arkadaşlar ben combo fix ile taratıyorum fakat virüs olduğunu nasıl anlıcam txt dosyasında ner de yazı yo textte yazanlar
her şey için saolun
Kod:
ComboFix 12-08-10.02 - ŞANLI 13.08.2012 17:19:20.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1254.90.1055.18.1023.230 [GMT 3:00]
Running from: d:\masaüstü\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system\VI30AUT.DLL
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 14:26 . 2012-08-13 14:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-12 11:23 . 2012-08-12 11:23 266752 ----a-w- c:\windows\system32\MSCOMCTL.oca
2012-08-12 11:16 . 2012-08-12 11:16 -------- d-----w- c:\windows\msapps
2012-08-10 14:06 . 2012-08-12 11:19 -------- d-----w- c:\program files\Web Publish
2012-08-10 13:56 . 2007-05-16 13:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2012-08-10 08:35 . 2012-08-10 14:00 -------- d-----w- c:\windows\Java
2012-08-10 08:35 . 1998-06-02 09:05 103424 ----a-w- c:\windows\extrac32.exe
2012-08-07 16:16 . 2012-08-07 16:16 -------- d-----w- C:\$AVG
2012-08-07 14:27 . 2012-08-07 14:27 -------- d-----w- c:\program files\Wolfman.TR
2012-08-04 10:06 . 2012-08-04 10:06 16336548 ------w- C:\Persi0.sys
2012-08-04 10:06 . 2012-08-04 10:06 -------- d-----w- c:\program files\Faronics
2012-08-04 10:01 . 2012-08-04 10:01 -------- d-----w- c:\program files\Wise
2012-08-04 09:39 . 2012-08-07 14:27 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-04 09:39 . 2012-08-07 14:27 -------- d-----w- c:\program files\AVG Secure Search
2012-08-04 09:39 . 2012-08-07 14:27 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-08-04 09:37 . 2012-08-13 13:55 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-04 09:37 . 2012-08-04 09:52 -------- d-----w- c:\programdata\AVG2012
2012-08-04 09:36 . 2012-08-04 09:36 -------- d-----w- c:\program files\AVG
2012-08-04 09:16 . 2012-08-04 09:16 -------- d-----w- c:\program files\SoftnyxGame
2012-08-04 09:12 . 2012-08-04 09:12 -------- d-----w- C:\Game
2012-08-04 09:11 . 2012-08-04 08:20 -------- d-----w- c:\windows\Panther
2012-08-04 09:11 . 2012-08-04 09:11 -------- d-----w- C:\Boot
2012-08-04 09:00 . 2012-08-04 09:00 -------- d-----w- c:\programdata\WEBREG
2012-08-04 08:59 . 2009-07-14 01:15 307200 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw72.dll
2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- c:\programdata\HP Product Assistant
2012-08-04 08:56 . 2012-08-04 08:56 -------- d-----w- c:\windows\system32\Macromed
2012-08-04 08:56 . 2012-08-04 08:56 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2012-08-04 08:55 . 2012-08-04 08:55 -------- d-----w- c:\program files\Common Files\HP
2012-08-04 08:54 . 2012-08-13 13:55 -------- d-----w- c:\programdata\MFAData
2012-08-04 08:54 . 2012-08-04 08:54 -------- d--h--w- c:\programdata\Common Files
2012-08-04 08:54 . 2012-08-04 08:58 -------- d-----w- c:\program files\HP
2012-08-04 08:53 . 2012-08-04 09:00 -------- d-----w- c:\programdata\HP
2012-08-04 08:53 . 2009-07-08 10:51 452408 ----a-w- c:\windows\system32\hpzids01.dll
2012-08-04 08:53 . 2009-07-08 10:51 974848 ----a-w- c:\windows\system32\hpost_p01a.dll
2012-08-04 08:53 . 2009-07-08 10:51 737280 ----a-w- c:\windows\system32\hposwia_p01a.dll
2012-08-04 08:53 . 2009-07-08 10:51 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2012-08-04 08:53 . 2009-07-08 10:51 307200 ----a-w- c:\windows\system32\hposc_p01a.dll
2012-08-04 08:48 . 2012-08-04 08:48 8192 ----a-w- c:\windows\system32\srvany.exe
2012-08-04 08:42 . 2012-07-15 23:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{552DA370-253D-4349-AEEB-6E5E91EC814E}\mpengine.dll
2012-08-04 08:42 . 2012-05-31 09:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-08-04 08:42 . 2012-08-04 08:42 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-08-04 08:41 . 2012-08-04 08:41 -------- d-----w- c:\program files\TeamViewer
2012-08-04 08:41 . 2012-08-04 08:41 -------- d-----w- c:\windows\PCHEALTH
2012-08-04 08:41 . 2012-08-04 08:41 -------- d-----w- c:\program files\Microsoft.NET
2012-08-04 08:41 . 2012-08-04 08:41 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-08-04 08:41 . 2012-08-04 08:41 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-08-04 08:40 . 2012-08-04 08:40 -------- d-----w- c:\program files\uTorrent
2012-08-04 08:40 . 2012-08-04 08:40 -------- d-----w- c:\program files\RocketDock
2012-08-04 08:37 . 2012-08-04 08:37 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-08-04 08:36 . 2012-08-04 08:47 -------- d-----w- c:\programdata\Microsoft Help
2012-08-04 08:36 . 2012-08-04 08:36 -------- d-----r- C:\MSOCache
2012-08-04 08:27 . 2012-08-04 08:27 -------- d-----w- c:\program files\GRETECH
2012-08-04 08:27 . 2012-08-04 08:27 -------- d-----w- c:\program files\Conduit
2012-08-04 08:26 . 2012-08-04 08:26 -------- d-----w- c:\program files\Common Files\Adobe
2012-08-04 08:25 . 2012-08-07 14:36 -------- d-sh--w- c:\windows\Installer
2012-08-04 08:25 . 2012-08-04 08:25 -------- d-----w- c:\program files\7-Zip
2012-08-04 08:25 . 2012-08-13 13:57 -------- d-----w- c:\windows\system32\wbem\Performance
2012-08-04 08:21 . 2012-08-04 08:28 -------- d-----w- c:\users\ŞANLI
2012-08-04 08:19 . 2012-08-04 08:19 -------- d-----w- C:\Recovery
2012-08-04 08:19 . 2012-08-04 08:19 -------- d-sh--we c:\users\Default\Belgelerim
2012-08-04 08:19 . 2012-08-04 08:19 -------- d-sh--we c:\programdata\Sık Kullanılanlar
2012-08-04 08:19 . 2012-08-04 08:19 -------- d-sh--we c:\programdata\Belgeler
2012-08-04 08:14 . 2012-08-04 08:14 0 ----a-w- c:\windows\ativpsrm.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-07 14:27 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-08-07 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-07 1107552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:D *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DFServ]
@="Service"
.
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R3 hptmv;hptmv;c:\windows\system32\DRIVERS\hptmv.sys [x]
R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [x]
R3 m5287;m5287;c:\windows\system32\DRIVERS\m5287.sys [x]
R3 m5288;m5288;c:\windows\system32\DRIVERS\m5288.sys [x]
R3 m5289;m5289;c:\windows\system32\DRIVERS\m5289.sys [x]
R3 MegaSR1;MegaSR1;c:\windows\system32\DRIVERS\MegaSR1.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 rr172x;rr172x;c:\windows\system32\DRIVERS\rr172x.sys [x]
R3 rr2522;rr2522;c:\windows\system32\DRIVERS\rr2522.sys [x]
R3 SI3112r;SI3112r;c:\windows\system32\DRIVERS\SI3112r.sys [x]
R3 SI3114;SI3114;c:\windows\system32\DRIVERS\SI3114.sys [x]
R3 SI3124;SI3124;c:\windows\system32\DRIVERS\SI3124.sys [x]
R3 Si3124r5;Si3124r5;c:\windows\system32\DRIVERS\Si3124r5.sys [x]
R3 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [x]
R3 ViPrt;ViPrt;c:\windows\system32\DRIVERS\ViPrt.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 DeepFrz;DeepFrz; [x]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 avgfws;AVG Güvenlik Duvarı;c:\program files\AVG\AVG2012\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 DFServ;DFServ;c:\program files\Faronics\Deep Freeze\Install C-0\DFServ.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 62.248.80.163 62.248.80.162
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-13 17:29:27
ComboFix-quarantined-files.txt 2012-08-13 14:29
ComboFix2.txt 2012-08-12 09:53
ComboFix3.txt 2012-08-07 16:05
.
Pre-Run: 27.711.746.048 bayt boş
Post-Run: 27.659.206.656 bayt boş
.
- - End Of File - - 1968B918CDB467351A3A57654AB540ADher şey için saolun
