Teknoloji Haberleri
Aşağı Git
Tüm Forumlar
İşletim Sistemleri ve Yazılımlar
Yazılım Genel
Güvenlik Programları
combofix raporu
Bu konudaki kullanıcılar: 1 misafir, 1 mobil kullanıcı
0
Cevap 833
Tıklama 0
Öne Çıkarma
Cevap 833
Tıklama 0
Öne Çıkarma
1. sayfa
-
combofix raporu
1. sayfa
DH Mobil uygulaması ile devam edin.
Mobil tarayıcınız ile mümkün olanların yanı sıra, birçok yeni ve faydalı özelliğe erişin.
Gizle ve güncelleme çıkana kadar tekrar gösterme.
ComboFix 14-04-30.01 - user 05.05.2014 13:01:09.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.2047.1647 [GMT 3:00]
Running from: c:\documents and settings\user\Belgelerim\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\regopt.log
c:\windows\system32\Drivers\DiagnosticScan.SYS
c:\windows\system32\drivers\Start1Driver.SYS
c:\windows\system32\ShellExt\CmdOpen.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DIAGNOSTICSCAN
-------\Legacy_START1DRIVER
-------\Service_DiagnosticScan
-------\Service_Start1Driver
.
.
((((((((((((((((((((((((( Files Created from 2014-04-05 to 2014-05-05 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-04 17:27 . 2013-10-29 19:18 24672 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2014-05-04 17:27 . 2013-06-06 14:38 144992 ----a-w- c:\windows\system32\drivers\kneps.sys
2014-05-04 17:27 . 2013-10-29 19:18 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-11-18 . 4C51D5275AE8A16999EDFE7E647D00DE . 576384 . . [5.1.2600.5712] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2010-07-08 . 51E41F16ACD80B8B39C0AE703A213F09 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2011-10-28 00:12 . 7A4854605056C29F6CB270F86BF7561B . 1527296 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2011-10-27 . C1D0437B27E16B6CB7775C7A1E10C0A1 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
.
[-] 2011-10-27 . F0606586B74A079FB2174AFEB7042B79 . 111104 . . [5.1.2600.5922] . . c:\windows\system32\services.exe
.
[-] 2011-10-27 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
.
[-] 2011-10-28 . 006E7020414BD1F0372B803529A594C0 . 558592 . . [5.1.2600.5788] . . c:\windows\system32\winlogon.exe
.
[-] 2011-10-28 . 9B3715B4FC1F2AAAF951DB8BC1182EE8 . 662528 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2011-10-27 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2011-10-27 . 519215665353A1B115FB4C5867C9196E . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
.
[-] 2011-10-27 23:42 . 68F773B436222EE0AC2C28C990BDF338 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
.
[-] 2011-10-27 . 4D7C87295A067353666395715D94AA89 . 965120 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
.
[-] 2011-10-28 . 49FB9A04B9C7867006561FFFFBAF7D52 . 6224896 . . [8.00.6001.23250] . . c:\windows\system32\mshtml.dll
.
[7] 2011-10-27 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2011-10-27 . F955CE85893CAF9C390FB3B38F1E2031 . 343040 . . [7.0.2600.5701] . . c:\windows\system32\msvcrt.dll
[-] 2011-10-27 . F955CE85893CAF9C390FB3B38F1E2031 . 343040 . . [7.0.2600.5701] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5701_x-ww_40d12c25\msvcrt.dll
.
[-] 2011-10-27 . F04F500D4217A2C940D91140AC53C717 . 245760 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
.
[-] 2011-10-27 . 54CEF40CF5B049E45B291A773E4C0774 . 407040 . . [5.1.2600.5582] . . c:\windows\system32\netlogon.dll
.
[-] 2011-10-27 . 295525B0109194FB7A74BCC01E043EBF . 249856 . . [5.1.2600.5654] . . c:\windows\system32\tapisrv.dll
.
[-] 2011-10-28 . B3A28AB23450EBFEAB3CEE207B97EAA5 . 639488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2011-10-28 . 0FAA6F9054B9D020957FECFFCDFFCD39 . 1053184 . . [8.00.6001.23227] . . c:\windows\system32\wininet.dll
.
[-] 2011-10-28 . 86EA4F69D6DBD24BC50D5BCD4AC29623 . 2209280 . . [6.00.2900.5634] . . c:\windows\explorer.exe
.
[-] 2008-04-15 . 53A37D146EC56A4AD44E51CD10334202 . 272896 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2011-10-27 . E8445D9EC59CA2F4C276EF23AE290D0B . 1288704 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
.
[-] 2011-10-27 . EC8D16E4CAD4C89BC6AF291365C088C1 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
.
[-] 2011-10-28 . CBC8C36E4610EE06EBEBBEC153364B52 . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2011-10-27 . 37A2244F90B249432461AEAC53593526 . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
.
[-] 2010-12-09 . 80E9B0160FBBE3DC7B49A502A4BFF5B1 . 713728 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
.
[-] 2011-10-27 . 11CA6581996059C37AD4F7762C6D6148 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\MSCTFIME.IME
.
[-] 2011-10-27 . 9767A50A2030901F69853B8AB4AB2DAC . 296448 . . [5.1.2600.5815] . . c:\windows\system32\termsrv.dll
.
[-] 2011-10-27 . 0151628BB8914FD026ED8EF295F8C47E . 345088 . . [5.1.2600.5589] . . c:\windows\system32\hnetcfg.dll
.
[-] 2011-10-27 23:42 . E814AD133B106D3F8E1D789169F86463 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
.
[-] 2011-10-27 23:51 . 051B1BDECD6DEE18C771B5D5EC7F044D . 27136 . . [11.0.5721.5262] . . c:\windows\system32\mspmsnsv.dll
.
[-] 2011-10-28 . 4253978D150A12870DC095F237C53E69 . 2232320 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe
.
[-] 2011-10-27 . 0587E9F89DF163511C7D5C6A2BE81628 . 1689088 . . [5.03.2600.5601] . . c:\windows\system32\d3d9.dll
.
.
[-] 2011-10-28 . FBE9C26325DCC52E4A49252112883EE8 . 2355712 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe
.
[-] 2011-10-27 . 0C7DAE33F749C166EDEF78EFB2695FA4 . 174592 . . [5.1.2600.5635] . . c:\windows\system32\w32time.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2011-10-28 40960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-17 20064872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2011-10-28 40960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"Start_ShowHelp"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, credssp.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [04.05.2014 22:03 13560]
R1 klpd;klpd;c:\windows\system32\drivers\klpd.sys [12.04.2013 15:34 14432]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [14.05.2013 17:34 45024]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [06.06.2013 17:38 144992]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.07.2011 19:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13.07.2011 00:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11.10.2013 01:54 120088]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [04.05.2014 21:04 99856]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [19.04.2013 11:44 36448]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [29.10.2013 22:18 24672]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [29.10.2013 22:18 24672]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [04.05.2014 20:43 1691480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-04 19:05 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 128fc7c4-74c1-413e-867c-0399351ec90e.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-05-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ec509b58-6bcf-4aa2-be55-6cd712bbbdf9.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3D9B4647-AC33-43F9-B639-81C3965DEB15}: NameServer = 208.67.220.220,208.67.222.222
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2014-05-05 13:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\cscui.dll
c:\windows\system32\l3codecp.acm
c:\windows\system32\COMRes.dll
.
- - - - - - - > 'lsass.exe'(960)
c:\windows\system32\SETUPAPI.dll
.
- - - - - - - > 'explorer.exe'(2888)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\System32\davclnt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\windows\system32\NOTEPAD.EXE
c:\program files\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2014-05-05 13:19:18 - machine was rebooted
ComboFix-quarantined-files.txt 2014-05-05 10:19
.
Pre-Run: 66.738.081.792 bayt boş
Post-Run: 66.760.294.400 bayt boş
.
- - End Of File - - 82B7BE2C8CFC5D4E740A6FF4E497F9F7
988ED281FD011A58DAB7E4AE71DED8F5
DH forumlarında vakit geçirmekten keyif alıyor gibisin ancak giriş yapmadığını görüyoruz.
Üye Ol Şimdi DeğilÜye olduğunda özel mesaj gönderebilir, beğendiğin konuları favorilerine ekleyip takibe alabilir ve daha önce gezdiğin konulara hızlıca erişebilirsin.