ComboFix Log'um. - ReadBull.net

19-09-2019, 12:00:30

#1
Diaz

Açık Profil bilgileri

Özel Mesaj Gönder

Diaz tarafından gönderilen tüm mesajları bul

Diaz'ı arkadaş olarak ekle

Platinum
Kontrol edebilirseniz, teşekkurler.
Alıntı:
ComboFix 14-04-30.01 - win7 04.05.2014 23:51:37.1.1 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1254.90.1055.18.2047.538 [GMT 3:00]
Running from: c:\users\win7\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated*
.
.
((((((((((((((((((((((((( Files Created from 2014-04-04 to 2014-05-04 )))))))))))))))))))))))))))))))
.
.
2014-05-04 20:58 . 2014-05-04 20:58 -------- d-----w- c:\users\Ozdemir\AppData\Local\temp
2014-05-04 20:58 . 2014-05-04 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-04 20:58 . 2014-05-04 20:58 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\\offreg.dll
2014-05-04 15:41 . 2014-05-04 20:57 -------- d-----w- c:\users\win7\AppData\Roaming\TS3Client
2014-05-04 15:19 . 2014-05-04 15:20 -------- d-----w- c:\program files\TeamSpeak 3 Client
2014-05-02 07:57 . 2014-04-17 02:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2014-05-04 11:40 . 2013-12-02 16:37 28160 ----a-w- c:\windows\system32\drivers\oem-drv86.sys
2014-05-03 11:05 . 2014-01-13 14:53 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\UpdateableMarkup-2\Markup.dll
2014-04-29 16:22 . 2013-12-03 14:30 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-29 16:22 . 2013-12-03 14:30 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-16 16:54 . 2013-12-08 16:10 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\UpdateableMarkup\Markup.dll
2014-04-16 16:54 . 2013-12-08 16:10 524624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2014-03-31 06:35 . 2013-12-03 07:16 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-05 17:04 . 2014-01-13 14:53 524624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight-2\SpotlightResources.dll
2014-02-07 01:07 . 2014-03-12 14:36 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04 . 2014-03-12 14:40 509440 ----a-w- c:\windows\system32\qedit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-05-09 1443072]
"USB Security"="c:\program files\USB Disk Security\USBGuard.exe" [2012-07-31 658632]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-12-09 336992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-16 1343400]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
S0 oem-drv86;OEM-SLP2.1 Driver (HPD86);c:\windows\system32\DRIVERS\oem-drv86.sys [2014-05-04 28160]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfw tdir.sys [2008-05-09 33800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdate Svc.exe [2014-04-11 1390720]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-05-15 472320]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\]
2014-04-27 21:02 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Inst aller\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2013-12-03 16:22]
.
2014-05-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1041562677-556272557-941029567-1000Core.job
- c:\users\win7\AppData\Local\Facebook\Update\Facebo okUpdate.exe [2014-03-10 20:02]
.
2014-05-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1041562677-556272557-941029567-1000UA.job
- c:\users\win7\AppData\Local\Facebook\Update\Facebo okUpdate.exe [2014-03-10 20:02]
.
2014-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-03 07:25]
.
2014-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-03 07:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.tr
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\win7\AppData\Roaming\Mozilla\Firefox\Prof iles\q1or6v0l.default\
FF - prefs.js: browser.startup.homepage - www.google.com.tr
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Mac rome d\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\Elevati on]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\LocalSe rver32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash Ut il32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\TypeLib]
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\\Pro xyStubClsid32]
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\\Typ eLib]
@=""
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3644)
c:\program files\Common Files\Ahead\Lib\MediaLibraryNSE.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
.
Completion time: 2014-05-05 00:01:28
ComboFix-quarantined-files.txt 2014-05-04 21:01
.
Pre-Run: 11.756.011.520 bayt boş
Post-Run: 15.577.346.048 bayt boş
.
- - End Of File - - 6A98361A82330C3C8CE9301608EA461B
A36C5E4F47E84449FF07ED3517B43A31

__________________