|
Virüsün muhtemel 2 dosyası aşağıdaki konumda windows 7 üzerinde görebildiğim üzere
Skype.dat ve skype.ini isimli dosyalar açılışta bizi kilitleyen uygulamalar
Temilik için komut destegi ile güvenli modda açın (Sağlam bulaşmıssa ağ destegi ile yada normal güvenli modda açılmayacağını gördüm) siyah komut ekranında explorer.exe yazıp masa üstünü getirin
son olarak dışarıdan indirdiğiniz güncel combofix dosyasını çalıştırın işlem tamam elle de silebilirsin iz o iki dosyayı
ComboFix 13-02-23.01 - EXPER 23.02.2013 10:53:43.1.2 - x86 MINIMAL
Microsoft Windows 7 Home Basic 6.1.7600.0.1254.90.1055.18.1789.1316 [GMT 2:00]
Running from: F:\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\users\EXPER\AppData\Roaming\skype.datc:\users\EXPER\AppData\Roaming\skype.ini.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2013-01-23 to 2013-02-23 )))))))))))))))))))))))))))))))
.
.
2013-02-22 20:17 . 2013-02-22 11:09 -------- d-----w- c:\windows\Panther
2013-02-22 16:25 . 2013-02-23 08:44 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3739B6C-8865-4ADF-B956-36D843C4AB13}\offreg.dll
2013-02-22 13:19 . 2013-02-22 13:19 -------- d-----w- c:\program files\Common Files\Java
2013-02-22 13:18 . 2013-02-22 13:18 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-22 13:18 . 2013-02-22 13:18 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-22 13:18 . 2013-02-22 13:18 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-22 13:18 . 2013-02-22 13:18 -------- d-----w- c:\program files\Java
2013-02-22 13:17 . 2013-02-22 13:17 -------- d-----w- c:\program files\Common Files\Adobe
2013-02-22 13:17 . 2011-12-07 18:32 216064 ----a-w- c:\windows\system32\lagarith.dll
2013-02-22 13:17 . 2011-06-24 15:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2013-02-22 13:17 . 2011-06-24 15:28 650752 ----a-w- c:\windows\system32\xvidcore.dll
2013-02-22 13:17 . 2012-06-09 18:21 178688 ----a-w- c:\windows\system32\unrar.dll
2013-02-22 13:17 . 2011-12-21 18:14 151552 ----a-w- c:\windows\system32\ac3acm.acm
2013-02-22 13:17 . 2012-12-10 18:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2013-02-22 13:16 . 2013-02-22 13:17 -------- d-----w- c:\program files\K-Lite Codec Pack
2013-02-22 13:14 . 2013-02-22 13:14 -------- d-----w- c:\program files\CCleaner
2013-02-22 13:12 . 2012-10-03 10:50 23944 ----a-w- c:\windows\system32\dopdfmn7.dll
2013-02-22 13:12 . 2012-10-03 10:50 20872 ----a-w- c:\windows\system32\dopdfmi7.dll
2013-02-22 13:12 . 2010-02-05 13:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2013-02-22 13:12 . 2013-02-22 13:12 -------- d-----w- c:\program files\Softland
2013-02-22 13:10 . 2013-02-22 13:10 -------- d-----w- c:\program files\MSECache
2013-02-22 13:09 . 2013-02-22 16:34 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-22 13:09 . 2013-02-22 16:34 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-22 13:08 . 2013-02-22 13:08 -------- d-----w- c:\windows\system32\Macromed
2013-02-22 13:07 . 2013-02-22 13:14 -------- d-----w- c:\program files\Google
2013-02-22 13:04 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2013-02-22 13:04 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2013-02-22 12:53 . 2013-02-22 13:25 -------- d-sh--w- c:\windows\Installer
2013-02-22 12:52 . 2013-02-22 12:52 -------- d-----r- C:\MSOCache
2013-02-22 12:45 . 2013-02-22 12:45 -------- d-----w- c:\program files\SiS VGA Utilities
2013-02-22 12:45 . 2013-02-22 12:45 6656 ----a-w- c:\windows\system32\SiSApi.dll
2013-02-22 12:06 . 2013-02-19 01:58 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3739B6C-8865-4ADF-B956-36D843C4AB13}\mpengine.dll
2013-02-22 12:06 . 2013-01-16 23:28 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-02-22 11:14 . 2013-02-23 08:53 -------- d-----w- c:\windows\system32\wbem\Performance
2013-02-22 11:09 . 2013-02-22 16:12 -------- d-----w- c:\users\EXPER
2013-02-22 11:09 . 2013-02-22 11:09 -------- d-sh--we c:\users\Default\Belgelerim
2013-02-22 11:09 . 2013-02-22 11:09 -------- d-sh--we c:\programdata\Sık Kullanılanlar
2013-02-22 11:09 . 2013-02-22 11:09 -------- d-sh--we c:\programdata\Belgeler
2013-02-22 11:09 . 2013-02-22 11:09 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-22 12:45 . 2010-05-06 11:35 5632 ----a-w- c:\windows\system32\SiSKrl.dll
2013-02-22 12:45 . 2010-05-06 11:28 3653632 ----a-w- c:\windows\system32\SISGRUMD.dll
2013-02-22 12:45 . 2010-05-06 11:34 212992 ----a-w- c:\windows\system32\SiSFunc.dll
2013-02-22 12:45 . 2010-05-06 11:34 6656 ----a-w- c:\windows\system32\SiSCo.dll
2013-02-22 12:45 . 2010-05-06 11:34 655360 ----a-w- c:\windows\system32\SiSClone.dll
2013-02-22 12:45 . 2010-05-06 11:33 4080128 ----a-w- c:\windows\system32\SiSGlv.dll
2013-02-22 12:45 . 2010-05-06 11:27 466432 ----a-w- c:\windows\system32\drivers\SISGRKMD.sys
2013-02-22 11:27 . 2010-04-12 08:44 3984896 ----a-w- c:\windows\system32\sisgl770.dll
2013-02-22 11:27 . 2010-04-12 08:40 19200 ----a-w- c:\windows\system32\drivers\srvkp.sys
2013-02-22 11:27 . 2010-04-12 08:22 3468288 ----a-w- c:\windows\system32\sisgrv.dll
2013-02-22 11:27 . 2010-04-12 08:17 324608 ----a-w- c:\windows\system32\drivers\sisgrp.sys
2013-02-22 11:27 . 2010-04-12 08:08 9728 ----a-w- c:\windows\system32\SiSPIns2.dll
2013-02-22 11:27 . 2010-04-12 08:07 172032 ----a-w- c:\windows\system32\SiSInst.dll
2013-02-22 11:27 . 2010-04-12 08:07 258048 ----a-w- c:\windows\system32\SiSParse.dll
2013-02-22 11:27 . 2010-04-12 08:06 49152 ----a-w- c:\windows\system32\SiSBase.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"Microsoft Windows Manager"="c:\users\EXPER\S-10-5765-8772-1584\winmgr.exe" [2013-02-18 75264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetLCDMode]
2013-02-22 11:27 20480 ----a-w- c:\windows\System32\LCDMode.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2013-02-22 11:27 53248 ----a-w- c:\windows\System32\SiSPower.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSTray]
2013-02-22 12:45 557056 ----a-w- c:\program files\SiS VGA Utilities\SiSTray.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\users\EXPER\AppData\Local\Temp\AIDA64Driver.sys [x]
R3 hptmv;hptmv;c:\windows\system32\DRIVERS\hptmv.sys [x]
R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [x]
R3 m5287;m5287;c:\windows\system32\DRIVERS\m5287.sys [x]
R3 m5288;m5288;c:\windows\system32\DRIVERS\m5288.sys [x]
R3 m5289;m5289;c:\windows\system32\DRIVERS\m5289.sys [x]
R3 MegaSR1;MegaSR1;c:\windows\system32\DRIVERS\MegaSR1.sys [x]
R3 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
R3 rr172x;rr172x;c:\windows\system32\DRIVERS\rr172x.sys [x]
R3 rr2522;rr2522;c:\windows\system32\DRIVERS\rr2522.sys [x]
R3 SI3112r;SI3112r;c:\windows\system32\DRIVERS\SI3112r.sys [x]
R3 SI3114;SI3114;c:\windows\system32\DRIVERS\SI3114.sys [x]
R3 SI3124;SI3124;c:\windows\system32\DRIVERS\SI3124.sys [x]
R3 Si3124r5;Si3124r5;c:\windows\system32\DRIVERS\Si3124r5.sys [x]
R3 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [x]
R3 ViPrt;ViPrt;c:\windows\system32\DRIVERS\ViPrt.sys [x]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 RTL8187B;Realtek RTL8187B Kablosuz 802.11b/g 54Mb/sn USB 2.0 Ağ Bağdaştırıcısı;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [x]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Aygıtı NDIS 6.0 Sürücüsü;c:\windows\system32\DRIVERS\SiSGB6.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-22 16:34]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-22 13:13]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-22 13:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{6E13D095-45C3-4271-9475-F3B48227DD9F} - c:\program files\StartNow Toolbar\Toolbar32.dll
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2013-02-23 11:01:52 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-23 09:01
.
Pre-Run: 72.834.568.192 bayt boş
Post-Run: 72.688.123.904 bayt boş
.
- - End Of File - - 2CF7BB239C31F7F1AD643AD93DAB3D60
kaynak
Eğer sizde bu bilgiyi faydalı buluyorsanız yorum olarak bizlere iletin
Hiç yorum yok:
Yorum Gönder