Yeni Kayıt
Konudaki Resimler
önceki
|
Hızlı 
Bildirim
HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (257. sayfa)
Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Daha Fazla 
Bu Konudaki Kullanıcılar:
Daha Az 
5 Misafir - 5 Masaüstü
Giriş
Mesaj
-
-
@serji üstadım foruma döndüğüne sevindim. Uzun bir aradan sonra bir zahmet bakarsan 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:10, on 01.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Hızlı Çalıştırma.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217950296687
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -http://doggy1907.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ADFAC87-5120-4B40-B998-6300A5ED3E0C}: NameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1B3BA95-D503-4B93-8AA3-6081E5CF60AD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{8ADFAC87-5120-4B40-B998-6300A5ED3E0C}: NameServer = 208.67.222.222 208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: ,C:\WINDOWS\system32\cssdll32.dll,avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 7000 bytes
-
quote:
Orjinalden alıntı: serji
quote:
Orjinalden alıntı: metalizm
herkese merhabalar,
bilgisyar açıldıktan bir süre sonra hiçbirşey kullanmıyoken CPU %50 lere çıkıyor,
görev yöneticisinden baktığımda VM305_STI.EXE %50 kullanıyor,
işlemi sonlandır dedikten sonra da tekrar %1-2 lere dönüp,
bir süre beklediğimde bu sefer explorer.exe nin % 50 lerde kullandığını goruyorum.
Avirayla tarattım,hijack(sonuç aşağıdadır) yaptım herhangi birşey çıkmadı,durumu fan sesinin anormal artış azalışlarından anladım,
acaba % 50 CPU normal mi hiçbirşey çalışmıyoken(avira hariç)????
sabaha kadar bilgisayar başında durumu düzeltmeye çalıştım ama olmadı,yardımlarınız için teşekkür ederim,saygılar
Serdar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Bunlardan sonra bir de HJ acip - Open Misc Tools Section - Generate Startup Log tiklayip onu da gonder.
tekrar merhaba,belirttiklerini onardım ve generate startup log u gönderiyorum,
bu arada bilgisayara restart yaptıgımda explorer.exe nin "şimdi sonlandır" sekmesi geldi.
StartupList report, 01.10.2008, 14:44:58
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16705)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\UAService.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Serdar Akca\Start Menu\Programlar\Başlangıç]
AWC.lnk = E:\Programlar\AWC\AWC.exe
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç]
RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
RTHDCPL = RTHDCPL.EXE
Alcmtr = ALCMTR.EXE
AGRSMMSG = AGRSMMSG.exe
THotkey = C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
TPSMain = TPSMain.exe
TFncKy = TFncKy.exe
TDispVol = TDispVol.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Tvs = C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
nwiz = nwiz.exe /installquiet /keeploaded /nodetect
IntelZeroConfig = "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
IntelWireless = "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
PSQLLauncher = "C:\Program Files\Protector Suite QL\launcher.exe" /startup
avgnt = "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ssmypics.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll - {C08DF07A-3E49-4E25-9AB0-D3882835F153}
--------------------------------------------------
Enumerating Download Program Files:
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE =http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156845811859
--------------------------------------------------
Enumerating Winsock LSP files:
Protocol #1: avsda.dll (file MISSING)
Protocol #2: avsda.dll (file MISSING)
Protocol #8: avsda.dll (file MISSING)
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
--------------------------------------------------
End of report, 5.706 bytes
Report generated in 0,016 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
karşılıksız yardımların için tekrar teşekkür ederim...
Serdar
-
quote:
Orjinalden alıntı: serji
quote:
Orjinalden alıntı: Scotti0061
http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
Verdiğin bilgiler için teşekkürler.Dediğin işlemi uyguladım.Birkaç tane evet-hayır soruları geldi biri updateydi ona hayıra bastım diğerini hatırlamıyorum ancak evete bastım onda.hiç 1 veya 2ye basmam gereken bir yer olmadı.Neyse c'de oluşan combo.fix metin belgesi ise şöyle
ComboFix 08-09-26.06 - Buraqu 2008-10-01 15:36:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1254.1.1055.18.253 [GMT 3:00]
Running from: C:\Documents and Settings\Buraqu\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Buraqu\ravmonlog
.
((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
.
2008-10-01 10:20 . 2001-08-17 21:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-10-01 10:20 . 2001-08-17 21:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-09-29 23:17 . 2008-09-29 23:17 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-09-29 23:12 . 2007-04-16 18:54 100,352 --a------ C:\WINDOWS\system32\msxmle.dll
2008-09-29 20:54 . 2007-04-16 18:54 100,352 --a------ C:\WINDOWS\system32\msporc.dll
2008-09-29 14:24 . 2008-09-29 14:24 <DIR> d-------- C:\Program Files\GRETECH
2008-09-29 14:24 . 2008-09-29 14:24 <DIR> d-------- C:\Documents and Settings\Buraqu\Application Data\GRETECH
2008-09-29 14:24 . 2008-09-29 14:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-09-29 11:33 . 2007-04-16 18:54 92,672 --a------ C:\WINDOWS\system32\mspope.dll
2008-09-26 17:02 . 2008-09-26 17:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-25 21:10 . 2008-09-25 21:10 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-09-25 18:05 . 2008-09-26 19:24 <DIR> d-------- C:\GMouse20
2008-09-25 18:05 . 1996-01-09 10:38 283,648 --a------ C:\WINDOWS\uninst.exe
2008-09-25 16:09 . 2008-09-27 17:15 <DIR> d-------- C:\Documents and Settings\Buraqu\Application Data\IDM
2008-09-25 16:09 . 2008-10-01 15:32 <DIR> d-------- C:\Documents and Settings\Buraqu\Application Data\DMCache
2008-09-25 16:08 . 2008-09-27 17:26 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-09-18 17:17 . 2008-09-18 17:17 <DIR> d-------- C:\Program Files\DNA
2008-09-18 17:17 . 2008-09-18 17:17 <DIR> d-------- C:\Program Files\BitTorrent
2008-09-18 17:17 . 2008-10-01 15:32 <DIR> d-------- C:\Documents and Settings\Buraqu\Application Data\DNA
2008-09-18 17:17 . 2008-09-18 19:53 <DIR> d-------- C:\Documents and Settings\Buraqu\Application Data\BitTorrent
2008-09-11 11:10 . 2008-09-12 13:44 206,256 --a------ C:\WINDOWS\system32\idmmbc.dll
2008-09-06 16:50 . 2008-09-06 16:50 <DIR> d-------- C:\WINDOWS\Call of Duty 2
2008-09-06 16:50 . 2008-09-27 17:18 <DIR> d-------- C:\Program Files\Call of Duty 2
2008-09-01 13:00 . 2004-11-25 07:07 79,679 --a------ C:\WINDOWS\system32\E_FLMADE.DLL
2008-09-01 13:00 . 2003-05-21 05:27 64,000 --a------ C:\WINDOWS\system32\E_FBCBADE.DLL
2008-09-01 13:00 . 2004-09-10 23:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-09-01 13:00 . 2000-06-07 04:01 34,304 --a------ C:\WINDOWS\system32\E_FBCHADE.DLL
2008-09-01 12:59 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-09-01 12:59 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-09-01 12:58 . 2008-09-01 12:58 <DIR> d-------- C:\Program Files\epson
2008-09-01 12:58 . 2005-02-25 00:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2008-09-01 12:58 . 2005-02-25 00:00 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
2008-09-01 12:58 . 2005-02-25 00:00 22,016 --a------ C:\WINDOWS\system32\esccmd.dll
2008-09-01 12:57 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-01 12:57 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-01 12:53 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-01 12:53 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 12:32 --------- d-----w C:\Documents and Settings\Buraqu\Application Data\Free Download Manager
2008-09-29 19:50 --------- d-----w C:\Program Files\Google
2008-09-29 09:13 --------- d-----w C:\Documents and Settings\Buraqu\Application Data\BSplayer
2008-09-28 18:45 --------- d-----w C:\Documents and Settings\Buraqu\Application Data\iMesh
2008-09-18 14:13 --------- d-----w C:\Program Files\FlashGet
2008-08-28 14:45 --------- d-----w C:\Documents and Settings\Buraqu\Application Data\Hamachi
2008-08-27 15:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-27 12:45 --------- d-----w C:\Program Files\Real Alternative
2008-08-26 06:32 --------- d-----w C:\Program Files\Hamachi
2008-08-26 06:31 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-14 17:37 --------- d-----w C:\Program Files\Alwil Software
2008-08-14 06:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-13 12:41 --------- d-----w C:\Program Files\AMD
2008-08-12 16:54 --------- d-----w C:\Program Files\Rockstar Games
2008-08-12 06:58 --------- d-----w C:\Program Files\Microsoft Works
2008-08-12 06:57 --------- d-----w C:\Program Files\MSBuild
2008-08-12 06:55 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-12 06:53 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-08-11 14:08 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-08-11 08:35 --------- d-----w C:\Program Files\EA SPORTS
2008-08-10 18:02 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-05 07:00 --------- d-----w C:\Program Files\Real
2008-08-05 07:00 --------- d-----w C:\Program Files\Common Files\Real
2008-08-03 20:30 --------- d-----w C:\Documents and Settings\Buraqu\Application Data\LimeWire
2008-07-19 13:48 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-07-19 12:30 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2004-10-01 12:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
------- Sigcheck -------
2005-06-11 03:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 00:45 57856 eded8ea387a59c4b6ea154f29e562aae C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2005-06-11 02:53 57856 aa99493b278bdafdf207d6d7eca05c29 C:\WINDOWS\system32\spoolsv.exe
2005-06-11 02:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\dllcache\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 3739672]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2006-02-10 2048000]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2007-10-08 2445359]
"Free Upload Manager"="C:\Program Files\Free Download Manager\fum\fum.exe" [2007-07-29 253952]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 40960]
"Google Update"="C:\Documents and Settings\Buraqu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-18 289088]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-09-12 2606512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-01-24 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 37376]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2004-12-15 40960]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304]
"nwiz"="nwiz.exe" [2006-01-24 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 C:\WINDOWS\RTHDCPL.EXE]
"Barsaka"="explorer.exe" [2007-06-13 C:\WINDOWS\explorer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
C:\Documents and Settings\Buraqu\Start Menu\Programlar\BaŸlang‡\
OneNote 2007 Ekran Krpc ve BaŸlatc.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13253:TCP"= 13253:TCP:NortonAV
"15628:TCP"= 15628:TCP:NortonAV
"14639:TCP"= 14639:TCP:NortonAV
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\Games-Masters.com\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys [ ]
S3 XDva136;XDva136;C:\WINDOWS\system32\XDva136.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{830e1bac-6706-11dd-8b66-001617cb803b}]
\Shell\AutoRun\command - G:\fooool.exe
\Shell\explore\Command - G:\fooool.exe
\Shell\open\Command - G:\fooool.exe
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-DAEMON Tools Lite - C:\Program Files\DAEMON Tools Lite\daemon.exe
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Buraqu\Application Data\Mozilla\Firefox\Profiles\vafsoxpu.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.tr/
FF -: plugin - C:\Documents and Settings\Buraqu\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2008-10-01 15:37:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-01 15:39:29
ComboFix-quarantined-files.txt 2008-10-01 12:39:19
Pre-Run: 8.610.729.984 bayt boş
Post-Run: 8,650,829,824 bayt boş
179 --- E O F --- 2008-08-14 06:53:13
şimdiden teşekkür ederim.
-
quote:
Orjinalden alıntı: Scotti0061
şimdiden teşekkür ederim.
Rica ederim asagidaki islemleri yapma sirasi simdi de.
http://www.guvenlikuzmanim.com/dosyalar/perlovga.exe
Bu dosyayi indirip ac ve Start tikla. Daha sonra hemen yeniden baslat bilgisayari.
SDFix adlı programı masaüstünüze indirin. NOT: Yönetici haklarına sahip olan bir kullanıcı ile giriş yapmış olmalısınız.
http://www.guvenlikuzmanim.com/dosyalar/SDFix.exe
* SDFix.exe çift tıklayın ve program dosyaları sisteminizin kurulu olduğu dizine (Genellikle C:\SDFix) çıkartacaktır.
* Henüz programı kullanmayın.
Bilgisayarınızı Güvenli Modda başlatın. Bunu yapmak için bilgisayarınız açılırken bip sesini duyduktan sonra -fakat Windows Ekranı gözükmeden önce- F8 tuşuna basılı tutun. Çeşitli seçenekler içeren bir menüyle karşılaşacaksınız. Buradan ok tuşlarını kullanarak Güvenli Mod üzerine gelin ve Enter tuşuna basın.
C:\SDFix klasörünü açın ve RunThis.bat adlı dosyaya çift tıklayarak çalıştırın.
* Temizleme işlemine başlamak için Y tuşuna basın.
* Bilgisayarınızda bulunan zararlı yazılımları temizledikten sonra bilgisayarınızı yeniden başlatmak için bir tuşa basmanız istenecek.
* Bir tuşa basın ve bilgisayarınızı yeniden başlatın.
* Bilgisayarınız yeniden başladığında, program otomatik olarak açılacak ve son işlemleri yapacaktır. İşlemler bittiğinde bir tuşa basın ve masaüstünüz yüklenecektir.
* Masaüstünüz yüklendiğinde işlemlerin sonucunu içeren bir rapor sayfası açılacaktır. Bu rapor sayfasını SDFix'in kurulu olduğu dizinde Report.txt da bulabilirsiniz.
* Report.txt dosyasını mesajınıza ekleyerek bize gönderin.
Eğer SDFix çalıştırırken "Komut İstemi sistem yöneticiniz tarafından devre dışı bırakılmıştır. Lütfen sistem yöneticinizle irtibata geçin." şeklinde bir hata alırsanız; Başlat - Çalıştır'a aşağıdaki komutu girin:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Tamam basın ve SDFix tekrar çalıştırın.
Eğer komut istemi pencesesi açılıp hemen kapanıyorsa aşağıdaki komutu Başlat - Çalıştır'a girin:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Tamam basın ve SDFix tekrar çalıştırın.
-
quote:
Orjinalden alıntı: byrahim
bu arada benim pc de sasser virüsü var suanda bir türlü temizleyemedim ondan olabilir mi?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A982037A-5FA0-44BD-8BB8-BCE93EBBDFE8} - C:\WINDOWS\system32\efcBqpMf.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {CBDF51DE-F2F3-4192-96CB-7A3E0BCCA80B} - C:\WINDOWS\system32\ddcBTkli.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [8c6fe6ba] rundll32.exe "C:\WINDOWS\system32\tdktrhex.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Bunlari fixleyip yeniden baslat. Daha sonra ComboFix'î tekrar indir. Linki guncelledm.
-
quote:
Orjinalden alıntı: Ice Cube
@serji üstadım foruma döndüğüne sevindim. Uzun bir aradan sonra bir zahmet bakarsan
Tesekkurler Ice Cube. Iste lste:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Hızlı Çalıştırma.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
-
quote:
Orjinalden alıntı: metalizm
quote:
Orjinalden alıntı: serji
quote:
Orjinalden alıntı: metalizm
herkese merhabalar,
bilgisyar açıldıktan bir süre sonra hiçbirşey kullanmıyoken CPU %50 lere çıkıyor,
görev yöneticisinden baktığımda VM305_STI.EXE %50 kullanıyor,
işlemi sonlandır dedikten sonra da tekrar %1-2 lere dönüp,
bir süre beklediğimde bu sefer explorer.exe nin % 50 lerde kullandığını goruyorum.
Avirayla tarattım,hijack(sonuç aşağıdadır) yaptım herhangi birşey çıkmadı,durumu fan sesinin anormal artış azalışlarından anladım,
acaba % 50 CPU normal mi hiçbirşey çalışmıyoken(avira hariç)????
sabaha kadar bilgisayar başında durumu düzeltmeye çalıştım ama olmadı,yardımlarınız için teşekkür ederim,saygılar
Serdar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Bunlardan sonra bir de HJ acip - Open Misc Tools Section - Generate Startup Log tiklayip onu da gonder.
tekrar merhaba,belirttiklerini onardım ve generate startup log u gönderiyorum,
bu arada bilgisayara restart yaptıgımda explorer.exe nin "şimdi sonlandır" sekmesi geldi.
StartupList report, 01.10.2008, 14:44:58
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16705)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\UAService.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Serdar Akca\Start Menu\Programlar\Başlangıç]
AWC.lnk = E:\Programlar\AWC\AWC.exe
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç]
RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
RTHDCPL = RTHDCPL.EXE
Alcmtr = ALCMTR.EXE
AGRSMMSG = AGRSMMSG.exe
THotkey = C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
TPSMain = TPSMain.exe
TFncKy = TFncKy.exe
TDispVol = TDispVol.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Tvs = C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
nwiz = nwiz.exe /installquiet /keeploaded /nodetect
IntelZeroConfig = "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
IntelWireless = "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
PSQLLauncher = "C:\Program Files\Protector Suite QL\launcher.exe" /startup
avgnt = "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ssmypics.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll - {C08DF07A-3E49-4E25-9AB0-D3882835F153}
--------------------------------------------------
Enumerating Download Program Files:
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE =http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156845811859
--------------------------------------------------
Enumerating Winsock LSP files:
Protocol #1: avsda.dll (file MISSING)
Protocol #2: avsda.dll (file MISSING)
Protocol #8: avsda.dll (file MISSING)
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
--------------------------------------------------
End of report, 5.706 bytes
Report generated in 0,016 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
karşılıksız yardımların için tekrar teşekkür ederim...
Serdar
serji buna da bakabilme imkanın var mı acaba???
-
quote:
Orjinalden alıntı: metalizm
karşılıksız yardımların için tekrar teşekkür ederim...
Serdar
rica ederim.
http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
-
quote:
Orjinalden alıntı: metalizm
serji buna da bakabilme imkanın var mı acaba???
arada atlamisim onu kusura bakma. Yukarida yazdm. -
ne demek serji kusuru mu olur,ben minnettarım yardımların için,
combo.fixi gönderiyorum
ComboFix 08-09-30.03 - Serdar Akca 2008-10-02 0:38:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1254.1.1055.18.671 [GMT 3:00]
Running from: C:\Documents and Settings\Serdar Akca\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
.
2008-10-01 04:19 . 2008-10-01 04:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-30 20:14 . 2000-12-06 04:00 209,608 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-09-30 20:14 . 1999-10-30 00:00 167,936 --a------ C:\WINDOWS\system32\ccrpftv6.ocx
2008-09-30 20:14 . 2001-03-13 13:49 140,288 --a------ C:\WINDOWS\system32\Comdlg32.OCX
2008-09-30 20:14 . 2000-10-11 17:07 98,304 --a------ C:\WINDOWS\system32\ccrpUCW6.dll
2008-09-30 20:14 . 2000-10-11 17:18 98,304 --a------ C:\WINDOWS\system32\ccrpDtp6.ocx
2008-09-30 20:14 . 2000-03-15 17:22 86,016 --a------ C:\WINDOWS\system32\ccrpudn6.ocx
2008-09-30 05:03 . 2008-06-23 19:28 6,066,176 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-30 05:03 . 2007-04-17 12:32 2,455,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-09-30 05:03 . 2007-03-08 08:12 1,015,808 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-09-30 05:03 . 2008-06-23 19:28 459,264 --a--c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-09-30 05:03 . 2008-06-23 19:28 383,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-09-30 05:03 . 2008-06-23 19:28 267,776 --a--c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-09-30 05:03 . 2008-06-23 19:28 63,488 --a--c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-09-30 05:03 . 2008-06-23 19:28 52,224 --a--c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-09-30 05:03 . 2008-06-23 12:20 13,824 --a--c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-09-30 04:45 . 2008-09-30 05:04 <DIR> d-------- C:\WINDOWS\system32\tr-tr
2008-09-30 04:45 . 2008-09-30 04:45 <DIR> d-------- C:\WINDOWS\system32\tr
2008-09-30 04:45 . 2008-09-30 04:45 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-30 04:45 . 2008-09-30 04:45 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-30 04:42 . 2008-09-30 04:45 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-30 04:35 . 2008-09-30 04:35 <DIR> d-------- C:\WINDOWS\EHome
2008-09-30 04:29 . 2004-08-03 22:29 25,471 --a------ C:\WINDOWS\system32\drivers\watv10nt.sys
2008-09-30 04:29 . 2004-08-03 22:29 22,271 --a------ C:\WINDOWS\system32\drivers\watv06nt.sys
2008-09-30 04:29 . 2004-08-03 22:29 11,935 --a------ C:\WINDOWS\system32\drivers\wadv11nt.sys
2008-09-30 04:29 . 2004-08-03 22:29 11,871 --a------ C:\WINDOWS\system32\drivers\wadv09nt.sys
2008-09-30 04:29 . 2004-08-03 22:29 11,807 --a------ C:\WINDOWS\system32\drivers\wadv07nt.sys
2008-09-30 04:29 . 2004-08-03 22:29 11,295 --a------ C:\WINDOWS\system32\drivers\wadv08nt.sys
2008-09-30 04:26 . 2004-08-04 00:36 327,040 --a------ C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-09-30 01:32 . 2008-09-30 01:34 195 --a------ C:\wall.ini
2008-09-29 02:36 . 2005-09-04 18:01 1,056,768 --a------ C:\WINDOWS\system32\FreeImage.dll
2008-09-29 02:36 . 1999-09-16 08:04 151,552 --a------ C:\WINDOWS\system32\ccrpFD6.ocx
2008-09-29 02:36 . 1998-11-23 15:10 90,112 --a------ C:\WINDOWS\system32\ccrpTmr6.dll
2008-09-29 02:36 . 2003-08-10 22:25 40,960 --a------ C:\WINDOWS\system32\DLLDesktop.dll
2008-09-29 02:36 . 2003-08-10 11:04 36,864 --a------ C:\WINDOWS\system32\AlphaImageCreator.dll
2008-09-24 00:47 . 2008-04-13 21:46 85,248 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2008-09-24 00:47 . 2008-04-13 21:46 19,200 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2008-09-24 00:47 . 2008-04-13 21:46 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2008-09-24 00:47 . 2008-04-14 19:00 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-09-24 00:47 . 2008-04-13 21:46 15,232 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2008-09-24 00:47 . 2008-04-13 21:46 11,136 --a------ C:\WINDOWS\system32\drivers\slip.sys
2008-09-24 00:47 . 2008-04-13 21:46 10,880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2008-09-24 00:47 . 2008-04-13 21:39 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2008-09-24 00:46 . 2008-04-14 19:00 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-09-24 00:46 . 2008-04-14 19:00 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-09-24 00:46 . 2008-04-14 19:00 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-09-24 00:46 . 2008-04-14 19:00 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-09-24 00:46 . 2008-04-14 19:00 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-09-21 23:23 . 2008-10-01 20:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-21 23:23 . 2008-09-21 23:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-20 14:02 . 1998-02-06 22:37 299,520 --a------ C:\WINDOWS\uninst.exe
2008-09-19 11:02 . 2008-09-19 11:02 <DIR> d-------- C:\WINDOWS\Sun
2008-09-15 07:16 . 2008-09-15 07:16 <DIR> d-------- C:\Program Files\Cepstral
2008-09-02 18:55 . 2008-09-02 18:55 <DIR> d-------- C:\Documents and Settings\Serdar Akca\Application Data\Basement
2008-09-02 14:14 . 2008-09-02 14:14 <DIR> d-------- C:\Documents and Settings\Serdar Akca\Application Data\Avira
2008-09-02 07:19 . 2008-09-02 07:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-09-02 05:13 . 2008-05-07 14:20 71,592 --a------ C:\WINDOWS\system32\drivers\avfwot.sys
2008-09-02 05:13 . 2008-05-07 10:51 71,464 --a------ C:\WINDOWS\system32\drivers\avfwim.sys
2008-09-02 05:12 . 2008-09-02 05:12 <DIR> d-------- C:\Program Files\Avira
2008-09-02 05:12 . 2008-09-02 05:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-02 05:01 . 2008-09-02 05:01 <DIR> d-------- C:\Program Files\Protector Suite QL
2008-09-02 05:01 . 2008-09-02 05:01 <DIR> d-------- C:\Program Files\Common Files\Protector Suite QL
2008-09-02 04:39 . 2008-09-02 04:44 <DIR> d-------- C:\Documents and Settings\Serdar Akca\Application Data\BSplayer PRO
2008-09-01 23:50 . 2008-09-01 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-01 20:56 . 2008-09-01 20:56 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-01 20:56 . 2008-09-01 20:56 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-01 01:11 . 2008-09-01 01:11 <DIR> d-------- C:\Documents and Settings\Serdar Akca\Application Data\Media Player Classic
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 20:50 --------- d-----w C:\Program Files\Windows Desktop Search
2008-09-30 20:43 --------- d-----w C:\Program Files\Toshiba
2008-09-30 16:50 --------- d-----w C:\Program Files\MSN Messenger
2008-09-23 21:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-02 04:27 --------- d-----w C:\Documents and Settings\Serdar Akca\Application Data\Protector Suite
2008-08-31 22:07 --------- d-----w C:\Program Files\QuickTime
2008-08-31 19:08 --------- d-----w C:\Documents and Settings\Serdar Akca\Application Data\vlc
2008-08-31 17:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-29 22:27 --------- d-----w C:\Documents and Settings\Serdar Akca\Application Data\Oxford
2008-08-29 22:26 --------- d-----w C:\Program Files\TEXTware
2008-08-29 22:14 --------- d-----w C:\Documents and Settings\Serdar Akca\Application Data\Nero
2008-08-29 21:31 --------- d-----w C:\Program Files\Common Files\Nero
2008-08-29 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-08-29 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-08-29 20:49 --------- d-----w C:\Documents and Settings\Serdar Akca\Application Data\oald7
2008-08-29 20:48 --------- d-----w C:\Program Files\IDM
2008-08-29 18:29 --------- d-----w C:\Program Files\D-Tools
2008-08-29 12:36 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-29 12:35 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-29 12:26 --------- d-----w C:\Program Files\Winamp
2008-08-29 10:38 --------- d-----w C:\Documents and Settings\Serdar Akca\Application Data\AdobeUM
2008-08-29 08:06 --------- d-----w C:\Program Files\Synaptics
2008-08-29 08:05 --------- d-----w C:\Program Files\Realtek
2008-08-29 08:04 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-29 08:04 --------- d-----w C:\Program Files\ltmoh
2008-08-29 08:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-29 08:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-29 07:53 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\toshiba
2008-08-29 07:53 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-08-29 07:53 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Sonic
2008-08-29 07:53 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-08-29 07:53 --------- d-----w C:\Documents and Settings\Serdar Akca\Application Data\Sonic
2008-08-29 07:53 --------- d-----w C:\Documents and Settings\Serdar Akca\Application Data\ATI
2008-08-29 00:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-29 00:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-29 00:09 --------- d-----w C:\Program Files\DVD-RAM
2008-08-29 00:03 --------- d-----w C:\Documents and Settings\Serdar Akca\Application Data\toshiba
2008-08-28 23:56 --------- d-----w C:\Program Files\MSN Toolbar Suite
2008-08-28 23:55 --------- d-----w C:\Program Files\InterVideo
2008-08-28 22:38 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-08-28 22:38 0 --sha-r C:\WINDOWS\system32\drivers\TOSHIBA_SATELLITE A100_04710-TE_PSAA9E-0R301.MRK
2008-08-28 22:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-28 22:37 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-08-28 22:37 --------- d-----w C:\Program Files\Intel
2008-08-28 22:37 --------- d-----w C:\Documents and Settings\Serdar Akca\Application Data\Intel
2008-08-28 22:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 7557120]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2006-05-05 30208]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 266497]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-10 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-08-04 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-09-16 C:\WINDOWS\system32\TDispVol.exe]
"nwiz"="nwiz.exe" [2006-05-01 C:\WINDOWS\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 17:48 40448 C:\WINDOWS\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2002-12-28 12:14 77824 C:\Program Files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRotateSysTray]
--a------ 2006-05-01 13:04 49152 C:\WINDOWS\system32\nvsysrot.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-08-29 23:47 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-15 01:22 35328 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 avfwot;avfwot;C:\WINDOWS\system32\DRIVERS\avfwot.sys [2008-05-07 71592]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe [2008-05-16 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe [2008-07-11 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [2008-06-12 258305]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe [2008-05-09 41217]
R2 Cepstral License Server;Cepstral License Server;C:\Program Files\Cepstral\bin\CepstralLicSrv.exe [2007-03-15 57344]
R2 FdRedir;FdRedir;C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-05-05 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-05-05 33024]
R2 smihlp;SMI helper driver;C:\Program Files\Protector Suite QL\smihlp.sys [2006-05-05 3456]
R3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys [2008-05-07 71464]
R3 st3bus28;st3bus28;C:\WINDOWS\system32\DRIVERS\st3bus28.sys [2002-12-28 8416]
R3 st3mp28;st3mp28;C:\WINDOWS\system32\DRIVERS\st3mp28.sys [2002-12-28 95328]
S3 ZSMC0305;A4 TECH PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-05-08 391688]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-SmoothView - C:\Program Files\TOSHIBA\TOSHIBA Yakınlaştırma Yardımcı Programı\SmoothView.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Serdar Akca\Application Data\Mozilla\Firefox\Profiles\l3kzykm5.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://images.google.com.tr/imghp?hl=tr&tab=wi
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2008-10-02 00:41:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
-> C:\WINDOWS\system32\TDispVol.dll
-> ?:\WINDOWS\system32\nvwddi.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-10-02 0:43:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-01 21:43:42
Pre-Run: 1.314.152.448 bayt boş
Post-Run: 2,089,730,048 bayt boŸ
240 --- E O F --- 2008-09-29 01:24:16
-
merhabalar yaa benim bilgisayrın durumu çok vahim :) yardımınıza ihtiyacım var şimdiden teşekkürler...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:17, on 02.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a.exe
C:\Program Files\AVerTV\QuickTV.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Anti Trojan Elite\TJEnder.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: iercptbho - {D4CDC21D-43BE-4101-A1EF-E379F134771E} - C:\Documents and Settings\Administrator\Local Settings\Application Data\qip\iercpt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Apache USB PC Camera
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [scvhost] mirc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UD799IAL\setup_sbd_tr[1].exe
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - Startup: QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) -https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB63} (Flatcast Producer 4.16) -http://data.flatcast.com/data/objects/NpFp41629.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) -http://data.flatcast.com/data/objects/NpFv41629.dll
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) -http://data.flatcast.com/data/objects/NpFv501.dll
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: ASP.NET Durum Hizmeti (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 7858 bytes
-
quote:
Orjinalden alıntı: metalizm
ne demek serji kusuru mu olur,ben minnettarım yardımların için,
combo.fixi gönderiyorum
SuperAntiSpyware adlı programı indirip kurun.
http://www.superantispyware.com/downloads/SUPERAntiSpyware.exe
* SUPERAntiSypware.exe çift tıklayın ve programı varsayılan ayarlarıyla kurun.
* Masaüstünüzde programın ikonu oluşacaktır. Programı çalıştırmak için ikona çift tıklayın.
* Eğer güncellemeniz için soru sorarsa Evet tıklayın. Eğer sormazsa, taratmadan önce kendiniz Check for Updates butonuna tıklayarak güncelleştirin.
* Configuration and Preferences sekmesi altında Preferences butonuna tıklayın.
* General and Startup sekmesine tıklayın ve Start-up Options altında Start SUPERAntiSpyware when Windows starts seçeneğinin seçili olmadığından emin olun.
* Scanning Control sekmesine gelin ve Scanner Options altında yalnızca aşağıdakilerin işaretli olduğundan emin olun. (Diğerlerini işaretsiz bırakın.)
# Close browsers before scanning.
# Scan for tracking cookies.
# Terminate memory threats before quarantining.
* Close butonuna tıklayarak programı kapatın.
* Henüz sisteminizi taratmayın.
Şimdi tekrar programı çalıştırın:
* Ana menüde Scan for Harmful Software altında Scan your computer tıklayın.
* Sol tarafta C:\Fixed Drive işaretli olduğundan emin olun.
* Sağ tarafta Complete Scan altında Perform Complete Scan seçin ve Next tıklayın.
* Tarama işlemi bittikten sonra zararlı yazılımları içeren bir tarama özeti açılacak. OK tıklayın.
* Herşeyin işaretli olduğundan emin olun ve Next tıklayın.
* Quarantine and Removal is Complete şeklinde bir uyarı alacaksınız. OK tıklayın ve ana menüye dönmek için Finish tıklayın.
* Eğer yeniden başlatmanız gerektiği söylenirse, Yes tıklayıp bilgisayarınızı yeniden başlatın.
* İşlem sonuçlarını öğrenmek için:
# Preferences tıklayın ve Statistics/Logs sekmesine gelin.
# Scanner Logs altında SUPERAntiSpyware Scan Log çift tıklayın.
# Eğer birden fazla log varsa, güncel olanı seçin ve View log tıklayın. Bir yazı dosyası açılacaktır.
# Açılan dosyayı kaydedip mesajınıza ekleyerek bize gönderin.
* Close tıklayarak programı kapatın.
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:02, on 02.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\vsnp325.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &FlashGet ile indir - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Tümünü FlashGet ile indir - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -http://cid-0f06e50fc86fcc70.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6103 bytes
-
quote:
Orjinalden alıntı: serji
quote:
Orjinalden alıntı: Scotti0061
şimdiden teşekkür ederim.
Rica ederim asagidaki islemleri yapma sirasi simdi de.
Dediğiniz işlemleri yaptım.Ve en sonda bilgisayar normal olarak açıldığında komut işlemi sayfası geldi.O sayfada finish falan yazdı ancak bekledim kendiliğinde kapanmadı bana bir tuşa basmamda yazmadı.Bende mouse ile kapata basarak kapattım.Sonra Report diye birşey açılmadı kendiliğinden.Ama c'de vardı.
SDFix: Version 1.230
Run by Administrator on 02.10.2008 at 13:44
Microsoft Windows XP [Srm 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Bu yazıyor içerisindede, acaba yaptığım işlemler sırasında bir hata olmuş olabilir mi?Yoksa bilgisayarım temiz mi artık
-
quote:
Orjinalden alıntı: KoSeKu3
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
quote:
Orjinalden alıntı: Scotti0061
Bu yazıyor içerisindede, acaba yaptığım işlemler sırasında bir hata olmuş olabilir mi?Yoksa bilgisayarım temiz mi artık
temiz gibi gozukuyor. Simdi HJ ile bir log daha gonder bakalim
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:47:59, on 02.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Documents and Settings\Buraqu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Buraqu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Buraqu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Buraqu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Buraqu\Belgelerim\İndirilenler\HiJackThis (1).exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Apache USB PC Camera
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Barsaka] explorer.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Buraqu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Ekran Kırpıcı ve Başlatıcı.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Free Download Manager ile indir - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Free Download Manager ile seçileni indir - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Free Download Manager ile tümünü indir - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Videoyu Free Download Manager ile indir - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6ADEE16A-6C6F-4109-BC9F-F1BAB553C277}: NameServer = 4.2.2.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8189 bytes
-
quote:
Orjinalden alıntı: serji
quote:
Orjinalden alıntı: metalizm
ne demek serji kusuru mu olur,ben minnettarım yardımların için,
combo.fixi gönderiyorum
SuperAntiSpyware adlı programı indirip kurun.
http://www.superantispyware.com/downloads/SUPERAntiSpyware.exe
* SUPERAntiSypware.exe çift tıklayın ve programı varsayılan ayarlarıyla kurun.
* Masaüstünüzde programın ikonu oluşacaktır. Programı çalıştırmak için ikona çift tıklayın.
* Eğer güncellemeniz için soru sorarsa Evet tıklayın. Eğer sormazsa, taratmadan önce kendiniz Check for Updates butonuna tıklayarak güncelleştirin.
* Configuration and Preferences sekmesi altında Preferences butonuna tıklayın.
* General and Startup sekmesine tıklayın ve Start-up Options altında Start SUPERAntiSpyware when Windows starts seçeneğinin seçili olmadığından emin olun.
* Scanning Control sekmesine gelin ve Scanner Options altında yalnızca aşağıdakilerin işaretli olduğundan emin olun. (Diğerlerini işaretsiz bırakın.)
# Close browsers before scanning.
# Scan for tracking cookies.
# Terminate memory threats before quarantining.
* Close butonuna tıklayarak programı kapatın.
* Henüz sisteminizi taratmayın.
Şimdi tekrar programı çalıştırın:
* Ana menüde Scan for Harmful Software altında Scan your computer tıklayın.
* Sol tarafta C:\Fixed Drive işaretli olduğundan emin olun.
* Sağ tarafta Complete Scan altında Perform Complete Scan seçin ve Next tıklayın.
* Tarama işlemi bittikten sonra zararlı yazılımları içeren bir tarama özeti açılacak. OK tıklayın.
* Herşeyin işaretli olduğundan emin olun ve Next tıklayın.
* Quarantine and Removal is Complete şeklinde bir uyarı alacaksınız. OK tıklayın ve ana menüye dönmek için Finish tıklayın.
* Eğer yeniden başlatmanız gerektiği söylenirse, Yes tıklayıp bilgisayarınızı yeniden başlatın.
* İşlem sonuçlarını öğrenmek için:
# Preferences tıklayın ve Statistics/Logs sekmesine gelin.
# Scanner Logs altında SUPERAntiSpyware Scan Log çift tıklayın.
# Eğer birden fazla log varsa, güncel olanı seçin ve View log tıklayın. Bir yazı dosyası açılacaktır.
# Açılan dosyayı kaydedip mesajınıza ekleyerek bize gönderin.
* Close tıklayarak programı kapatın.
Gerçekten çok teşekkür ederim serji yardımlarınla sorunu giderdim hijackle,buna gerek kalmadı.
herkese örnek olabilecek bir davranış,kolay gelsin herkese iyi bayramlar...
-
quote:
Orjinalden alıntı: Scotti0061
Virus hala gozukuyor sistemde. Combofix'i bir kez daha calistiracagiz. Ama bu islemden once internet baglantini kesmeni istiyorum.
http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
quote:
Orjinalden alıntı: metalizm
Gerçekten çok teşekkür ederim serji yardımlarınla sorunu giderdim hijackle,buna gerek kalmadı.
herkese örnek olabilecek bir davranış,kolay gelsin herkese iyi bayramlar...
Rica ederim Serdar (di sanirim). Sonucu bildirdigin icin tesekkurler. Kolay gelsin.
-
Selamlar;
Öncelikle teşekkür etmek istiyorum. Antivirüs programı kullanmıyorum. Pek sevmiyorum. Her ay format atmaya çalışırım.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:58:26, on 03.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Programlar\Benchmark\Everest Ultimate Edition 4.20.1197 beta\everest.exe
D:\Yeni Klasör\o.c\programlar\orthos\ORTHOS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Abit\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =https://login.live.com/ppsecure/sha1auth.srf?lc=1055
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=http://www.google.com
O14 - IERESET.INF: START_PAGE_URL=about:blank
O14 - IERESET.INF: MS_START_PAGE_URL=about:blank
O17 - HKLM\System\CCS\Services\Tcpip\..\{03E83D35-F4B4-4B35-A8E8-BCA09C8FD4CD}: NameServer = 4.2.2.1,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{03E83D35-F4B4-4B35-A8E8-BCA09C8FD4CD}: NameServer = 4.2.2.1,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{03E83D35-F4B4-4B35-A8E8-BCA09C8FD4CD}: NameServer = 4.2.2.1,4.2.2.5
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4599 bytes
Ip işlemleri
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
