . 2014-10-22 13:02 0 ----a-w- c:\windows\ativpsrm.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2014-10-26 14:08 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2014-10-26 14:08 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2014-10-26 14:08 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll
2014-10-26 14:08 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll
2014-10-26 14:08 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2014-10-22 13:40 . 2009-07-13 21:59 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-10-22 13:40 . 2009-07-13 21:59 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-10-22 13:39 . 2009-07-13 21:59 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2014-08-15 21:35 . 2014-08-15 21:35 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll
2014-08-15 21:35 . 2014-08-15 21:35 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71 b083fc0973\user32.dll
[-] 2014-10-26 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2014-10-26 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c 02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\ windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c :\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe;c: \windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\window s\SYSNATIVE\atiesrxx.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c :\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Surucusu;c:\windows\system32\DRIVERS\Rt64win7.sys; c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VS TBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VS TDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVER S\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNX T6.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\]
2014-10-27 19:21 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Inst aller\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2014-10-22 13:13]
.
2014-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22 13:14]
.
2014-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22 13:14]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.tr
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\: NameServer = 8.8.8.8,8.8.4.4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Mac rome d\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\Elevati on]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\LocalSe rver32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash Ut il64_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\TypeLib]
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\\Pro xyStubClsid32]
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\\Typ eLib]
@=""
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Mac rome d\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash Ut il32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\TypeLib]
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash 32 _15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash 32 _15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\TypeLib]
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash 32 _15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash 32 _15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\TypeLib]
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\\ProxyStubClsid32]
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\\TypeLib]
@=""
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-29 10:45:05
ComboFix-quarantined-files.txt 2014-10-29 08:45
.
Pre-Run: 122.588.848.128 bayt boş
Post-Run: 122.208.751.616 bayt boş
.
- - End Of File - - 43A3919890920588F4734F124B73812D
A36C5E4F47E84449FF07ED3517B43A31

Yardımcı olacak arkadaşlara şimdiden teşekkurler
__________________