Portable Antivirüs ComboFix (Resimli Anlatım)
Aslında bilgisayarıma bulaşmış olan Framdee.ttf trojenni ile bir kaç gündür bilgisayarımda birlikte yaşarken sonunda ondan kurtulmanın yollunu ararken bir çok kullanmış olduğum antivirüs yazılımları (Norton, avast, antivir, kaspersky) solucanı yakaladı fakat tamamen bir çözüm bulamadı.
Genelde usb disklerimiz için kullandığımız ComboFix yazılımı’nın bir diğer özelliği ise sistem taramasıda yapabilmesi.
Şeklinde bilgisayarınıza ComboFix.exe yi indiriniz.
Portable Olarak veya seçili dosyayı taramasını isterseniz…
Eğer Bilgisayarınızı Taratmak İsterseniz…
Çalışan Tüm Pencerelerinizi ve uygulamalarınızı kapatın, Aynızamanda virüs yazılımlarını geçici olarak devre dışı bırakın
İlk Önce Windows Registry yedeğini alacaktır mutlaka evet demelisiniz…
Daha sonra taramaya devam edecektir…
En son olarak C:\Combofix.txt olarak log dosyasını kaydedecektir…
Bu log dosyasını bu başlığa yorum olarak gönderirseniz daha çok bilgilenmiş ve bilgilendirilmiş olacağız.
Benim Bir Kaç Kullanımda Tespit edip yakaladığım Trojen ve Virüsler
AppPatch\AcSpecf.sdb
AppPatch\AcXtrnel.sdb
Fonts\Framdee.ttf
system32\[u]0[/u]8223B03.cfg
system32\122B901E.cfg
system32\43ACDCC5.cfg
system32\495271CA.cfg
system32\4BF9CBA3.cfg
system32\58FF3024.cfg
system32\7ADC2AB1.cfg
system32\82710040.cfg
system32\9CA963CA.cfg
system32\C250CF20.cfg
system32\C56BCC10.cfg
system32\D91BC61E.cfg
system32\DA63E650.cfg
system32\DE02F764.cfg
system32\drivers\HBKernel32.sys
system32\E4814792.cfg
FixCamera.exe
tsnp2std.exe
vsnp2std.exe
msgmr.dll
Legacy_HBKERNEL32
Service_HBKernel32
Bilgi Paylaştıkça Çoğalır….
(2 votes, average: 4.5 out of 5)
Loading ...
ComboFix 08-08-03.05 - ahmet 2010-02-16 14:26:29.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1254.1.1055.18.1866 [GMT 2:00]
Running from: C:\Users\ahmet\Desktop\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
—- Previous Run ——-
.
C:\Windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2010-01-16 to 2010-02-16 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-16 12:26 ——— d—–w C:\Users\ahmet\AppData\Roaming\vlc
2010-02-13 15:07 ——— d—–w C:\Program Files\Google
2010-02-11 18:38 51,792 —-a-w C:\Windows\system32\drivers\aswMonFlt.sys
2010-02-09 15:15 ——— d—–w C:\Program Files\AirTies
2010-02-08 15:02 ——— d—–w C:\Program Files\Counter-Strike 1.6
2010-02-08 14:45 ——— d–h–w C:\Program Files\InstallShield Installation Information
2010-02-08 14:45 ——— d—–w C:\Program Files\LimeWire
2010-02-08 13:46 ——— d—–w C:\Users\ahmet\AppData\Roaming\dvdcss
2010-02-06 15:11 ——— d—–w C:\Users\ahmet\AppData\Roaming\LimeWire
2010-01-30 16:22 32,252,033 —-a-w C:\AVG.exe
2010-01-28 11:44 ——— d—–w C:\ProgramData\Alwil Software
2010-01-28 11:44 ——— d—–w C:\Program Files\Alwil Software
2010-01-28 11:31 40,146,416 —-a-w C:\avast.exe
2010-01-22 17:31 ——— d—–w C:\Program Files\Softland
2010-01-21 21:11 ——— d—–w C:\Users\ahmet\AppData\Roaming\Windows Live Writer
2010-01-19 15:12 18,632 —-a-w C:\Windows\System32\dopdfmi7.dll
2010-01-14 09:12 181,120 ——w C:\Windows\System32\MpSigStub.exe
2010-01-10 18:14 ——— d—–w C:\Users\ahmet\AppData\Roaming\Nero
2010-01-10 16:08 ——— d—–w C:\Program Files\Nero
2010-01-10 16:08 ——— d—–w C:\Program Files\Common Files\Nero
2010-01-10 16:00 ——— d—–w C:\ProgramData\Nero
2010-01-10 15:51 ——— d—–w C:\Program Files\Common Files\Ahead
2009-12-24 19:43 51,716 —-a-w C:\Windows\System32\pdf995mon.dll
2009-12-24 19:43 249,856 —-a-w C:\Windows\System32\pdfmona.dll
2009-12-24 19:42 ——— d—–w C:\ProgramData\pdf995
2009-12-24 19:38 ——— d—–w C:\Program Files\VeryPDF PDF2Word v3.0
2009-12-24 19:34 ——— d—–w C:\Users\ahmet\AppData\Roaming\Softland
2009-08-02 12:00 174 –sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{A3BC75A2-1F87-4686-AA43-5347D756017C}”= “C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll” [2009-11-25 13:01 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
2009-01-14 17:49 92504 –a—— C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8b2cc651-2276-4864-8e44-ce10a2cb377d}]
2009-07-15 09:09 2224152 –a—— C:\Program Files\facetr\tbface.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:01 1230080 –a—— C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
2009-02-06 18:17 1068904 –a—— C:\Program Files\Windows Live\Toolbar\wltcore.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{CCC7A320-B3CA-4199-B1A6-9F516DD69829}”= “C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll” [2009-11-25 13:01 1230080]
“{8b2cc651-2276-4864-8e44-ce10a2cb377d}”= “C:\Program Files\facetr\tbface.dll” [2009-07-15 09:09 2224152]
“{21FA44EF-376D-4D53-9B0F-8A89D3229068}”= “C:\Program Files\Windows Live\Toolbar\wltcore.dll” [2009-02-06 18:17 1068904]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{8b2cc651-2276-4864-8e44-ce10a2cb377d}]
[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{CCC7A320-B3CA-4199-B1A6-9F516DD69829}”= “C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll” [2009-11-25 13:01 1230080]
“{8B2CC651-2276-4864-8E44-CE10A2CB377D}”= “C:\Program Files\facetr\tbface.dll” [2009-07-15 09:09 2224152]
“{21FA44EF-376D-4D53-9B0F-8A89D3229068}”= “C:\Program Files\Windows Live\Toolbar\wltcore.dll” [2009-02-06 18:17 1068904]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{8b2cc651-2276-4864-8e44-ce10a2cb377d}]
[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=”C:\Program Files\Windows Sidebar\sidebar.exe” [2006-11-02 14:34 1196032]
“msnmsgr”=”C:\Program Files\Windows Live\Messenger\msnmsgr.exe” [2009-07-26 16:44 3883856]
“WMPNSCFG”=”C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2006-11-02 14:34 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“StartCCC”=”C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 11:35 90112]
“VMSnap3″=”C:\Windows\VMSnap3.exe” [2006-07-18 15:15 49152]
“Domino”=”C:\Windows\Domino.exe” [2006-07-04 13:16 49152]
“HP Software Update”=”C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2007-03-11 20:34 49152]
“GrooveMonitor”=”C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2008-10-25 10:44 31072]
“UnlockerAssistant”=”C:\Program Files\Unlocker\UnlockerAssistant.exe” [2008-05-02 06:15 15872]
“AVG8_TRAY”=”C:\PROGRA~1\AVG\AVG8\avgtray.exe” [2009-12-12 13:28 2043160]
“SunJavaUpdateSched”=”C:\Program Files\Java\jre6\bin\jusched.exe” [2009-07-30 16:00 136600]
“Adobe Reader Speed Launcher”=”C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 21:16 39792]
“cwcptray”=”C:\Program Files\ContentWatch\Internet Protection\cwtray.exe” [2008-10-23 14:24 408848]
“avast5″=”C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe” [2010-02-11 20:53 2756488]
“RtHDVCpl”=”RtHDVCpl.exe” [2007-08-09 13:26 4702208 C:\Windows\RtHDVCpl.exe]
“Skytel”=”Skytel.exe” [2007-08-03 07:22 1826816 C:\Windows\SkyTel.exe]
C:\Users\ahmet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Ekran Krpc ve BaŸlatc.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 07:18:50 98696]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
AirTies ADSL Hizmet Program.lnk - C:\Program Files\AirTies\ADSL Hizmet Program\AirTies_util3.exe [2010-02-09 17:15:44 4322816]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 20:26:24 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.YV12″= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
“AntiVirusOverride”=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{641DF6B6-557C-475B-9BD6-31A711F19067}”= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
“{10F56DFF-9E41-4007-B0C4-B8952C3CC6B9}”= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
“{D41C9B69-CD0E-42F6-A382-30627D1F2C6B}”= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
“{D2B4EF56-6722-4995-9EF0-BFC13DBCE8D9}”= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
“{9ED8D88A-DFF3-4B61-BED2-5A487BA9971C}”= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
“{B219AFA7-DE6B-4D67-B4F5-6DC75CAA1891}”= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
“{3E664D50-BFEE-477C-B49C-A694783B5017}”= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe
“TCP Query User{5B40A47E-8F54-4A9E-86E7-1028C5F5FB64}C:\\program files\\limewire\\limewire.exe”= UDP:C:\program files\limewire\limewire.exe:LimeWire
“UDP Query User{CDD06D8C-EC2A-461C-AAE9-F515A2BB2E1A}C:\\program files\\limewire\\limewire.exe”= TCP:C:\program files\limewire\limewire.exe:LimeWire
“TCP Query User{4BCA6952-E8B3-4F7D-B478-378A6E3AB198}C:\\program files\\limewire\\limewire.exe”= UDP:C:\program files\limewire\limewire.exe:LimeWire
“UDP Query User{53213410-B6D8-46BC-BB43-4A185C50CC28}C:\\program files\\limewire\\limewire.exe”= TCP:C:\program files\limewire\limewire.exe:LimeWire
“TCP Query User{72561D8D-EDE5-418B-9538-4CC5D2023D92}C:\\program files\\internet explorer\\iexplore.exe”= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
“UDP Query User{33929764-5EFD-4BDF-8E81-240561F497FB}C:\\program files\\internet explorer\\iexplore.exe”= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
“{E84CDA25-D1EB-430E-BFC0-389AD895D635}”= C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
“TCP Query User{09EFB31F-3A18-4357-9CC9-8B752F545801}C:\\program files\\internet explorer\\iexplore.exe”= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
“UDP Query User{D65DEBD2-0BC2-4D55-BC00-9E1DFDA00C30}C:\\program files\\internet explorer\\iexplore.exe”= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
“TCP Query User{B17B0E3F-1731-4455-9B74-137C1077E149}C:\\users\\ahmet\\desktop\\bvtlivetv2.exe”= UDP:C:\users\ahmet\desktop\bvtlivetv2.exe:bvtlivetv2.exe
“UDP Query User{922BC52F-E216-4DAE-8AB1-E8E5C31DC215}C:\\users\\ahmet\\desktop\\bvtlivetv2.exe”= TCP:C:\users\ahmet\desktop\bvtlivetv2.exe:bvtlivetv2.exe
“TCP Query User{56BB215F-DFF3-4FC9-A115-238F7A4303BA}C:\\program files\\java\\jre6\\bin\\javaw.exe”= UDP:C:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
“UDP Query User{0CC31521-89BE-41EA-8686-2D2B314AD3C1}C:\\program files\\java\\jre6\\bin\\javaw.exe”= TCP:C:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
“TCP Query User{9FCC36A8-AA8F-4D8B-9F7C-B6DE24DA568F}C:\\program files\\electronic arts\\eadm\\core.exe”= Disabled:UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
“UDP Query User{F771C8A7-ED06-491C-BB11-4E459B848A18}C:\\program files\\electronic arts\\eadm\\core.exe”= Disabled:TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
“{740AF7AB-94A2-4BD5-993C-F47231DA0DE3}”= Disabled:UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
“{948F0A8D-AF4A-4049-A321-7511336BB783}”= Disabled:TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
“TCP Query User{C5865ACA-A699-4669-B930-CBA243E4D734}C:\\program files\\counter-strike 1.6\\hl.exe”= UDP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
“UDP Query User{CD10C6E8-D767-46D2-968A-2C360B8C23B3}C:\\program files\\counter-strike 1.6\\hl.exe”= TCP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
“TCP Query User{31A9F88A-3099-42C0-972F-30426800D9FE}C:\\yarış\\need for speed undergraund ii.exe”= UDP:C:\yarış\need for speed undergraund ii.exe:Need For Speed Undergraund II
“UDP Query User{EAD4FF90-30F7-499E-9BF8-DED350AA6C3F}C:\\yarış\\need for speed undergraund ii.exe”= TCP:C:\yarış\need for speed undergraund ii.exe:Need For Speed Undergraund II
“TCP Query User{1334668D-4883-4FF6-AB95-76DC00CE89BE}C:\\program files\\counter-strike 1.6\\hl.exe”= UDP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
“UDP Query User{ECDE9A4A-FCAE-4C78-8002-B2AA7388DEA5}C:\\program files\\counter-strike 1.6\\hl.exe”= TCP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
“DFSR-1″= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys [2010-02-11 20:42]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2009-07-29 13:27]
R1 AvgTdiX;AVG Free8 Network Redirector;C:\Windows\system32\Drivers\avgtdix.sys [2009-07-29 13:27]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys [2010-02-11 20:38]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2010-02-11 20:38]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-29 13:26]
R2 CwAltaService20;ContentWatch;C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe [2008-10-23 14:24]
R2 SeaPort;SeaPort;C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 17:53]
S2 gupdate1ca1a8870ff6a70;Google Güncelleme Hizmeti (gupdate1ca1a8870ff6a70);C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-11 15:34]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-21 05:55]
S3 vvftav303;vvftav303;C:\Windows\system32\drivers\vvftav303.sys [2007-06-23 12:45]
S3 ZSMC0303;A4 TECH PC Camera H;C:\Windows\system32\Drivers\usbVM303.sys [2007-05-15 09:14]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the ‘Scheduled Tasks’ folder
2010-02-16 C:\Windows\Tasks\Google Software Updater.job
- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-11 15:25]
2010-02-16 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-11 15:34]
2010-02-16 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-11 15:34]
2010-02-15 C:\Windows\Tasks\User_Feed_Synchronization-{1C958098-515E-426E-A13A-13BB172B045C}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-*{8b2cc651-2276-4864-8e44-ce10a2cb377d} - (no file)
BHO-{5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-AdobeUpdater - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKCU-Run-Search Protection - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
.
——- Supplementary Scan ——-
.
FireFox -: Profile - C:\Users\ahmet\AppData\Roaming\Mozilla\Firefox\Profiles\z3s37c4b.default\
FF -: plugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF -: plugin - C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
FF -: plugin - C:\Program Files\Microsoft\Office Live\npOLW.dll
FF -: plugin - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 14:27:04
Windows 6.0.6000 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-02-16 14:28:32
ComboFix-quarantined-files.txt 2010-02-16 12:28:21
Pre-Run: Sistem, Application için ileti dosyası içinde 0×2379 ileti numarası için ileti metnini bulamıyor.
Post-Run: 136,551,981,056 bayt boş
203 — E O F — 2009-08-02 11:53:00
Leave your response!