ReadBull.net - Mesaj - Net problemi ya da Genel virus Combofix &Hijack this loglarıma lutfen bakın

Konu: Net problemi ya da Genel virus Combofix &Hijack this loglarıma lutfen bakın

19-09-2019, 12:33:14

#0
MI6

Açık Profil bilgileri

Özel Mesaj Gönder

MI6 tarafından gönderilen tüm mesajları bul

MI6'ı arkadaş olarak ekle

Kayıtlı Üye
Herkese selam..

Windows 7 64bit işletim sistemi kullanıyorum.. makina 1 senelik her turlu kotu amaclı yazılımlara karşı koruma mevcut ancak 2 Nisan 2013 dan beri olan bir hadise arkadaslar bilgisayarı acıyorum hersey calısıyor malware spybot ve bir suru program mevcut hersey stabil calışıyor ta ki net browserlarından herhangi birisini calıştırıp birkac saat gecirene kadar google chrome u kac defa silip kurdum olmadı yandex kurdum o da google chrome database ini kullandığı icin kitleniyor ve sayfaları 2-3 saat sonra sekmeleri duzgun acmamaya baslıyor browserlar calısmayınca hersey cok yavas calısıyor yada tam tersi hersey 2-3 saat sonra yavas calısmaya baslıyor browserlarda bundan etkileniyor da olabilir anlayamıyorum neden oluyor akabinde restart atıyorum hersey normale donuyor orneğin aksam 20.00 de restart attım saat 22:00 23:00 civarına kadar hersey normal net browserlar bilgisayar şakır şukur calışıyor ama ornek vereyim saat 23:00 den sonra kısacası sabaha kadar restart atmadan duramam mutlaka atılır en fazla bahsettiğim sure kadar calışabiliyorum..

kullandığım programlar: kaspersky 2012, malware antibytes, spamfighter, tuneup util.2012.u

not :kaspersky ile iki gundur full scan yaptırıyorum bir tane dahi trojan bulamadı makina tertemiz diye duşunuyorum ama değil birşeyler var eksik taslar var ama cozemiyorum niye boyle oluyor ama bir yada birkac sorun var yoksa boyle yapmıyordu sabahlara kadar nette takılıyordum işlerimi halledebiliyordum restart atmadan 3- 4 gundur işlerim aksamaya basladı restart atmaktan dogru duzgun işlerime konstanre olamıyorum lutfen yardımcı olun...

LOGLAR;

Combofix

ComboFix 13-04-06.02 - STAR 07.04.2013 22:30:51.2.2 - x64
Running from: D:\combofix-15.01-tamindir.exe
AV: Kaspersky Anti-Virus *Disabled/Updated*
SP: Kaspersky Anti-Virus *Disabled/Updated*
SP: Windows Defender *Enabled/Updated*
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\test.txt
c:\windows\iun6002.exe
c:\windows\VM305Cap.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-07 to 2013-04-07 )))))))))))))))))))))))))))))))
.
.
2013-04-07 20:34 . 2013-04-07 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-07 18:46 . 2013-04-07 19:16 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2013-04-07 01:23 . 2013-04-07 01:23 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-05 00:16 . 2013-04-05 00:16 715038 ----a-w- c:\windows\unins001.exe
2013-04-05 00:08 . 2013-04-05 00:08 715038 ----a-w- c:\windows\unins000.exe
2013-04-03 17:41 . 2013-02-16 22:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-04-03 17:25 . 2013-04-03 17:25 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-03 13:52 . 2013-04-03 13:52 125944 ----a-w- c:\program files (x86)\Microsoft Games\Flight Simulator 9\Uninstal_ltbs2010.exe
2013-03-29 02:07 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\\mpengine.dll
2013-03-24 19:47 . 2013-03-24 19:47 -------- d-----w- c:\users\STAR\AppData\Local\vdisp.exe_Url_miy0nf5n vwdvai3zbucaasbiih1jnkii
2013-03-20 15:13 . 2013-03-20 15:13 -------- d-----w- c:\users\STAR\AppData\Roaming\Need for Speed World
2013-03-20 13:09 . 2013-03-20 13:09 -------- d-----w- c:\users\STAR\AppData\Local\Electronic_Arts_Inc
2013-03-15 18:37 . 2012-06-01 22:27 516096 ----a-w- c:\program files (x86)\Microsoft Games\Flight Simulator 9\FS9.EXE
2013-03-15 18:18 . 2012-06-01 22:27 516096 ----a-w- c:\users\STAR\FS9.EXE
2013-03-13 14:41 . 2013-03-13 14:43 -------- d-----w- c:\program files (x86)\FSrealWX
2013-03-11 13:40 . 2013-03-11 13:40 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-11 13:40 . 2013-03-11 13:40 -------- d-----w- c:\program files (x86)\Java
2013-03-11 12:49 . 2013-03-11 12:49 1299305 ----a-w- c:\program files (x86)\Microsoft Games\Flight Simulator 9\unins002.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2013-03-14 11:28 . 2012-04-24 23:12 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-14 11:28 . 2012-04-15 16:52 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-11 13:40 . 2012-07-09 11:57 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-11 13:40 . 2012-04-11 16:13 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-16 23:28 . 2012-04-11 08:37 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-10 22:40 . 2012-04-11 23:27 67599240 ----a-w- c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"CommonToolkitTray"="c:\program files (x86)\Fighters\Tray\FightersTray.exe" [2012-11-13 1405544]
"avp"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-31 206448]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"sfagent"="c:\program files (x86)\Fighters\SPAMfighter\sfagent.exe" [2013-01-15 1460768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\run-]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AMD AVT"=Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files (x86)\AMD AVT\bin\kdbsync.exe" aml
"BigDog305"=c:\windows\VM305_STI.EXE USB PC Camera VC305
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManage r.exe" -launchedbylogin
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2008-10-09 18784]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2012-11-12 1270376]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
R3 hptmv;hptmv;c:\windows\system32\DRIVERS\hptmv.sys [2006-09-18 93472]
R3 MegaSR1;MegaSR1;c:\windows\system32\DRIVERS\MegaSR 1.sys [2008-06-26 453952]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-10-05 729152]
R3 Pnp680;Pnp680;c:\windows\system32\DRIVERS\pnp680.s ys [2007-11-13 80424]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominipor t.sys [2010-11-20 20992]
R3 SI3112r;SI3112r;c:\windows\system32\DRIVERS\SI3112 r.sys [2007-02-01 164656]
R3 SI3114;SI3114;c:\windows\system32\DRIVERS\SI3114.s ys [2006-11-10 99120]
R3 SI3124;SI3124;c:\windows\system32\DRIVERS\SI3124.s ys [2006-11-02 113456]
R3 Si3124r5;Si3124r5;c:\windows\system32\DRIVERS\Si31 24r5.sys [2006-09-20 334640]
R3 Si3531;Si3531;c:\windows\system32\DRIVERS\Si3531.s ys [2007-06-01 330544]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\ synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsus bhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 viamrx64;viamrx64;c:\windows\system32\DRIVERS\viam rx64.sys [2008-04-21 157336]
R3 ViBusX64;ViBusX64;c:\windows\system32\DRIVERS\ViBu sX64.sys [2008-04-15 25240]
R3 ViPrtX64;ViPrtX64;c:\windows\system32\DRIVERS\ViPr tX64.sys [2008-04-15 67224]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2008-05-15 28208]
R3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.s ys [2007-02-02 300800]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-12 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\Drivers\usbVM305.sys [2007-03-08 1541120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-04 283200]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-11-16 238080]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2012-05-18 2370448]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz13 5_x64.sys [2011-09-21 21992]
S2 JWC;Jeppesen Weather Controller Service;c:\program files (x86)\Jeppesen\JWC\JWC.exe [2012-02-23 510512]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files (x86)\Fighters\SPAMfighter\sfus.exe [2013-01-15 216608]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-04-05 2143552]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2012-04-04 24904]
S3 SaiH0BAC;SaiH0BAC;c:\windows\system32\DRIVERS\SaiH 0BAC.sys [2007-09-14 176128]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-01 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\]
2013-04-03 20:56 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Insta ller\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2012-04-24 11:28]
.
2013-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-16 19:56]
.
2013-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-16 19:56]
.
2013-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3385373459-1515440054-4273522146-1000Core.job
- c:\users\STAR\AppData\Local\Google\Update\GoogleUp date.exe [2012-04-11 08:14]
.
2013-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3385373459-1515440054-4273522146-1000UA.job
- c:\users\STAR\AppData\Local\Google\Update\GoogleUp date.exe [2012-04-11 08:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe" [2012-09-20 444904]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.tr
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: Free YouTube to MP3 Converter - c:\users\STAR\AppData\Roaming\DVDVideoSoftIEHelper s\freeyoutubetomp3converter.htm
IE: Microsoft Excel'e &Ver - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\STAR\AppData\Roaming\Mozilla\Firefox\Prof iles\y5i82erh.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup- - start
AddRemove-ALMATY9 V2.0 - c:\windows\iun6002.exe
AddRemove-Alpha_Sim_F4 - c:\windows\iun6002.exe
AddRemove-FS_Real_Time - c:\windows\iun6002.exe
AddRemove-LTFJ_2011 Sabiha Gokcen_Scenery - c:\users\STAR\Desktop\LTFJ\Uninstal_LTFJ2011.exe
AddRemove-TSHKK - Turk Yıldızları Ucağı Beta Versiyon - d:\agali\Uninstal.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Mac rome d\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\\Elevati on]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\\LocalSe rver32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash Ut il64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\\TypeLib]
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\\Pro xyStubClsid32]
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\\Typ eLib]
@=""
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Mac rome d\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash Ut il32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\TypeLib]
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash 32 _11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash 32 _11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\TypeLib]
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash 32 _11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash 32 _11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\TypeLib]
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\\ProxyStubClsid32]
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\\TypeLib]
@=""
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-08 00:01:12
ComboFix-quarantined-files.txt 2013-04-07 21:01
.
Pre-Run: 8.142.745.600 bayt boş
Post-Run: 8.062.377.984 bayt boş
.
- - End Of File - - F594CD3D09AF919BD3554E209E3B022B

**************************************************

Hijack this Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:56:26, on 08.04.2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Users\STAR\AppData\Local\Yandex\YandexBrowser\A pplication\browser.exe
C:\Users\STAR\AppData\Local\Yandex\YandexBrowser\A pplication\22.0.1105.412\crash_service.exe
C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
C:\Users\STAR\AppData\Local\Yandex\YandexBrowser\A pplication\browser.exe
C:\Users\STAR\AppData\Local\Yandex\YandexBrowser\A pplication\browser.exe
C:\Users\STAR\AppData\Local\Yandex\YandexBrowser\A pplication\browser.exe
C:\Users\STAR\AppData\Local\Yandex\YandexBrowser\A pplication\browser.exe
C:\Users\STAR\AppData\Local\Yandex\YandexBrowser\A pplication\browser.exe
C:\Users\STAR\AppData\Local\Yandex\YandexBrowser\A pplication\browser.exe
C:\Users\STAR\AppData\Local\Yandex\YandexBrowser\A pplication\browser.exe
C:\Users\STAR\AppData\Local\Yandex\YandexBrowser\A pplication\browser.exe
C:\Users\STAR\AppData\Local\Yandex\YandexBrowser\A pplication\browser.exe
C:\Users\STAR\AppData\Local\Yandex\YandexBrowser\A pplication\browser.exe
C:\Users\STAR\AppData\Local\Yandex\YandexBrowser\A pplication\browser.exe
C:\Users\STAR\AppData\Local\Yandex\YandexBrowser\A pplication\browser.exe
C:\Users\STAR\AppData\Local\Yandex\YandexBrowser\A pplication\browser.exe
C:\Users\STAR\AppData\Local\Yandex\YandexBrowser\A pplication\browser.exe
C:\Users\STAR\AppData\Local\Yandex\YandexBrowser\A pplication\browser.exe
C:\Users\STAR\AppData\Local\Yandex\YandexBrowser\A pplication\browser.exe
C:\Users\STAR\AppData\Local\Yandex\YandexBrowser\A pplication\browser.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Oturum Acma Yardım Aracı - - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
O4 - HKLM\..\Run: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_30E5C890F0F212C47A3B4D5C243 205F9] "C:\Users\STAR\AppData\Local\Yandex\YandexBrow ser\ Application\browser.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Local Service')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Local Service')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\STAR\AppData\Roaming\DVDVideoSoftIEHelper s\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: OneNote'a Gonder - - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&onder - - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Skype Click to Call - - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Google Guncelleme Hizmeti (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Guncelleme Hizmeti (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Jeppesen Weather Controller Service (JWC) - Jeppesen - C:\Program Files (x86)\Jeppesen\JWC\JWC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files (x86)\Fighters\FighterSuiteService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13204 bytes
__________________