AHMET ÇOBAN tarafından

AHMET ÇOBAN — Tue, 16 Feb 2010 12:35:01 +0000

ComboFix 08-08-03.05 - ahmet 2010-02-16 14:26:29.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1254.1.1055.18.1866 [GMT 2:00]
Running from: C:\Users\ahmet\Desktop\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
—- Previous Run ——-
.
C:\Windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2010-01-16 to 2010-02-16 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-16 12:26 ——— d—–w C:\Users\ahmet\AppData\Roaming\vlc
2010-02-13 15:07 ——— d—–w C:\Program Files\Google
2010-02-11 18:38 51,792 —-a-w C:\Windows\system32\drivers\aswMonFlt.sys
2010-02-09 15:15 ——— d—–w C:\Program Files\AirTies
2010-02-08 15:02 ——— d—–w C:\Program Files\Counter-Strike 1.6
2010-02-08 14:45 ——— d–h–w C:\Program Files\InstallShield Installation Information
2010-02-08 14:45 ——— d—–w C:\Program Files\LimeWire
2010-02-08 13:46 ——— d—–w C:\Users\ahmet\AppData\Roaming\dvdcss
2010-02-06 15:11 ——— d—–w C:\Users\ahmet\AppData\Roaming\LimeWire
2010-01-30 16:22 32,252,033 —-a-w C:\AVG.exe
2010-01-28 11:44 ——— d—–w C:\ProgramData\Alwil Software
2010-01-28 11:44 ——— d—–w C:\Program Files\Alwil Software
2010-01-28 11:31 40,146,416 —-a-w C:\avast.exe
2010-01-22 17:31 ——— d—–w C:\Program Files\Softland
2010-01-21 21:11 ——— d—–w C:\Users\ahmet\AppData\Roaming\Windows Live Writer
2010-01-19 15:12 18,632 —-a-w C:\Windows\System32\dopdfmi7.dll
2010-01-14 09:12 181,120 ——w C:\Windows\System32\MpSigStub.exe
2010-01-10 18:14 ——— d—–w C:\Users\ahmet\AppData\Roaming\Nero
2010-01-10 16:08 ——— d—–w C:\Program Files\Nero
2010-01-10 16:08 ——— d—–w C:\Program Files\Common Files\Nero
2010-01-10 16:00 ——— d—–w C:\ProgramData\Nero
2010-01-10 15:51 ——— d—–w C:\Program Files\Common Files\Ahead
2009-12-24 19:43 51,716 —-a-w C:\Windows\System32\pdf995mon.dll
2009-12-24 19:43 249,856 —-a-w C:\Windows\System32\pdfmona.dll
2009-12-24 19:42 ——— d—–w C:\ProgramData\pdf995
2009-12-24 19:38 ——— d—–w C:\Program Files\VeryPDF PDF2Word v3.0
2009-12-24 19:34 ——— d—–w C:\Users\ahmet\AppData\Roaming\Softland
2009-08-02 12:00 174 –sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{A3BC75A2-1F87-4686-AA43-5347D756017C}”= “C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll” [2009-11-25 13:01 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
2009-01-14 17:49 92504 –a—— C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8b2cc651-2276-4864-8e44-ce10a2cb377d}]
2009-07-15 09:09 2224152 –a—— C:\Program Files\facetr\tbface.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:01 1230080 –a—— C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
2009-02-06 18:17 1068904 –a—— C:\Program Files\Windows Live\Toolbar\wltcore.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{CCC7A320-B3CA-4199-B1A6-9F516DD69829}”= “C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll” [2009-11-25 13:01 1230080]
“{8b2cc651-2276-4864-8e44-ce10a2cb377d}”= “C:\Program Files\facetr\tbface.dll” [2009-07-15 09:09 2224152]
“{21FA44EF-376D-4D53-9B0F-8A89D3229068}”= “C:\Program Files\Windows Live\Toolbar\wltcore.dll” [2009-02-06 18:17 1068904]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{8b2cc651-2276-4864-8e44-ce10a2cb377d}]

[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{CCC7A320-B3CA-4199-B1A6-9F516DD69829}”= “C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll” [2009-11-25 13:01 1230080]
“{8B2CC651-2276-4864-8E44-CE10A2CB377D}”= “C:\Program Files\facetr\tbface.dll” [2009-07-15 09:09 2224152]
“{21FA44EF-376D-4D53-9B0F-8A89D3229068}”= “C:\Program Files\Windows Live\Toolbar\wltcore.dll” [2009-02-06 18:17 1068904]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{8b2cc651-2276-4864-8e44-ce10a2cb377d}]

[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=”C:\Program Files\Windows Sidebar\sidebar.exe” [2006-11-02 14:34 1196032]
“msnmsgr”=”C:\Program Files\Windows Live\Messenger\msnmsgr.exe” [2009-07-26 16:44 3883856]
“WMPNSCFG”=”C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2006-11-02 14:34 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“StartCCC”=”C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 11:35 90112]
“VMSnap3″=”C:\Windows\VMSnap3.exe” [2006-07-18 15:15 49152]
“Domino”=”C:\Windows\Domino.exe” [2006-07-04 13:16 49152]
“HP Software Update”=”C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2007-03-11 20:34 49152]
“GrooveMonitor”=”C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2008-10-25 10:44 31072]
“UnlockerAssistant”=”C:\Program Files\Unlocker\UnlockerAssistant.exe” [2008-05-02 06:15 15872]
“AVG8_TRAY”=”C:\PROGRA~1\AVG\AVG8\avgtray.exe” [2009-12-12 13:28 2043160]
“SunJavaUpdateSched”=”C:\Program Files\Java\jre6\bin\jusched.exe” [2009-07-30 16:00 136600]
“Adobe Reader Speed Launcher”=”C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 21:16 39792]
“cwcptray”=”C:\Program Files\ContentWatch\Internet Protection\cwtray.exe” [2008-10-23 14:24 408848]
“avast5″=”C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe” [2010-02-11 20:53 2756488]
“RtHDVCpl”=”RtHDVCpl.exe” [2007-08-09 13:26 4702208 C:\Windows\RtHDVCpl.exe]
“Skytel”=”Skytel.exe” [2007-08-03 07:22 1826816 C:\Windows\SkyTel.exe]

C:\Users\ahmet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Ekran Krpc ve BaŸlatc.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 07:18:50 98696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
AirTies ADSL Hizmet Program.lnk - C:\Program Files\AirTies\ADSL Hizmet Program\AirTies_util3.exe [2010-02-09 17:15:44 4322816]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 20:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.YV12″= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
“AntiVirusOverride”=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{641DF6B6-557C-475B-9BD6-31A711F19067}”= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
“{10F56DFF-9E41-4007-B0C4-B8952C3CC6B9}”= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
“{D41C9B69-CD0E-42F6-A382-30627D1F2C6B}”= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
“{D2B4EF56-6722-4995-9EF0-BFC13DBCE8D9}”= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
“{9ED8D88A-DFF3-4B61-BED2-5A487BA9971C}”= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
“{B219AFA7-DE6B-4D67-B4F5-6DC75CAA1891}”= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
“{3E664D50-BFEE-477C-B49C-A694783B5017}”= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe
“TCP Query User{5B40A47E-8F54-4A9E-86E7-1028C5F5FB64}C:\\program files\\limewire\\limewire.exe”= UDP:C:\program files\limewire\limewire.exe:LimeWire
“UDP Query User{CDD06D8C-EC2A-461C-AAE9-F515A2BB2E1A}C:\\program files\\limewire\\limewire.exe”= TCP:C:\program files\limewire\limewire.exe:LimeWire
“TCP Query User{4BCA6952-E8B3-4F7D-B478-378A6E3AB198}C:\\program files\\limewire\\limewire.exe”= UDP:C:\program files\limewire\limewire.exe:LimeWire
“UDP Query User{53213410-B6D8-46BC-BB43-4A185C50CC28}C:\\program files\\limewire\\limewire.exe”= TCP:C:\program files\limewire\limewire.exe:LimeWire
“TCP Query User{72561D8D-EDE5-418B-9538-4CC5D2023D92}C:\\program files\\internet explorer\\iexplore.exe”= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
“UDP Query User{33929764-5EFD-4BDF-8E81-240561F497FB}C:\\program files\\internet explorer\\iexplore.exe”= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
“{E84CDA25-D1EB-430E-BFC0-389AD895D635}”= C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
“TCP Query User{09EFB31F-3A18-4357-9CC9-8B752F545801}C:\\program files\\internet explorer\\iexplore.exe”= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
“UDP Query User{D65DEBD2-0BC2-4D55-BC00-9E1DFDA00C30}C:\\program files\\internet explorer\\iexplore.exe”= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
“TCP Query User{B17B0E3F-1731-4455-9B74-137C1077E149}C:\\users\\ahmet\\desktop\\bvtlivetv2.exe”= UDP:C:\users\ahmet\desktop\bvtlivetv2.exe:bvtlivetv2.exe
“UDP Query User{922BC52F-E216-4DAE-8AB1-E8E5C31DC215}C:\\users\\ahmet\\desktop\\bvtlivetv2.exe”= TCP:C:\users\ahmet\desktop\bvtlivetv2.exe:bvtlivetv2.exe
“TCP Query User{56BB215F-DFF3-4FC9-A115-238F7A4303BA}C:\\program files\\java\\jre6\\bin\\javaw.exe”= UDP:C:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
“UDP Query User{0CC31521-89BE-41EA-8686-2D2B314AD3C1}C:\\program files\\java\\jre6\\bin\\javaw.exe”= TCP:C:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
“TCP Query User{9FCC36A8-AA8F-4D8B-9F7C-B6DE24DA568F}C:\\program files\\electronic arts\\eadm\\core.exe”= Disabled:UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
“UDP Query User{F771C8A7-ED06-491C-BB11-4E459B848A18}C:\\program files\\electronic arts\\eadm\\core.exe”= Disabled:TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
“{740AF7AB-94A2-4BD5-993C-F47231DA0DE3}”= Disabled:UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
“{948F0A8D-AF4A-4049-A321-7511336BB783}”= Disabled:TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
“TCP Query User{C5865ACA-A699-4669-B930-CBA243E4D734}C:\\program files\\counter-strike 1.6\\hl.exe”= UDP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
“UDP Query User{CD10C6E8-D767-46D2-968A-2C360B8C23B3}C:\\program files\\counter-strike 1.6\\hl.exe”= TCP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
“TCP Query User{31A9F88A-3099-42C0-972F-30426800D9FE}C:\\yarış\\need for speed undergraund ii.exe”= UDP:C:\yarış\need for speed undergraund ii.exe:Need For Speed Undergraund II
“UDP Query User{EAD4FF90-30F7-499E-9BF8-DED350AA6C3F}C:\\yarış\\need for speed undergraund ii.exe”= TCP:C:\yarış\need for speed undergraund ii.exe:Need For Speed Undergraund II
“TCP Query User{1334668D-4883-4FF6-AB95-76DC00CE89BE}C:\\program files\\counter-strike 1.6\\hl.exe”= UDP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
“UDP Query User{ECDE9A4A-FCAE-4C78-8002-B2AA7388DEA5}C:\\program files\\counter-strike 1.6\\hl.exe”= TCP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
“DFSR-1″= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys [2010-02-11 20:42]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2009-07-29 13:27]
R1 AvgTdiX;AVG Free8 Network Redirector;C:\Windows\system32\Drivers\avgtdix.sys [2009-07-29 13:27]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys [2010-02-11 20:38]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2010-02-11 20:38]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-29 13:26]
R2 CwAltaService20;ContentWatch;C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe [2008-10-23 14:24]
R2 SeaPort;SeaPort;C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 17:53]
S2 gupdate1ca1a8870ff6a70;Google Güncelleme Hizmeti (gupdate1ca1a8870ff6a70);C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-11 15:34]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-21 05:55]
S3 vvftav303;vvftav303;C:\Windows\system32\drivers\vvftav303.sys [2007-06-23 12:45]
S3 ZSMC0303;A4 TECH PC Camera H;C:\Windows\system32\Drivers\usbVM303.sys [2007-05-15 09:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the ‘Scheduled Tasks’ folder

2010-02-16 C:\Windows\Tasks\Google Software Updater.job
- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-11 15:25]

2010-02-16 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-11 15:34]

2010-02-16 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-11 15:34]

2010-02-15 C:\Windows\Tasks\User_Feed_Synchronization-{1C958098-515E-426E-A13A-13BB172B045C}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*{8b2cc651-2276-4864-8e44-ce10a2cb377d} - (no file)
BHO-{5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-AdobeUpdater - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKCU-Run-Search Protection - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

.
——- Supplementary Scan ——-
.
FireFox -: Profile - C:\Users\ahmet\AppData\Roaming\Mozilla\Firefox\Profiles\z3s37c4b.default\
FF -: plugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF -: plugin - C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
FF -: plugin - C:\Program Files\Microsoft\Office Live\npOLW.dll
FF -: plugin - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 14:27:04
Windows 6.0.6000 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-02-16 14:28:32
ComboFix-quarantined-files.txt 2010-02-16 12:28:21

Pre-Run: Sistem, Application için ileti dosyası içinde 0×2379 ileti numarası için ileti metnini bulamıyor.
Post-Run: 136,551,981,056 bayt boş

203 — E O F — 2009-08-02 11:53:00

Portable Antivirüs ComboFix (Resimli Anlatım) yazısına yapılan yorumlar

AHMET ÇOBAN tarafından