Üye Girişi
Bağlan Google+ ile Bağlan Facebook ile Bağlan
Yeni Kayıt
Tüm Forumlar
  • Tüm Forumlar
  • İşletim Sistemleri ve Yazılımlar
  • Yazılım Genel
  • Güvenlik Programları
  • Bu Konuda
Şimdi Ara

combofix raporu

Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Daha Fazla
Bu Konudaki Kullanıcılar: Daha Az
2 Misafir - 2 Masaüstü
5 sn
1
Cevap
0
Favori
785
Tıklama
Daha Fazla
İstatistik
  • Konu İstatistikleri Yükleniyor
Konuya Özel
0 oy
Öne Çıkar
Cevapla
Sayfa: 1
Giriş
Mesaj
  • c ve d olmak üzere system volume virüs bulaştı kaspersy malware gibi programlarla temizlik yaptım ama bide combofix deneyim dedim ve raporu burda sonuç nedir tskrler


    ComboFix 14-04-30.01 - user 05.05.2014 13:01:09.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.2047.1647 [GMT 3:00]
    Running from: c:\documents and settings\user\Belgelerim\Downloads\ComboFix.exe
    AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\regopt.log
    c:\windows\system32\Drivers\DiagnosticScan.SYS
    c:\windows\system32\drivers\Start1Driver.SYS
    c:\windows\system32\ShellExt\CmdOpen.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_DIAGNOSTICSCAN
    -------\Legacy_START1DRIVER
    -------\Service_DiagnosticScan
    -------\Service_Start1Driver
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-04-05 to 2014-05-05 )))))))))))))))))))))))))))))))
    .
    .
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-05-04 17:27 . 2013-10-29 19:18 24672 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
    2014-05-04 17:27 . 2013-06-06 14:38 144992 ----a-w- c:\windows\system32\drivers\kneps.sys
    2014-05-04 17:27 . 2013-10-29 19:18 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-11-18 . 4C51D5275AE8A16999EDFE7E647D00DE . 576384 . . [5.1.2600.5712] . . c:\windows\system32\drivers\ntfs.sys
    .
    [-] 2010-07-08 . 51E41F16ACD80B8B39C0AE703A213F09 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
    .
    [-] 2011-10-28 00:12 . 7A4854605056C29F6CB270F86BF7561B . 1527296 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
    .
    [-] 2011-10-27 . C1D0437B27E16B6CB7775C7A1E10C0A1 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
    .
    [-] 2011-10-27 . F0606586B74A079FB2174AFEB7042B79 . 111104 . . [5.1.2600.5922] . . c:\windows\system32\services.exe
    .
    [-] 2011-10-27 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
    .
    [-] 2011-10-28 . 006E7020414BD1F0372B803529A594C0 . 558592 . . [5.1.2600.5788] . . c:\windows\system32\winlogon.exe
    .
    [-] 2011-10-28 . 9B3715B4FC1F2AAAF951DB8BC1182EE8 . 662528 . . [5.82] . . c:\windows\system32\comctl32.dll
    [7] 2011-10-27 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
    [-] 2011-10-27 . 519215665353A1B115FB4C5867C9196E . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    .
    [-] 2011-10-27 23:42 . 68F773B436222EE0AC2C28C990BDF338 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
    .
    [-] 2011-10-27 . 4D7C87295A067353666395715D94AA89 . 965120 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
    .
    [-] 2011-10-28 . 49FB9A04B9C7867006561FFFFBAF7D52 . 6224896 . . [8.00.6001.23250] . . c:\windows\system32\mshtml.dll
    .
    [7] 2011-10-27 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
    [-] 2011-10-27 . F955CE85893CAF9C390FB3B38F1E2031 . 343040 . . [7.0.2600.5701] . . c:\windows\system32\msvcrt.dll
    [-] 2011-10-27 . F955CE85893CAF9C390FB3B38F1E2031 . 343040 . . [7.0.2600.5701] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5701_x-ww_40d12c25\msvcrt.dll
    .
    [-] 2011-10-27 . F04F500D4217A2C940D91140AC53C717 . 245760 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
    .
    [-] 2011-10-27 . 54CEF40CF5B049E45B291A773E4C0774 . 407040 . . [5.1.2600.5582] . . c:\windows\system32\netlogon.dll
    .
    [-] 2011-10-27 . 295525B0109194FB7A74BCC01E043EBF . 249856 . . [5.1.2600.5654] . . c:\windows\system32\tapisrv.dll
    .
    [-] 2011-10-28 . B3A28AB23450EBFEAB3CEE207B97EAA5 . 639488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
    .
    [-] 2011-10-28 . 0FAA6F9054B9D020957FECFFCDFFCD39 . 1053184 . . [8.00.6001.23227] . . c:\windows\system32\wininet.dll
    .
    [-] 2011-10-28 . 86EA4F69D6DBD24BC50D5BCD4AC29623 . 2209280 . . [6.00.2900.5634] . . c:\windows\explorer.exe
    .
    [-] 2008-04-15 . 53A37D146EC56A4AD44E51CD10334202 . 272896 . . [5.1.2600.5512] . . c:\windows\regedit.exe
    .
    [-] 2011-10-27 . E8445D9EC59CA2F4C276EF23AE290D0B . 1288704 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
    .
    [-] 2011-10-27 . EC8D16E4CAD4C89BC6AF291365C088C1 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
    .
    [-] 2011-10-28 . CBC8C36E4610EE06EBEBBEC153364B52 . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
    .
    [-] 2011-10-27 . 37A2244F90B249432461AEAC53593526 . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
    .
    [-] 2010-12-09 . 80E9B0160FBBE3DC7B49A502A4BFF5B1 . 713728 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
    .
    [-] 2011-10-27 . 11CA6581996059C37AD4F7762C6D6148 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\MSCTFIME.IME
    .
    [-] 2011-10-27 . 9767A50A2030901F69853B8AB4AB2DAC . 296448 . . [5.1.2600.5815] . . c:\windows\system32\termsrv.dll
    .
    [-] 2011-10-27 . 0151628BB8914FD026ED8EF295F8C47E . 345088 . . [5.1.2600.5589] . . c:\windows\system32\hnetcfg.dll
    .
    [-] 2011-10-27 23:42 . E814AD133B106D3F8E1D789169F86463 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
    .
    [-] 2011-10-27 23:51 . 051B1BDECD6DEE18C771B5D5EC7F044D . 27136 . . [11.0.5721.5262] . . c:\windows\system32\mspmsnsv.dll
    .
    [-] 2011-10-28 . 4253978D150A12870DC095F237C53E69 . 2232320 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe
    .
    [-] 2011-10-27 . 0587E9F89DF163511C7D5C6A2BE81628 . 1689088 . . [5.03.2600.5601] . . c:\windows\system32\d3d9.dll
    .
    .
    [-] 2011-10-28 . FBE9C26325DCC52E4A49252112883EE8 . 2355712 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe
    .
    [-] 2011-10-27 . 0C7DAE33F749C166EDEF78EFB2695FA4 . 174592 . . [5.1.2600.5635] . . c:\windows\system32\w32time.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2011-10-28 40960]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2011-08-17 20064872]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2011-10-28 40960]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "Start_ShowHelp"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMConfigurePrograms"= 1 (0x1)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMConfigurePrograms"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders schannel.dll, credssp.dll, digest.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
    .
    R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [04.05.2014 22:03 13560]
    R1 klpd;klpd;c:\windows\system32\drivers\klpd.sys [12.04.2013 15:34 14432]
    R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [14.05.2013 17:34 45024]
    R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [06.06.2013 17:38 144992]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.07.2011 19:27 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13.07.2011 00:55 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11.10.2013 01:54 120088]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [04.05.2014 21:04 99856]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [19.04.2013 11:44 36448]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [29.10.2013 22:18 24672]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [29.10.2013 22:18 24672]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [04.05.2014 20:43 1691480]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-05-04 19:05 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-05-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 128fc7c4-74c1-413e-867c-0399351ec90e.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
    .
    2014-05-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ec509b58-6bcf-4aa2-be55-6cd712bbbdf9.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{3D9B4647-AC33-43F9-B639-81C3965DEB15}: NameServer = 208.67.220.220,208.67.222.222
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
    Rootkit scan 2014-05-05 13:16
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(904)
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    c:\windows\system32\cscui.dll
    c:\windows\system32\l3codecp.acm
    c:\windows\system32\COMRes.dll
    .
    - - - - - - - > 'lsass.exe'(960)
    c:\windows\system32\SETUPAPI.dll
    .
    - - - - - - - > 'explorer.exe'(2888)
    c:\windows\system32\SHDOCVW.dll
    c:\windows\system32\WININET.dll
    c:\windows\system32\COMRes.dll
    c:\windows\System32\cscui.dll
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\NETSHELL.dll
    c:\windows\system32\credui.dll
    c:\windows\system32\dot3api.dll
    c:\windows\system32\MSVCP60.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\System32\davclnt.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Google\Update\GoogleUpdate.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\wscntfy.exe
    c:\program files\Google\Chrome\Application\chrome.exe
    c:\program files\Google\Chrome\Application\chrome.exe
    c:\windows\system32\NOTEPAD.EXE
    c:\program files\Google\Chrome\Application\chrome.exe
    .
    **************************************************************************
    .
    Completion time: 2014-05-05 13:19:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-05-05 10:19
    .
    Pre-Run: 66.738.081.792 bayt boş
    Post-Run: 66.760.294.400 bayt boş
    .
    - - End Of File - - 82B7BE2C8CFC5D4E740A6FF4E497F9F7
    988ED281FD011A58DAB7E4AE71DED8F5







    • 
Sayfa: 1

Benzer içerikler

- x
Bildirim
mesajınız kopyalandı (ctrl+v) yapıştırmak istediğiniz yere yapıştırabilirsiniz.
Hizmet kalitesi için çerezleri kullanabiliriz. DH’ye girerek kullanım izni vermiş sayılırsınız.
Anladım Veri Politikamız