Combofix log bakar mısınız?

19-09-2019, 11:57:03

#1
Diaz

Açık Profil bilgileri

Özel Mesaj Gönder

Diaz tarafından gönderilen tüm mesajları bul

Diaz'ı arkadaş olarak ekle

Platinum
ComboFix 14-10-02.01 - cas 04.10.2014 0:44.12.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1254.90.1055.18.1909.1037 [GMT 3:00]
Running from: c:\users\cas\Desktop\ComboFix-tamindir.exe
AV: Avira Desktop *Enabled/Updated*
SP: Avira Desktop *Enabled/Updated*
SP: Windows Defender *Disabled/Outdated*
.
.
((((((((((((((((((((((((( Files Created from 2014-09-03 to 2014-10-03 )))))))))))))))))))))))))))))))
.
.
2014-10-03 21:53 . 2014-10-03 21:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-10-03 21:53 . 2014-10-03 21:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-03 21:53 . 2014-10-03 21:53 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-10-01 10:12 . 2014-09-25 01:40 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-24 11:05 . 2014-09-09 21:47 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-13 10:20 . 2014-09-13 10:20 3231696 ----a-w- c:\program files\Mozilla Firefox\d3dcompiler_46.dll
2014-09-10 20:52 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 18:46 . 2014-07-07 01:40 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 18:46 . 2014-07-07 01:40 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 18:46 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 18:46 . 2014-08-01 11:35 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 18:46 . 2014-09-05 01:52 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 18:46 . 2014-09-05 01:47 302592 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2014-09-09 12:23 . 2012-04-20 11:46 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-09 12:23 . 2012-01-06 15:13 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-23 01:46 . 2014-08-28 09:01 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 00:42 . 2014-08-28 09:01 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-07-24 23:35 . 2014-07-24 23:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-14 13:58 . 2014-07-14 13:58 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2014-07-14 12:51 . 2013-11-16 00:56 35848 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-14 12:51 . 2013-11-16 00:54 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-07-14 01:42 . 2014-08-13 18:35 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-09 01:29 . 2014-08-13 18:34 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 01:29 . 2014-08-13 18:34 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-01-15 103720]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe" [2008-01-04 222504]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2009-07-31 233472]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-20 8555040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-08-20 751184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 177432]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2012-01-10 177944]
.
c:\users\cas\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-05-07 11:44 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.s ys [x]
R2 Update Greener Web;Update Greener Web;c:\program files\Greener Web\updateGreenerWeb.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-07-24 25600]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\ DrvAgent32.sys [2014-07-14 23456]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominipor t.sys [2012-08-23 14848]
R3 rtsuvc;Realtek USB 2.0 PC Camera;c:\windows\system32\DRIVERS\rtsuvc.sys [2010-02-23 73984]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMo n.sys [2013-10-28 13464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2013-10-02 49152]
R4 AntiVirWebService;Avira Web Koruması;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-08-20 1021520]
S1 Gw;Gw;c:\windows\system32\drivers\Gw.sys [2014-06-16 52928]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.s ys [2013-12-12 37352]
S2 AntiVirSchedulerService;Avira Zamanlayıcı;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-08-20 430160]
S2 GFNEXSrv;GFNEX Service;c:\program files\PHotkey\GFNEXSrv.exe [2010-04-23 133640]
S2 PEGAGFN;PEGAGFN;c:\program files\PHotkey\PEGAGFN.sys [2009-09-11 13320]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-04-15 2533400]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel(R) Ekran İcin Ses;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 232960]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sy s [2010-02-22 66600]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\]
2014-09-25 11:04 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.124\Inst aller\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-04-20 12:23]
.
2014-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-27 12:19]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com.tr/?gfe_rd=cr...QBQ&gws_rd=ssl
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: MiPony ile indir - file://c:\program files\MiPony\Browser\IEContext.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\: NameServer = 198.153.192.1,198.153.194.1
FF - ProfilePath - c:\users\cas\AppData\Roaming\Mozilla\Firefox\Profi les\br5x77kg.default\
FF - prefs.js: browser.startup.homepage - www.google.com
user_pref(security.warn_submit_insecure,false);use r_pref(security.warn_viewing_mixed,false);
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Akamai NetSession Interface - c:\users\cas\AppData\Local\Akamai\netsession_win.e xe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Mac rome d\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\Elevati on]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\LocalSe rver32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash Ut il32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\TypeLib]
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\\Pro xyStubClsid32]
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\\Typ eLib]
@=""
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-04 00:56:56
ComboFix-quarantined-files.txt 2014-10-03 21:56
ComboFix2.txt 2014-04-06 21:18
ComboFix3.txt 2014-02-13 21:40
ComboFix4.txt 2013-10-28 12:38
ComboFix5.txt 2014-10-03 21:42
.
Pre-Run: 68.048.093.184 bayt boş
Post-Run: 67.896.803.328 bayt boş
.
- - End Of File - - C92B2E3172B297399D39A65469BB1008
A36C5E4F47E84449FF07ED3517B43A31
__________________