Hijackthis Logum - ReadBull.net

19-09-2019, 12:31:20

#1
MI6

Açık Profil bilgileri

Özel Mesaj Gönder

MI6 tarafından gönderilen tüm mesajları bul

MI6'ı arkadaş olarak ekle

Kayıtlı Üye
Problem var mı yok mu kontrol ederseniz sevinirim. Teşekkurler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:14, on 24.04.2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-21-931720473-2086657933-1607969013-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-931720473-2086657933-1607969013-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: Butun linkleri IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Guncelleme Hizmeti (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Guncelleme Hizmeti (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5693 bytes

Combofix Logum

ComboFix 13-04-24.03 - HAKAN 24.04.2013 20:17:18.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1254.90.1055.18.8156.6850 [GMT 3:00]
Running from: c:\users\HAKAN\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated*
.
.
((((((((((((((((((((((((( Files Created from 2013-03-24 to 2013-04-24 )))))))))))))))))))))))))))))))
.
.
2013-04-24 17:18 . 2013-04-24 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-24 17:16 . 2013-04-24 17:16 -------- d-----w- c:\program files (x86)\Trend Micro
2013-04-24 15:26 . 2010-06-02 01:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2013-04-24 15:26 . 2010-06-02 01:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2013-04-24 15:26 . 2010-05-26 08:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2013-04-24 15:26 . 2010-05-26 08:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2013-04-24 15:26 . 2007-04-04 15:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2013-04-24 15:01 . 2008-05-30 11:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll
2013-04-24 15:01 . 2008-05-30 11:11 3850760 ----a-w- c:\windows\SysWow64\D3DX9_38.dll
2013-04-24 15:01 . 2013-04-24 15:01 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2013-04-24 15:00 . 2013-04-24 15:00 -------- d-----w- c:\users\hedev
2013-04-24 13:40 . 2013-04-24 13:40 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2013-04-24 11:36 . 2013-04-24 14:42 -------- d-----w- c:\windows\Panther
2013-04-24 11:36 . 2013-04-24 11:36 -------- d-----w- C:\Boot
2013-04-24 11:24 . 2013-04-24 11:25 -------- d-----w- c:\program files (x86)\Google
2013-04-24 11:19 . 2013-04-24 11:19 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\\offreg.dll
2013-04-24 11:17 . 2013-04-24 11:17 -------- d-----w- c:\program files\Frameworkx
2013-04-24 11:11 . 2013-04-24 11:11 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-04-24 11:11 . 2013-04-24 11:11 -------- d-----w- c:\users\UpdatusUser
2013-04-24 11:11 . 2013-04-24 11:11 -------- d-----w- c:\programdata\NVIDIA
2013-04-24 11:11 . 2013-04-19 02:46 6488352 ----a-w- c:\windows\system32\nvcpl.dll
2013-04-24 11:11 . 2013-04-19 02:46 3511072 ----a-w- c:\windows\system32\nvsvc64.dll
2013-04-24 11:11 . 2013-04-19 02:46 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-04-24 11:11 . 2013-04-19 02:46 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-04-24 11:11 . 2013-04-19 02:46 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-04-24 11:11 . 2013-04-19 02:46 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-04-24 11:11 . 2013-04-17 17:30 3122645 ----a-w- c:\windows\system32\nvcoproc.bin
2013-04-24 11:11 . 2013-04-24 11:11 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-04-24 11:05 . 2013-04-17 03:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\\mpengine.dll
2013-04-24 11:03 . 2013-02-21 10:14 19230208 ----a-w- c:\windows\system32\mshtml.dll
2013-04-24 11:00 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2013-04-24 11:00 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2013-04-24 11:00 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-24 11:00 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-24 11:00 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-24 11:00 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-24 11:00 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-24 11:00 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-24 11:00 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-24 11:00 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-24 11:00 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-24 10:50 . 2013-04-24 10:50 -------- d-----w- c:\programdata\IDM
2013-04-24 10:49 . 2012-08-07 07:09 88832 ----a-w- c:\windows\system32\drivers\EtronXHCI.sys
2013-04-24 10:49 . 2012-08-07 07:09 65152 ----a-w- c:\windows\system32\drivers\EtronHub3.sys
2013-04-24 10:49 . 2013-04-24 10:49 -------- d-----w- c:\program files (x86)\Etron Technology
2013-04-24 10:49 . 2013-04-24 10:50 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-24 10:49 . 2013-04-24 10:50 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-24 10:49 . 2013-04-24 10:49 -------- d-----w- c:\windows\SysWow64\Macromed
2013-04-24 10:49 . 2013-04-24 10:49 -------- d-----w- c:\windows\system32\Macromed
2013-04-24 10:48 . 2013-04-24 10:48 -------- d-----w- c:\windows\Sun
2013-04-24 10:48 . 2013-04-24 10:48 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-24 10:48 . 2013-04-24 10:48 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-24 10:48 . 2013-04-24 10:48 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-24 10:48 . 2013-04-24 10:48 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-24 10:48 . 2013-04-24 10:48 -------- d-----w- c:\program files (x86)\Java
2013-04-24 10:47 . 2013-04-24 10:47 -------- d-----w- c:\windows\SysWow64\Adobe
2013-04-24 10:46 . 2013-04-24 10:46 -------- d-----w- c:\program files (x86)\Intel
2013-04-24 10:46 . 2011-02-28 05:09 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2013-04-24 10:46 . 2013-04-24 10:46 -------- d-----w- C:\Intel
2013-04-24 10:46 . 2013-04-24 10:46 -------- d-----w- c:\program files (x86)\Nero
2013-04-24 10:46 . 2013-04-24 10:46 -------- d-----w- c:\program files (x86)\Common Files\Nero
2013-04-24 10:44 . 2013-04-24 10:44 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2013-04-24 10:44 . 2013-04-24 10:49 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2013-04-24 10:44 . 2013-04-24 10:44 -------- d-----w- c:\program files\WinRAR
2013-04-24 10:44 . 2013-04-24 10:44 -------- d-----w- C:\NVIDIA
2013-04-24 10:41 . 2013-04-24 10:46 -------- d-----w- c:\users\HAKAN
2013-04-24 10:40 . 2013-04-24 10:40 -------- d-sh--we c:\users\Default\Belgelerim
2013-04-24 10:40 . 2013-04-24 10:40 -------- d-sh--we c:\programdata\Sık Kullanılanlar
2013-04-24 10:40 . 2013-04-24 10:40 -------- d-sh--we c:\programdata\Belgeler
2013-04-24 10:40 . 2013-04-24 10:40 -------- d-----w- C:\Recovery
2013-04-18 19:16 . 2013-04-18 19:16 563488 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-04-05 11:43 . 2013-04-05 11:32 166576 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2013-03-15 09:54 . 2013-03-15 09:54 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-15 09:54 . 2013-03-15 09:54 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-15 09:54 . 2013-03-15 09:54 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-15 09:54 . 2013-03-15 09:54 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-15 09:54 . 2013-03-15 09:54 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-15 09:54 . 2013-03-15 09:54 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-15 09:54 . 2013-03-15 09:54 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-15 09:54 . 2013-03-15 09:54 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-15 09:54 . 2013-03-15 09:54 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-15 09:54 . 2013-03-15 09:54 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-15 09:54 . 2013-03-15 09:54 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-15 09:54 . 2013-03-15 09:54 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-15 09:54 . 2013-03-15 09:54 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-15 09:54 . 2013-03-15 09:54 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-15 09:54 . 2013-03-15 09:54 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-15 09:54 . 2013-03-15 09:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-15 09:54 . 2013-03-15 09:54 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-15 09:54 . 2013-03-15 09:54 441856 ----a-w- c:\windows\system32\html.iec
2013-03-15 09:54 . 2013-03-15 09:54 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-15 09:54 . 2013-03-15 09:54 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-15 09:54 . 2013-03-15 09:54 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-15 09:54 . 2013-03-15 09:54 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-15 09:54 . 2013-03-15 09:54 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-15 09:54 . 2013-03-15 09:54 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-15 09:54 . 2013-03-15 09:54 235008 ----a-w- c:\windows\system32\url.dll
2013-03-15 09:54 . 2013-03-15 09:54 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-15 09:54 . 2013-03-15 09:54 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-15 09:54 . 2013-03-15 09:54 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-15 09:54 . 2013-03-15 09:54 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-15 09:54 . 2013-03-15 09:54 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-15 09:54 . 2013-03-15 09:54 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-15 09:54 . 2013-03-15 09:54 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-15 09:54 . 2013-03-15 09:54 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-15 09:54 . 2013-03-15 09:54 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-15 09:54 . 2013-03-15 09:54 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-15 09:54 . 2013-03-15 09:54 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-15 09:54 . 2013-03-15 09:54 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-15 09:54 . 2013-03-15 09:54 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-15 09:54 . 2013-03-15 09:54 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-15 09:54 . 2013-03-15 09:54 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-15 09:54 . 2013-03-15 09:54 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-15 09:54 . 2013-03-15 09:54 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-15 09:54 . 2013-03-15 09:54 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-15 09:54 . 2013-03-15 09:54 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-15 09:54 . 2013-03-15 09:54 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-15 09:54 . 2013-03-15 09:54 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-15 09:54 . 2013-03-15 09:54 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-15 09:54 . 2013-03-15 09:54 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-15 09:54 . 2013-03-15 09:54 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-15 09:53 . 2013-03-15 09:53 96768 ----a-w- c:\windows\system32\fsutil.exe
2013-03-15 09:53 . 2013-03-15 09:53 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2013-03-15 09:53 . 2013-03-15 09:53 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2013-03-15 09:53 . 2013-03-15 09:53 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2013-03-15 09:53 . 2013-03-15 09:53 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2013-03-15 09:53 . 2013-03-15 09:53 2565632 ----a-w- c:\windows\system32\esent.dll
2013-03-15 09:53 . 2013-03-15 09:53 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2013-03-15 09:53 . 2013-03-15 09:53 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2013-03-15 09:53 . 2013-03-15 09:53 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2013-03-15 09:53 . 2013-03-15 09:53 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2013-03-15 09:53 . 2013-03-15 09:53 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2013-03-15 09:53 . 2013-03-15 09:53 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-15 09:53 . 2013-03-15 09:53 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2013-03-15 09:53 . 2013-03-15 09:53 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-03-15 09:53 . 2013-03-15 09:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-03-15 09:53 . 2013-03-15 09:53 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-03-15 09:53 . 2013-03-15 09:53 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-15 09:53 . 2013-03-15 09:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-03-15 09:53 . 2013-03-15 09:53 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-03-15 09:52 . 2013-03-15 09:52 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-15 09:52 . 2013-03-15 09:52 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-03-15 09:52 . 2013-03-15 09:52 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-03-15 09:52 . 2013-03-15 09:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-03-15 09:52 . 2013-03-15 09:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-03-15 09:52 . 2013-03-15 09:52 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-03-15 09:52 . 2013-03-15 09:52 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-03-15 09:52 . 2013-03-15 09:52 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-03-15 09:52 . 2013-03-15 09:52 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-03-15 09:52 . 2013-03-15 09:52 800768 ----a-w- c:\windows\system32\usp10.dll
2013-03-15 09:52 . 2013-03-15 09:52 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-03-15 09:52 . 2013-03-15 09:52 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-03-15 09:52 . 2013-03-15 09:52 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-03-15 09:52 . 2013-03-15 09:52 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-03-15 09:52 . 2013-03-15 09:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-03-15 09:52 . 2013-03-15 09:52 2048 ----a-w- c:\windows\system32\tzres.dll
2013-03-15 09:51 . 2013-03-15 09:51 55296 ----a-w- c:\windows\SysWow64\cero.rs
2013-03-15 09:51 . 2013-03-15 09:51 55296 ----a-w- c:\windows\system32\cero.rs
2013-03-15 09:51 . 2013-03-15 09:51 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2013-03-15 09:51 . 2013-03-15 09:51 51712 ----a-w- c:\windows\system32\esrb.rs
2013-03-15 09:51 . 2013-03-15 09:51 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2013-03-15 09:51 . 2013-03-15 09:51 46592 ----a-w- c:\windows\system32\fpb.rs
2013-03-15 09:51 . 2013-03-15 09:51 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2013-03-15 09:51 . 2013-03-15 09:51 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2013-03-15 09:51 . 2013-03-15 09:51 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2013-03-15 09:51 . 2013-03-15 09:51 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2013-03-15 09:51 . 2013-03-15 09:51 441856 ----a-w- c:\windows\system32\Wpc.dll
2013-03-15 09:51 . 2013-03-15 09:51 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2013-03-15 09:51 . 2013-03-15 09:51 43520 ----a-w- c:\windows\system32\csrr.rs
2013-03-15 09:51 . 2013-03-15 09:51 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2013-03-15 09:51 . 2013-03-15 09:51 40960 ----a-w- c:\windows\system32\cob-au.rs
2013-03-15 09:51 . 2013-03-15 09:51 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-04-05 1216834]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominipor t.sys [2013-03-15 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\ synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-03-15 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2013-03-15 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-03-15 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsus bhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-15 1255736]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.s ys [2013-04-05 166576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-04-18 412960]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2012-08-07 65152]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2012-08-07 88832]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sy s [2012-07-19 110744]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - DXGKRNL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\]
2013-04-24 11:25 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Insta ller\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2013-04-24 10:50]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-24 11:24]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-24 11:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ID M Shell Extension]
@=""
[HKEY_CLASSES_ROOT\CLSID\]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.tr
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Butun linkleri IDM ile indir - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: IDM ile indir - c:\program files (x86)\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.2.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Mac rome d\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\Elevati on]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\LocalSe rver32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash Ut il64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\\TypeLib]
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\\Pro xyStubClsid32]
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\\Typ eLib]
@=""
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Mac rome d\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash Ut il32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\TypeLib]
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash 32 _11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash 32 _11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\TypeLib]
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash 32 _11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash 32 _11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\TypeLib]
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\\ProxyStubClsid32]
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\\TypeLib]
@=""
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\\ProxyStubClsid32]
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\\TypeLib]
@=""
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\\ProxyStubClsid32]
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\\TypeLib]
@=""
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\\ProxyStubClsid32]
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\\TypeLib]
@=""
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-24 20:19:25
ComboFix-quarantined-files.txt 2013-04-24 17:19
ComboFix2.txt 2013-04-24 17:11
.
Pre-Run: 96.211.435.520 bayt boş
Post-Run: 96.160.661.504 bayt boş
.
- - End Of File - - 3CB15D24C4E932B60C4AE17EA4AC5B91
__________________