Beyler pc yi combofix ile tarattım aşağıdaki rapor çıktı en son. Şimdi ne yapmam gerekiyor?
ComboFix 13-03-07.03 - mavim 09.03.2013 13:31:09.2.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1254.90.1055.18.510.351 [GMT 2:00]
Running from: d:\lyrics\********s and Settings\mavim\Belgelerim\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\********s and settings\mavim\Application Data\demz2.exe
c:\windows\GHOST\Desktop_.ini
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\setting.ini
c:\windows\wininit.ini
.
c:\windows\system32\midimap.dll . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVMINI
-------\Service_nvmini
.
.
((((((((((((((((((((((((( Files Created from 2013-02-09 to 2013-03-09 )))))))))))))))))))))))))))))))
.
.
2013-03-07 10:33 . 2013-03-07 10:33 -------- d-----w- c:\********s and settings\mavim\Local Settings\Application Data\APN
2013-03-07 10:33 . 2013-03-07 10:33 -------- d-----w- c:\program files\Ask.com
2013-03-07 10:32 . 2013-03-07 10:32 -------- d-----w- c:\********s and settings\mavim\Local Settings\Application Data\AskToolbar
2013-03-07 10:21 . 2013-03-07 10:21 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-06 18:15 . 2013-03-06 18:15 -------- d-----w- c:\********s and settings\mavim\Application Data\FileZilla
2013-03-04 18:08 . 2013-03-04 18:08 -------- d-----w- c:\********s and settings\Guest\Application Data\vlc
2013-03-03 08:23 . 2013-03-03 08:23 -------- d-----w- c:\********s and settings\Büşra\Application Data\vlc
2013-03-03 08:23 . 2013-03-03 08:23 -------- d-----w- c:\********s and settings\Büşra\Local Settings\Application Data\Sun
2013-03-02 17:01 . 2012-08-03 23:18 317429 ----a-w- c:\windows\systemcs2940.exe
2013-03-02 08:32 . 2012-08-03 23:18 317429 ----a-w- c:\windows\systemcs3496.exe
2013-03-01 15:38 . 2013-03-01 15:38 -------- d-----w- c:\********s and settings\mavim\Application Data\vlc
2013-02-28 19:18 . 2013-02-28 19:18 -------- d-----w- C:\FOUND.001
2013-02-27 11:27 . 2013-02-27 11:27 -------- d-----w- c:\********s and settings\mavim\Local Settings\Application Data\Opera
2013-02-27 11:26 . 2013-02-27 11:26 -------- d-----w- c:\program files\Opera
2013-02-23 10:48 . 2013-02-23 10:48 -------- d-----w- c:\********s and settings\mavim\Local Settings\Application Data\Sun
2013-02-21 14:15 . 2013-03-07 10:20 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-20 19:38 . 2013-02-20 19:38 -------- d-----w- C:\FOUND.000
2013-02-14 10:44 . 2013-02-14 10:44 -------- d-----w- c:\********s and settings\Büşra\Application Data\GRETECH
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-07 10:20 . 2012-10-06 19:59 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-07 10:20 . 2010-07-19 14:02 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-27 10:35 . 2012-04-02 19:31 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-27 10:35 . 2011-12-31 09:31 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-02 12:54 . 2013-03-02 12:52 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 16:00 . 89078AC4D2298687211E8666C6EFCAA3 . 782848 . . [2001.12.4414.700] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\comres.dll
[-] 2004-08-03 19:45 . 17A27BA7B4DB99C6D049A7DB17A9187E . 1484800 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
.
[-] 2008-04-14 . 94C716A073277D5A040EF83ABC5DAE53 . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\winlogon.exe
[-] 2004-08-03 . C1E9678833FF1E1BF039FB65C5B4A078 . 541696 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
[-] 2008-04-14 . 37390D2082F30C5362CA27558888F846 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\comctl32.dll
[-] 2008-04-14 . 4A06B20542848FF905E6490159C9B07A . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2004-08-03 . 5519C4C542F9581838C990A40906561A . 636928 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2004-08-03 . 93EDD03F73C7D008F4170C180CCB7F38 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2001-11-22 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-04-14 . DBC887B627B9CA423270C951F9E88F0E . 579072 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\user32.dll
[-] 2004-08-03 . 931C7BD91FF46A14713E590A34F31A0E . 577536 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll
.
[-] 2008-04-14 . 95C8AC96E12CAB1F1444BCC120DD1773 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\explorer.exe
[-] 2004-08-03 . 51DA6DBCBC5E93D297338EA97FD11054 . 1539584 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . 734D52D4758A4565F3F50339608454FF . 147968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\regedit.exe
[-] 2004-08-03 . C8721ED73BA38F40C93420F384A6B953 . 277504 . . [5.1.2600.2180] . . c:\windows\regedit.exe
.
[-] 2008-04-14 . 1F1BAF5A7A8C8A3962CECD757129E99C . 1287168 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\ole32.dll
[-] 2004-08-03 . 0EEF5502653BFFF9BB0D0789679F5B55 . 1306112 . . [5.1.2600.2180] . . c:\windows\system32\ole32.dll
.
[-] 2008-04-14 . 665AA9B770070A3F6C8A0BBBF275AAA3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\ctfmon.exe
[-] 2004-08-03 . B558642A4E7062AAB0EA1DA9BB7F0355 . 40448 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-04-14 . D208921CB335292E7D6908A78358E261 . 345088 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\hnetcfg.dll
[-] 2004-08-03 . 842BDDC929C17675999A3B312CF5018D . 369664 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
.
[-] 2008-04-14 . EA77CF9EBC91495CC12F0CAFE59E81A0 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\midimap.dll
[-] 2004-08-03 . 6F915F16F740B6F94AE554CC7480010B . 42496 . . [5.1.2600.2180] . . c:\windows\system32\midimap.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 40448]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-10-28 14:25 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-03 19:45 40448 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExplorerUpdate]
2012-07-11 23:18 68144 ----a-w- c:\********s and settings\mavim\Application Data\ExlorerUpdate\ExplorerUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-07-06 00:35 116648 ----a-w- c:\********s and settings\mavim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-04-15 04:01 77824 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 02:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-07-11 20:53 895376 ----a-w- d:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2012-06-28 15:40 74752 ----a-w- d:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Winamp\\winamp.exe"=
"d:\\Program Files\\valve\\hl.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.08.2008 13:27 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [23.08.2008 19:40 468224]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [17.12.2012 19:22 9216]
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 10:35]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1592454029-839522115-1003Core1ce104ba4fe1b52.job
- c:\********s and settings\mavim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-06 00:35]
.
2013-03-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2013-02-08 12:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=fft-1&from=fft-1&uid=WDC_WD1600AABS-00PRA0_WD-WMAP9C44879348793&ts=1358951441
mStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=fft-1&from=fft-1&uid=WDC_WD1600AABS-00PRA0_WD-WMAP9C44879348793&ts=1358951441
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 46.238.24.34:8080
uInternet Settings,ProxyOverride = local;*.local
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{9250F91B-4CA8-4CC3-9B66-860244D0896C}: NameServer = 208.67.222.222,208.67.220.220
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\********s and settings\mavim\Application Data\Mozilla\Firefox\Profiles\w3hvhsan.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - Google.com
FF - prefs.js: network.proxy.ftp - 94.156.140.246
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 78.130.216.99
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 94.156.140.246
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 94.156.140.246
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-03-07 12:33; [email protected]; c:\********s and settings\mavim\Application Data\Mozilla\Firefox\Profiles\w3hvhsan.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Notify-NavLogon - (no file)
MSConfigStartUp-PC Suite Tray - d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-03-09 13:44
Windows 5.1.2600 Service Pack 2 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\psbase.dll
.
- - - - - - - > 'explorer.exe'(700)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSTR.DLL
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-03-09 13:47:05 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-09 11:47
.
Pre-Run: 340.885.504 bayt boş
Post-Run: 2.266.611.712 bayt boş
.
- - End Of File - - C5738CC94848FC51B8236CEFDCAA66A3
ComboFix 13-03-07.03 - mavim 09.03.2013 13:31:09.2.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1254.90.1055.18.510.351 [GMT 2:00]
Running from: d:\lyrics\********s and Settings\mavim\Belgelerim\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\********s and settings\mavim\Application Data\demz2.exe
c:\windows\GHOST\Desktop_.ini
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\setting.ini
c:\windows\wininit.ini
.
c:\windows\system32\midimap.dll . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVMINI
-------\Service_nvmini
.
.
((((((((((((((((((((((((( Files Created from 2013-02-09 to 2013-03-09 )))))))))))))))))))))))))))))))
.
.
2013-03-07 10:33 . 2013-03-07 10:33 -------- d-----w- c:\********s and settings\mavim\Local Settings\Application Data\APN
2013-03-07 10:33 . 2013-03-07 10:33 -------- d-----w- c:\program files\Ask.com
2013-03-07 10:32 . 2013-03-07 10:32 -------- d-----w- c:\********s and settings\mavim\Local Settings\Application Data\AskToolbar
2013-03-07 10:21 . 2013-03-07 10:21 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-06 18:15 . 2013-03-06 18:15 -------- d-----w- c:\********s and settings\mavim\Application Data\FileZilla
2013-03-04 18:08 . 2013-03-04 18:08 -------- d-----w- c:\********s and settings\Guest\Application Data\vlc
2013-03-03 08:23 . 2013-03-03 08:23 -------- d-----w- c:\********s and settings\Büşra\Application Data\vlc
2013-03-03 08:23 . 2013-03-03 08:23 -------- d-----w- c:\********s and settings\Büşra\Local Settings\Application Data\Sun
2013-03-02 17:01 . 2012-08-03 23:18 317429 ----a-w- c:\windows\systemcs2940.exe
2013-03-02 08:32 . 2012-08-03 23:18 317429 ----a-w- c:\windows\systemcs3496.exe
2013-03-01 15:38 . 2013-03-01 15:38 -------- d-----w- c:\********s and settings\mavim\Application Data\vlc
2013-02-28 19:18 . 2013-02-28 19:18 -------- d-----w- C:\FOUND.001
2013-02-27 11:27 . 2013-02-27 11:27 -------- d-----w- c:\********s and settings\mavim\Local Settings\Application Data\Opera
2013-02-27 11:26 . 2013-02-27 11:26 -------- d-----w- c:\program files\Opera
2013-02-23 10:48 . 2013-02-23 10:48 -------- d-----w- c:\********s and settings\mavim\Local Settings\Application Data\Sun
2013-02-21 14:15 . 2013-03-07 10:20 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-20 19:38 . 2013-02-20 19:38 -------- d-----w- C:\FOUND.000
2013-02-14 10:44 . 2013-02-14 10:44 -------- d-----w- c:\********s and settings\Büşra\Application Data\GRETECH
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-07 10:20 . 2012-10-06 19:59 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-07 10:20 . 2010-07-19 14:02 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-27 10:35 . 2012-04-02 19:31 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-27 10:35 . 2011-12-31 09:31 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-02 12:54 . 2013-03-02 12:52 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 16:00 . 89078AC4D2298687211E8666C6EFCAA3 . 782848 . . [2001.12.4414.700] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\comres.dll
[-] 2004-08-03 19:45 . 17A27BA7B4DB99C6D049A7DB17A9187E . 1484800 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
.
[-] 2008-04-14 . 94C716A073277D5A040EF83ABC5DAE53 . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\winlogon.exe
[-] 2004-08-03 . C1E9678833FF1E1BF039FB65C5B4A078 . 541696 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
[-] 2008-04-14 . 37390D2082F30C5362CA27558888F846 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\comctl32.dll
[-] 2008-04-14 . 4A06B20542848FF905E6490159C9B07A . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2004-08-03 . 5519C4C542F9581838C990A40906561A . 636928 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2004-08-03 . 93EDD03F73C7D008F4170C180CCB7F38 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2001-11-22 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-04-14 . DBC887B627B9CA423270C951F9E88F0E . 579072 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\user32.dll
[-] 2004-08-03 . 931C7BD91FF46A14713E590A34F31A0E . 577536 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll
.
[-] 2008-04-14 . 95C8AC96E12CAB1F1444BCC120DD1773 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\explorer.exe
[-] 2004-08-03 . 51DA6DBCBC5E93D297338EA97FD11054 . 1539584 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . 734D52D4758A4565F3F50339608454FF . 147968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\regedit.exe
[-] 2004-08-03 . C8721ED73BA38F40C93420F384A6B953 . 277504 . . [5.1.2600.2180] . . c:\windows\regedit.exe
.
[-] 2008-04-14 . 1F1BAF5A7A8C8A3962CECD757129E99C . 1287168 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\ole32.dll
[-] 2004-08-03 . 0EEF5502653BFFF9BB0D0789679F5B55 . 1306112 . . [5.1.2600.2180] . . c:\windows\system32\ole32.dll
.
[-] 2008-04-14 . 665AA9B770070A3F6C8A0BBBF275AAA3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\ctfmon.exe
[-] 2004-08-03 . B558642A4E7062AAB0EA1DA9BB7F0355 . 40448 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-04-14 . D208921CB335292E7D6908A78358E261 . 345088 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\hnetcfg.dll
[-] 2004-08-03 . 842BDDC929C17675999A3B312CF5018D . 369664 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
.
[-] 2008-04-14 . EA77CF9EBC91495CC12F0CAFE59E81A0 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\midimap.dll
[-] 2004-08-03 . 6F915F16F740B6F94AE554CC7480010B . 42496 . . [5.1.2600.2180] . . c:\windows\system32\midimap.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 40448]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-10-28 14:25 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-03 19:45 40448 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExplorerUpdate]
2012-07-11 23:18 68144 ----a-w- c:\********s and settings\mavim\Application Data\ExlorerUpdate\ExplorerUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-07-06 00:35 116648 ----a-w- c:\********s and settings\mavim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-04-15 04:01 77824 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 02:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-07-11 20:53 895376 ----a-w- d:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2012-06-28 15:40 74752 ----a-w- d:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Winamp\\winamp.exe"=
"d:\\Program Files\\valve\\hl.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.08.2008 13:27 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [23.08.2008 19:40 468224]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [17.12.2012 19:22 9216]
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 10:35]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1592454029-839522115-1003Core1ce104ba4fe1b52.job
- c:\********s and settings\mavim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-06 00:35]
.
2013-03-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2013-02-08 12:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=fft-1&from=fft-1&uid=WDC_WD1600AABS-00PRA0_WD-WMAP9C44879348793&ts=1358951441
mStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=fft-1&from=fft-1&uid=WDC_WD1600AABS-00PRA0_WD-WMAP9C44879348793&ts=1358951441
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 46.238.24.34:8080
uInternet Settings,ProxyOverride = local;*.local
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{9250F91B-4CA8-4CC3-9B66-860244D0896C}: NameServer = 208.67.222.222,208.67.220.220
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\********s and settings\mavim\Application Data\Mozilla\Firefox\Profiles\w3hvhsan.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - Google.com
FF - prefs.js: network.proxy.ftp - 94.156.140.246
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 78.130.216.99
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 94.156.140.246
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 94.156.140.246
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-03-07 12:33; [email protected]; c:\********s and settings\mavim\Application Data\Mozilla\Firefox\Profiles\w3hvhsan.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Notify-NavLogon - (no file)
MSConfigStartUp-PC Suite Tray - d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-03-09 13:44
Windows 5.1.2600 Service Pack 2 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\psbase.dll
.
- - - - - - - > 'explorer.exe'(700)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSTR.DLL
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-03-09 13:47:05 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-09 11:47
.
Pre-Run: 340.885.504 bayt boş
Post-Run: 2.266.611.712 bayt boş
.
- - End Of File - - C5738CC94848FC51B8236CEFDCAA66A3
