hacı sen combofix le bir taratsana virüsten şüpheleniyorum.
İndirip tarattım sonuç aşağıda.
ComboFix 11-01-11.03 - 'yLMz'® 12.01.2011 19:47:11.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1254.90.1055.18.1022.453 [GMT 2:00]
Running from: c:\users\'yLMz'®\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\etc\hosts.exe
.
((((((((((((((((((((((((( Files Created from 2010-12-12 to 2011-01-12 )))))))))))))))))))))))))))))))
.
2011-01-12 17:53 . 2011-01-12 17:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-10 18:04 . 2010-05-12 15:02 22856 ----a-w- c:\windows\system32\dopdfmn7.dll
2011-01-10 18:04 . 2010-05-12 15:02 19784 ----a-w- c:\windows\system32\dopdfmi7.dll
2011-01-10 18:04 . 2011-01-10 18:04 -------- d-----w- c:\program files\Softland
2011-01-05 18:55 . 2011-01-05 18:55 7168 ----a-w- c:\windows\system32\drivers\utezmzaz.sys
2011-01-05 18:54 . 2011-01-05 18:54 -------- d-----w- c:\programdata\Kaspersky Lab
2011-01-04 17:17 . 2011-01-04 17:18 -------- d-----w- c:\windows\W7SBC
2011-01-04 17:17 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer_edit_w7sbc.exe
2011-01-04 17:17 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer_backup_w7sbc.exe
2011-01-04 17:17 . 2009-10-31 05:45 2131456 ----a-w- c:\windows\explorer.exe
2011-01-03 12:18 . 2011-01-03 12:18 -------- d-----w- c:\windows\Sun
2011-01-03 12:17 . 2011-01-03 12:17 -------- d-----w- c:\program files\Common Files\Java
2011-01-03 12:17 . 2011-01-03 12:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-03 12:17 . 2011-01-03 12:17 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-03 12:17 . 2011-01-03 12:17 -------- d-----w- c:\program files\Java
2010-12-31 15:29 . 2010-07-28 17:10 1380352 ----a-w- c:\windows\system32\rapture3d_oal.dll
2010-12-31 15:29 . 2010-03-01 18:51 17686528 ----a-w- c:\windows\system32\mkl_blueripple.dll
2010-12-31 15:29 . 2010-12-31 15:29 -------- d-----w- c:\program files\BRS
2010-12-31 15:27 . 2011-01-01 13:51 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-12-31 15:27 . 2010-12-31 15:27 -------- d-----w- c:\windows\system32\xlive
2010-12-28 23:20 . 2010-12-28 23:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-12-28 23:20 . 2010-12-28 23:20 543040 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-27 22:45 . 2009-07-14 01:16 249856 ----a-w- c:\windows\system32\uxtheme.dll.backup
2010-12-27 22:45 . 2009-07-14 01:16 2755072 ----a-w- c:\windows\system32\themeui.dll.backup
2010-12-27 22:45 . 2009-07-14 01:16 37376 ----a-w- c:\windows\system32\themeservice.dll.backup
2010-12-23 11:47 . 2010-12-23 11:49 -------- d-----w- c:\users\'yLMz'®\AppData\Local\VDownloader
2010-12-23 11:47 . 2010-12-23 11:49 -------- d-----w- c:\users\'yLMz'®\AppData\Roaming\VDownloader
2010-12-23 11:47 . 2010-12-23 11:47 -------- d-----w- c:\program files\WinPcap
2010-12-23 11:47 . 2010-01-26 16:11 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2010-12-23 11:47 . 2010-12-23 11:49 -------- d-----w- c:\program files\VDownloader
2010-12-23 11:45 . 2010-12-23 11:45 -------- d-----w- c:\program files\YouTube Video Downloader
2010-12-23 09:42 . 2010-12-23 09:44 -------- d-----w- c:\users\'yLMz'®\AppData\Local\Google
2010-12-23 09:42 . 2010-12-23 09:42 -------- d-----w- c:\users\'yLMz'®\AppData\Local\Apps
2010-12-23 09:42 . 2010-12-23 09:42 -------- d-----w- c:\users\'yLMz'®\AppData\Local\Deployment
2010-12-15 17:46 . 2010-12-15 17:56 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2010-12-14 18:33 . 2010-12-14 18:34 -------- d-----w- c:\users\'yLMz'®\AppData\Roaming\FileZilla
2010-12-14 18:33 . 2010-12-14 18:33 -------- d-----w- c:\program files\FileZilla FTP Client
2010-12-14 18:18 . 2010-12-14 18:18 -------- d-----w- c:\programdata\FlashFXP
2010-12-13 22:12 . 2011-01-03 12:18 -------- d-----w- c:\users\'yLMz'®\AppData\Roaming\mIRC
2010-12-13 22:12 . 2011-01-03 12:13 -------- d-----w- c:\program files\mIRC
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-31 15:29 . 2010-11-09 14:44 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-31 15:29 . 2010-11-09 14:44 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-27 22:45 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2010-12-27 22:45 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\system32\themeui.dll
2010-12-27 22:45 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2010-11-27 10:39 . 2010-11-27 10:39 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-11-22 10:23 . 2010-11-22 10:23 8192 ----a-w- c:\windows\system32\srvany.exe
2010-11-10 04:33 . 2010-12-03 15:41 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3177FAD3-DD33-4C6D-BC2B-CE54AD31B55D}\mpengine.dll
2010-10-19 08:41 . 2010-11-05 17:16 222080 ------w- c:\windows\system32\MpSigStub.exe
.
------- Sigcheck -------
[-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[-] 2009-10-31 . 7229644C05B49C477741903CB9E487D2 . 2131456 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe" [2010-11-09 12001224]
"Google Update"="c:\users\'yLMz'®\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-23 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Antivirus"="c:\program files\USB Disk Security\RunUSBGuard.exe" [2010-06-04 91040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-05-25 37888]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]
"BigDog303"="c:\windows\VM303_STI.EXE" [2006-01-24 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"VC10Player"="c:\program files\Virtual CD v10\System\VC10Play.exe" [2010-11-01 411464]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-12-10 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\users\'yLMz'©\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Ekran Krpc ve Balatc.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
Windows Library.lnk - c:\windows\System32\drivers\etc\hosts.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2010-11-22 8192]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\oyunlar\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2010-03-10 13952]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 utezmzaz;AVZ Kernel Driver;c:\windows\system32\Drivers\utezmzaz.sys [2011-01-05 7168]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-05 1343400]
S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [2010-05-21 186392]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 VC10SecS;Virtual CD v10 Management Service;c:\program files\Virtual CD v10\System\VC10SecS.exe [2010-11-01 144712]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2007-06-23 480128]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
S3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\Drivers\usbVM303.sys [2007-05-15 1472768]
.
Contents of the 'Scheduled Tasks' folder
2011-01-12 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
2010-12-24 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
2010-12-13 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
2011-01-08 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.tr/
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: OneNote'a G&önder - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: {525D470F-BAA1-4F32-99E1-208A313940B0} = 156.154.70.1,156.154.71.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\'yLMz'®\AppData\Roaming\Mozilla\Firefox\Profiles\ajynorte.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tr/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FastestFox:
[email protected] - %profile%\extensions\
[email protected]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrv1000]
"ImagePath"="system32\DRIVERS\vdrv1000.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-12 19:55:41
ComboFix-quarantined-files.txt 2011-01-12 17:55
Pre-Run: 12.918.296.576 bayt boş
Post-Run: 12.959.907.840 bayt boş
- - End Of File - - D19AE78966B6604224E5ACB081779BD3
evet çakışıyor olabilir bizim mescid'dede namaz kılarken hopörlörlerden şarkı dinliyorduk radyo yani. =)
