Yeni Kayıt
Konudaki Resimler
önceki
|
Hızlı 
Bildirim
HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (261. sayfa)
Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Daha Fazla 
Bu Konudaki Kullanıcılar:
Daha Az 
2 Misafir - 2 Masaüstü
Giriş
Mesaj
-
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19:11, on 07.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\DAO\GOLDAY\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
D:\Download\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://search.orbitdownloader.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.65.127.161:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
O1 - Hosts: 208.65.153.251 uk.youtube.com
O1 - Hosts: 208.65.153.253 de.youtube.com
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com
O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com
O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com
O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com
O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com
O1 - Hosts: 64.15.125.33 sjc-v94.sjc.youtube.com
O1 - Hosts: 64.15.125.34 sjc-v95.sjc.youtube.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Sound Card Driver] C:\Program Files\Common Files\Microsoft Shared\DAO\GOLDAY\svchost.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198225970328
O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} (JaguarEditControl-ISBANK) -https://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv27.CAB
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C2E81D2-DB42-4873-B41A-0566191C4980}: NameServer = 212.175.13.116,212.175.13.115,205.171.2.65
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA99B938-F969-440D-B3ED-600D62E9FE71}: NameServer = 212.175.13.116,212.175.13.115,205.171.2.65
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFDE8EEB-FEFD-4710-AF2E-0D3C7B095D3C}: NameServer = 212.175.13.116,212.175.13.115,205.171.2.65
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 12662 bytes
-
Sorunu yazmayı unuttum bilgisayarımda virüs vardı ve bi şekilde temizledim bilgisayar şimdide system 32/ddr.exe sorunu veriyor. -
quote:
Orjinalden alıntı: serji
quote:
Orjinalden alıntı: :Fatih:
Serji kardeşim,
Üst tarafta neyi deneyelim dedin anlayamadım?
Benim hatam yazmayi unutmusum. Kusura bakma.
Combofix adli programi indirin.
http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
Serji kardeşim bu combofix.exe hata veriyor..
bu hatayı veriyor ne yapabilirim?
-
quote:
tekrar merhabalar. winampla ilgili ses sorunum hala devam ediyor ve simdi de neredeyse yeni format atmama rahmen bir cok hata iletisi alıyorum.
internet exploreri acamiyorum 6.0 . virüs olabilecegini dusunuyorum. Dr watson da suan 4 tane uygulama hataları diye yazi var .
quote:
Bunlari fixledikten sonra yenidenb aslatip dene bakalim. Ayrica KMPlayeri tamamen kaldirip sitesinden en son surumu indirmeyi dene. Eger IE ile ilgili problemler fixten sonra cozulmezse IE7'yi yuklemeni tavsiye ediyorum.
yine ben..anladığım kadarıyla bad sector var . forumda grdüğüm bir programla tarattım ama ne yazdığını pek anlayamadim . Bir bilgi verirsen iyi olur. bad sector mu var low level format atmalımıyım.
http://img88.imageshack.us/my.php?image=adszgv4.png
-
quote:
Orjinalden alıntı: zonoli
bilgisayarımda aşırı derecede bir yavaşlama var. ayrıca yerel disk bölümlerini bilgisayarım penceresi üzerinden açamıyorum. ilginenirsen çok sevinirim..şimdiden teşekkürler.
* HijackThis adlı programı açın.
* Do a system scan only seçeneğine tıklayın.
* Aşağıdaki satırları işaretleyin.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Bittorrent] C:\WINDOWS\bittorrent.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [iexplore] C:\WINDOWS\iexplore.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
* HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ve yeniden başlatın.
Daha sonra:
Combofix adli programi indirin.
http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
-
quote:
Orjinalden alıntı: Golday
Virusler hala sistemde:
* HijackThis adlı programı açın.
* Do a system scan only seçeneğine tıklayın.
* Aşağıdaki satırları işaretleyin.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://search.orbitdownloader.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.65.127.161:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Sound Card Driver] C:\Program Files\Common Files\Microsoft Shared\DAO\GOLDAY\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
* HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ve yeniden başlatın.
Daha sonra:
Combofix adli programi indirin.
http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
-
quote:
Orjinalden alıntı: :Fatih:
Serji kardeşim bu combofix.exe hata veriyor..
bu hatayı veriyor ne yapabilirim?
Linki guncelledim. Indirdigin ComboFix silip tekrar indirir misin?
quote:
Orjinalden alıntı: recoill
yine ben..anladığım kadarıyla bad sector var . forumda grdüğüm bir programla tarattım ama ne yazdığını pek anlayamadim . Bir bilgi verirsen iyi olur. bad sector mu var low level format atmalımıyım.
http://img88.imageshack.us/my.php?image=adszgv4.png
Yanlis yonlendirmek istemem fakat bildigim kadari ile normal bir sonuc. Eger surekli artan bir deger ise (her tarayista degisiyorsa sonuc) o zaman risk var demektir. Fakat yine de low level format ise yarayabilir. Ama lutfen dikkatli bir sekilde bu islemi yapin.
-
Buyur serji kardeşim..
ComboFix 08-10-07.06 - By Mudo 2008-10-08 10:30:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.1.1055.18.648 [GMT 3:00]
Running from: C:\Documents and Settings\By Mudo\Desktop\ComboFix.exe
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\windows\system32\Cache
C:\windows\system32\ijl11pro.dll
C:\windows\winhelp.ini
.
((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
.
2008-10-07 22:52 . 2008-10-07 22:52 <DIR> d-------- C:\Program Files\MSECache
2008-10-02 12:38 . 2008-10-02 12:38 <DIR> d-------- C:\Documents and Settings\By Mudo\Application Data\Leadertech
2008-10-02 00:58 . 2008-10-02 00:58 <DIR> d-------- C:\Program Files\GRETECH
2008-10-02 00:58 . 2008-10-02 00:58 <DIR> d-------- C:\Documents and Settings\By Mudo\Application Data\GRETECH
2008-10-02 00:58 . 2008-10-02 00:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-10-01 23:47 . 2008-10-07 10:30 <DIR> d-------- C:\Documents and Settings\By Mudo\Application Data\DMCache
2008-10-01 14:16 . 2008-10-01 14:16 <DIR> d-------- C:\Program Files\Router Screenshot Grabber
2008-10-01 13:35 . 2008-10-02 15:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-01 13:35 . 2008-10-01 13:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-28 21:18 . 2008-09-28 21:18 <DIR> d-------- C:\WINDOWS\Setup2K
2008-09-28 21:18 . 2002-10-01 14:43 119,798 --a------ C:\WINDOWS\system32\drivers\spca561.sys
2008-09-28 21:18 . 2002-11-22 15:56 118,784 --a------ C:\WINDOWS\ShowBmp.exe
2008-09-28 21:18 . 2002-08-13 18:01 53,248 --a------ C:\WINDOWS\ap561.exe
2008-09-28 21:18 . 2002-08-13 18:01 14,385 --a------ C:\WINDOWS\Tw561a.ini
2008-09-28 21:18 . 2002-09-20 19:44 14,336 --a------ C:\WINDOWS\system32\dshow508.ax
2008-09-28 21:18 . 2002-08-13 18:01 7,431 --a------ C:\WINDOWS\Tw561a.src
2008-09-28 21:18 . 2002-03-19 14:11 81 --a------ C:\WINDOWS\Setup8a.ini
2008-09-27 22:00 . 2008-09-27 22:00 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-09-25 00:02 . 2008-09-25 00:03 <DIR> d-------- C:\Program Files\JAP
2008-09-14 18:43 . 2008-09-14 18:43 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-09-14 18:42 . 2008-09-14 18:42 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-09-14 18:42 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-09-09 23:09 . 2008-09-09 23:09 32 --a------ C:\WINDOWS\system32\fms01278.vxd
2008-09-09 23:08 . 2008-09-13 15:05 <DIR> d--hs---- C:\Program Files\Elgqym
2008-09-09 23:08 . 2008-09-09 23:08 <DIR> d-------- C:\Program Files\Common Files\Elgqym
2008-09-08 00:00 . 2008-09-08 00:27 <DIR> d-------- C:\Documents and Settings\By Mudo\Application Data\Mp3tag
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-08 07:36 16,500,768 --sha-w C:\windows\system32\drivers\fidbox.dat
2008-10-08 07:34 385,056 --sha-w C:\windows\system32\drivers\fidbox2.dat
2008-10-08 07:33 42,320 --sha-w C:\windows\system32\drivers\fidbox2.idx
2008-10-08 07:33 233,432 --sha-w C:\windows\system32\drivers\fidbox.idx
2008-10-08 07:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-07 17:49 --------- d-----w C:\Program Files\FlashGet
2008-10-01 22:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-01 21:56 --------- d-----w C:\Documents and Settings\By Mudo\Application Data\uTorrent
2008-10-01 10:28 --------- d-----w C:\Program Files\EA Sports
2008-09-28 18:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-25 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-09-25 15:41 --------- d-----w C:\Program Files\Nokia
2008-09-25 15:41 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-23 16:54 --------- d-----w C:\Documents and Settings\By Mudo\Application Data\LimeWire
2008-09-13 12:01 96,976 ----a-w C:\windows\system32\drivers\klin.dat
2008-09-13 12:01 87,855 ----a-w C:\windows\system32\drivers\klick.dat
2008-09-13 11:34 --------- d-----w C:\Program Files\ESET
2008-09-13 10:29 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2008-09-13 10:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cast ping base frag
2008-09-09 22:06 --------- d-----w C:\Program Files\7-Zip
2008-09-07 20:35 --------- d-----w C:\Program Files\Mp3tag
2008-09-06 21:15 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-03 20:13 --------- d-----w C:\Documents and Settings\By Mudo\Application Data\PC Suite
2008-09-03 17:43 --------- d-----w C:\Program Files\Kaspersky Lab
2008-09-01 09:25 --------- d-----w C:\Program Files\Philips
2008-08-25 15:19 --------- d-----w C:\Documents and Settings\By Mudo\Application Data\Sports Interactive
2008-08-25 11:08 --------- d-----w C:\Program Files\DAEMON Tools
2008-08-24 12:55 --------- d-----w C:\Documents and Settings\By Mudo\Application Data\Apple Computer
2008-08-24 09:04 --------- d--h--w C:\Program Files\Zero G Registry
2008-08-24 09:04 --------- d--h--r C:\Documents and Settings\By Mudo\Application Data\SecuROM
2008-08-24 08:54 682,232 ----a-w C:\windows\system32\drivers\sptd.sys
2008-08-24 08:22 --------- d-----w C:\Program Files\Valve
2008-08-24 08:20 --------- d-----w C:\Program Files\sXe Injected
2008-08-24 08:17 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-24 08:17 --------- d-----w C:\Program Files\QuickTime
2008-08-24 08:17 --------- d-----w C:\Program Files\PhotomatixPro3
2008-08-22 12:23 --------- d-----w C:\Documents and Settings\By Mudo\Application Data\Hamachi
2008-08-19 18:33 --------- d-----w C:\Program Files\Picasa2
2008-08-19 18:32 --------- d-----w C:\Program Files\Google
2008-08-17 12:05 --------- d-----w C:\Program Files\Eidos
2008-08-16 15:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-08-16 15:32 --------- d-----w C:\Documents and Settings\By Mudo\Application Data\Ulead Systems
2008-08-16 14:48 --------- d-----w C:\Program Files\SmartSound Software
2008-08-16 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-08-16 14:47 --------- d-----w C:\Program Files\Windows Media Components
2008-08-16 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-08-16 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-16 14:43 --------- d-----w C:\Program Files\Sipru
2008-08-16 14:42 --------- d-----w C:\Program Files\DevGuru
2008-08-16 13:27 --------- d-----w C:\Program Files\Free FLV Converter
2008-08-16 08:54 136,888 ----a-w C:\windows\system32\drivers\PnkBstrK.sys
2008-08-16 08:54 111,928 ----a-w C:\windows\system32\PnkBstrB.exe
2008-08-16 08:54 --------- d-----w C:\Documents and Settings\By Mudo\Application Data\Xfire
2008-08-15 14:25 --------- d-----w C:\Program Files\Circle Developement
2008-08-15 00:48 --------- d-----w C:\Documents and Settings\By Mudo\Application Data\Vso
2008-08-15 00:40 --------- d-----w C:\Program Files\VSO
2008-08-14 11:20 258,048 ----a-w C:\windows\system32\TubeFinder.exe
2008-08-12 22:08 42,320 ----a-w C:\windows\system32\xfcodec.dll
2008-08-12 18:43 --------- d-----w C:\Program Files\LimeWire
2008-08-11 12:15 --------- d-----w C:\Documents and Settings\By Mudo\Application Data\Azureus
2008-07-28 13:45 107,888 ----a-w C:\windows\system32\CmdLineExt.dll
2008-07-25 11:26 66,872 ----a-w C:\windows\system32\PnkBstrA.exe
2008-07-25 11:21 22,328 ----a-w C:\Documents and Settings\By Mudo\Application Data\PnkBstrK.sys
2008-07-22 12:54 444,952 ----a-w C:\windows\system32\wrap_oal.dll
2008-07-22 12:54 109,080 ----a-w C:\windows\system32\OpenAL32.dll
2008-07-18 19:10 94,920 ----a-w C:\windows\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\windows\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\windows\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\windows\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\windows\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\windows\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\windows\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\windows\system32\wuaueng.dll
2008-07-18 19:07 270,880 ----a-w C:\windows\system32\mucltui.dll
2008-07-18 19:07 210,976 ----a-w C:\windows\system32\muweb.dll
2008-07-18 18:39 586,752 ----a-w C:\windows\WLXPGSS.SCR
2008-05-04 10:16 32,768 --sha-w C:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050420080505\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-19 5724184]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-08-16 155648]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-05-05 214544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^Adobe Reader Hızlı Çalıştırma.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç\Adobe Reader Hızlı Çalıştırma.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hızlı Çalıştırma.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^By Mudo^Start Menu^Programlar^Başlangıç^Adobe Gamma.lnk]
path=C:\Documents and Settings\By Mudo\Start Menu\Programlar\Başlangıç\Adobe Gamma.lnk
backup=C:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-08-03 12:51 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 09:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-09-19 19:53 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 09:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-08-11 08:31 1124352 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsDM]
--a------ 2005-09-14 23:12 520192 C:\Program Files\Philips\Philips Device Manager\bin\DeviceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-08-16 17:47 155648 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 21:49 36352 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2008-04-11 10:20 69632 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-04-11 10:20 16264192 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2008-04-11 10:19 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\By Mudo\\Desktop\\Fatih Silme!\\Xfire\\xfire.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"D:\\amma ne flatout\\Flatout2\\FlatOut2.exe"=
"E:\\Oyunlar 2\\Counter strike 1.6\\Counter-Strike 1.6\\hl.exe"=
"E:\\Oyunlar 2\\Football manager\\fm.exe"=
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 XDva136;XDva136;C:\WINDOWS\system32\XDva136.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d2c24f9-573e-11dd-8db7-001617917caf}]
\Shell\Auto\command - H:\activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - H:\activexdebugger32.exe f
\Shell\open\Command - H:\activexdebugger32.exe f
.
Contents of the 'Scheduled Tasks' folder
2008-10-07 C:\windows\Tasks\A66B4B2C9184C340.job
- c:\docume~1\bymudo~1\applic~1\proxyb~1\2 burn default.exe []
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Barbtrans - C:\DOCUME~1\BYMUDO~1\APPLIC~1\PROXYB~1\NOUNBUILD.exe
MSConfigStartUp-Base frag grid bows - C:\Documents and Settings\All Users\Application Data\Cast ping base frag\Rdr Bin.exe
MSConfigStartUp-SLApp - C:\Program Files\Elgqym\Sentin.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\By Mudo\Application Data\Mozilla\Firefox\Profiles\9u9m2bvw.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE -www.google.com.tr
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NP_IDM1.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NP_IDM2.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NP_IDM3.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NP_IDM5.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NP_IDM6.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2008-10-08 10:35:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-10-08 10:40:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-08 07:39:12
Pre-Run: 5.508.358.144 bayt bos
Post-Run: 5,430,829,056 bayt bos
270 --- E O F --- 2008-09-10 17:29:51
-
İşte rapor
ComboFix 08-10-07.06 - AOPEN 2008-10-08 16:38:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1254.1.1055.18.1601 [GMT 2:00]
Running from: D:\Download\ComboFix.exe
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\Documents and Settings\AOPEN\Application Data\BITS
C:\Documents and Settings\AOPEN\Application Data\BITS\BITS.ini
C:\Documents and Settings\AOPEN\Application Data\BITS\DHTTable.dat
C:\Documents and Settings\AOPEN\Application Data\BITS\ProxyList.ini
C:\Documents and Settings\AOPEN\Application Data\BITS\Torrent\20080718172621.torrent
C:\Documents and Settings\AOPEN\Application Data\BITS\Torrent\20080718172621.torrent.~tmp
C:\Documents and Settings\AOPEN\Application Data\BITS\Torrent\20080718172621.torrent.bits
C:\Documents and Settings\AOPEN\Application Data\BITS\Torrent\20080718172621.torrent.filelist
C:\Documents and Settings\AOPEN\Application Data\BITS\UPnP.ini
C:\e.exe
C:\itsduel.exe
C:\n6t1h.cmd
C:\Program Files\FlashGet Network
C:\Program Files\FlashGet Network\FlashGet universal\dbtrans_verbose - 2008.08.29 14.54.16.log
C:\Program Files\FlashGet Network\FlashGet universal\dbtrans_verbose - 2008.09.05 16.07.01.log
C:\Program Files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
C:\Program Files\FlashGet Network\FlashGet universal\fgoption.ini
C:\Program Files\FlashGet Network\FlashGet universal\P2PCfg.ini
C:\Program Files\FlashGet Network\FlashGet universal\p2spmgr.ini
C:\Program Files\FlashGet Network\FlashGet universal\p4spmgr.ini
C:\Program Files\FlashGet Network\FlashGet universal\Profiles\config.dat
C:\Program Files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
C:\Program Files\FlashGet Network\FlashGet universal\transaction - 2008.08.29 14.54.16.log
C:\Program Files\FlashGet Network\FlashGet universal\transaction - 2008.09.05 16.07.01.log
C:\Program Files\FlashGet Network\FlashGet universal\transaction.log
C:\vva0hc0p.cmd
C:\WINDOWS\system32\BReWErS.dll
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\ckvo1.dll
C:\WINDOWS\system32\ckvo2.dll
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\ijl11pro.dll
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll
C:\WINDOWS\system32\kavo1.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\tavo.exe
C:\WINDOWS\system32\tavo0.dll
C:\WINDOWS\system32\tavo1.dll
C:\WINDOWS\winhelp.ini
D:\Autorun.inf
D:\itsduel.exe
D:\n6t1h.cmd
D:\vva0hc0p.cmd
E:\Autorun.inf
E:\itsduel.exe
E:\n6t1h.cmd
E:\vva0hc0p.cmd
.
((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
.
2008-10-07 15:40 . 2008-10-07 15:40 64 --a------ C:\WINDOWS\system32\aiks.ldb
2008-10-06 20:08 . 2008-10-06 20:08 <DIR> d-------- C:\downloads
2008-10-05 14:21 . 2008-10-05 14:20 119,960 -r-hs---- C:\o6pq1n8.com
2008-10-05 14:20 . 2008-10-05 14:20 <DIR> d-------- C:\Documents and Settings\AOPEN\Application Data\GrabPro
2008-10-05 13:59 . 2008-10-05 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-10-05 13:55 . 2008-10-05 13:55 <DIR> d-------- C:\Program Files\CCleaner
2008-10-03 18:39 . 2008-10-03 18:39 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-10-03 15:50 . 2008-10-03 15:50 <DIR> d-------- C:\Program Files\DVDVIDEOSOFT
2008-10-03 15:50 . 2008-10-03 15:50 <DIR> d-------- C:\Program Files\Common Files\DVDVIDEOSOFT
2008-10-01 12:43 . 2008-10-01 12:43 <DIR> d-------- C:\Documents and Settings\AOPEN\Application Data\Nokia Multimedia Player
2008-10-01 12:40 . 2008-10-01 12:40 <DIR> d-------- C:\Documents and Settings\AOPEN\Phone Browser
2008-10-01 12:25 . 2008-10-01 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-10-01 12:24 . 2008-10-01 12:24 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-10-01 12:24 . 2008-10-01 12:24 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-10-01 12:24 . 2008-10-01 12:38 <DIR> d-------- C:\Documents and Settings\AOPEN\Application Data\Nokia
2008-10-01 12:23 . 2008-10-01 12:23 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-10-01 12:23 . 2008-10-01 12:24 <DIR> d-------- C:\Program Files\Nokia
2008-10-01 12:23 . 2008-10-01 12:23 <DIR> d-------- C:\Program Files\DIFX
2008-10-01 12:23 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-10-01 12:23 . 2007-02-22 11:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-10-01 12:23 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-10-01 12:23 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-10-01 12:23 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-10-01 10:44 . 2008-10-01 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-10-01 02:45 . 2008-10-01 02:46 18 --a------ C:\WINDOWS\system32\pingtime.ini
2008-09-30 10:23 . 2008-09-20 21:28 118,322 -r-hs---- C:\sasyg1y8.com
2008-09-23 04:04 . <DIR> C:\Program Files\Konusan Sözlük
2008-09-17 22:03 . 2008-10-07 14:32 <DIR> d-------- C:\Program Files\Incomplete
2008-09-11 15:02 . 2008-09-11 15:22 <DIR> d-------- C:\WINDOWS\Lhsp
2008-09-11 15:01 . 2008-09-11 15:01 <DIR> d-ah----- C:\Program Files\SETUP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-08 14:37 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\Orbit
2008-10-08 14:31 --------- d-----w C:\Program Files\Google
2008-10-07 18:18 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\OpenOffice.org2
2008-10-07 14:41 --------- d-----w C:\Program Files\AIMP2
2008-10-07 12:40 --------- d-----w C:\Program Files\LimeWire
2008-10-07 12:32 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\LimeWire
2008-10-07 08:23 --------- d-----w C:\Program Files\Orbitdownloader
2008-10-05 12:28 --------- d-----w C:\Program Files\Total Video Converter
2008-10-05 12:20 --------- d-----w C:\Program Files\ESET
2008-10-04 18:00 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\Skype
2008-10-03 04:17 --------- d-----w C:\Program Files\FlashGet
2008-10-03 04:17 --------- d-----w C:\Program Files\ErtemSoft Videocapture
2008-10-01 10:40 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\PC Suite
2008-09-23 02:09 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\Hamachi
2008-09-23 02:04 --------- d-----w C:\Program Files\Konuşan Sözlük
2008-09-06 10:56 --------- d-----w C:\Program Files\Picasa2
2008-09-01 09:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-01 09:15 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-30 09:55 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\IObit
2008-08-30 09:50 --------- d-----w C:\Program Files\IObit
2008-08-29 12:53 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-26 11:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-26 09:35 --------- d-----w C:\Program Files\MSN Messenger
2008-08-23 13:57 --------- d-----w C:\Program Files\Ashampoo
2008-08-23 13:57 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\Ashampoo
2008-08-23 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
2008-08-20 14:30 22,328 ----a-w C:\Documents and Settings\AOPEN\Application Data\PnkBstrK.sys
2008-08-20 14:29 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-08-20 14:20 --------- d-----w C:\Program Files\Electronic Arts
2008-08-18 00:25 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-18 00:25 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-18 00:25 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-18 00:25 --------- d-----w C:\Program Files\Common Files\Real
2008-08-16 20:44 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\ATI
2008-08-16 15:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-16 14:56 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-16 13:05 --------- d-----w C:\Program Files\Unlocker
2008-08-16 13:04 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\Desktopicon
2008-08-15 21:44 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-15 21:40 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\uTorrent
2008-08-15 00:31 --------- d-----w C:\Program Files\Yahoo!
2008-08-14 00:03 --------- d-----w C:\Program Files\Sony Ericsson
2008-08-14 00:03 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-08-14 00:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-08-14 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca(2)
2008-08-13 23:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-13 16:37 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\MxBoost
2008-08-05 16:58 44,544 ----a-w C:\WINDOWS\system32\msxml4a.dll
2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-14 10:47 48,640 ----a-w C:\WINDOWS\mmfs.dll
2008-07-14 10:47 2,560 ----a-w C:\WINDOWS\Runservice.exe
2008-07-12 06:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll
2008-07-12 06:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll
2008-07-12 06:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll
2008-02-08 07:43 8 ------w C:\Documents and Settings\All Users\Application Data\SDGLYBMPWPP.SYS
2007-12-29 18:18 32 ------w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2005-06-22 05:37 45,568 --sh--r C:\WINDOWS\system32\cygz.dll
.
------- Sigcheck -------
2004-08-04 00:45 14336 1d651165a36d10f6b0fc69a914e52947 C:\WINDOWS\system32\svchost.exe
2004-08-04 00:45 14336 1d651165a36d10f6b0fc69a914e52947 C:\WINDOWS\system32\dllcache\svchost.exe
2005-03-02 20:20 577536 5eaa22b4862d42dd073d2e437fe07272 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:50 578560 955907521336ffd22f77bf3ded8186ba C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-04 00:45 577536 bf3789c2c424d7a44dd485a28c1224e9 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:10 577536 63ac04e172b3171f82aba15732b43dd7 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 17:37 578048 660e675422f77ca1f536c104770df16a C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 578048 660e675422f77ca1f536c104770df16a C:\WINDOWS\system32\dllcache\user32.dll
2004-08-04 00:45 82944 c0a38170c28c13bdbe7857b04999fa18 C:\WINDOWS\system32\ws2_32.dll
2004-08-04 00:45 82944 c0a38170c28c13bdbe7857b04999fa18 C:\WINDOWS\system32\dllcache\ws2_32.dll
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\drivers\tcpip.sys
2004-08-04 00:45 502272 370ac794b77d3284c807b401d0979c49 C:\WINDOWS\system32\winlogon.exe
2004-08-04 00:45 502272 370ac794b77d3284c807b401d0979c49 C:\WINDOWS\system32\dllcache\winlogon.exe
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2005-03-02 20:12 2058880 e777ae8c26094fad6e7ab0f3bf6ddb7c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:07 2061312 53b8af4bc9689641eca0f2d70ff95ffd C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-04 00:56 2017280 006d1111aeb782304d0a6608eb9574cd C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:07 2017280 845778d8eaaf28fd2a64774e16285f4a C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:01 2059520 974e97643035a2c23319a97e12d8bc48 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:01 2017792 06429c730a2f9e281af089fd5aea13cd C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:01 2017792 06429c730a2f9e281af089fd5aea13cd C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2005-03-02 20:13 2181504 5dab3abc3dd66cbf8ba675620538e88f C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:07 2184064 feb7f68bd5482931e0acf82badd34b7b C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-04 00:40 2150400 3b7671944597041aaad95dc1029c375f C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:07 2137600 a8513089dd134a2ca95ddafc67066a18 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:01 2182272 29d2479c1bf45f3c683a6b8e2f300316 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:01 2138112 cc61ce452f0d562b22e377985ebde29f C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:01 2138112 cc61ce452f0d562b22e377985ebde29f C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 15:22 1033216 16c9974928b0159bb2c4c4041426a49b C:\WINDOWS\explorer.exe
2007-06-13 15:10 1033216 8c82776ff0d43e2526ec2e259567b464 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 00:45 1032192 0d82ee7c6edee0e8e36305e63ac20aaf C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 1033216 16c9974928b0159bb2c4c4041426a49b C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-04 00:45 108544 c71da9498b37280c61c75983789be279 C:\WINDOWS\system32\services.exe
2004-08-04 00:45 108544 c71da9498b37280c61c75983789be279 C:\WINDOWS\system32\dllcache\services.exe
2004-08-04 00:45 13312 2380b134a9fea8b7683be78a4c8d92b8 C:\WINDOWS\system32\lsass.exe
2004-08-04 00:45 13312 2380b134a9fea8b7683be78a4c8d92b8 C:\WINDOWS\system32\dllcache\lsass.exe
2004-08-04 00:45 15360 9d83d8f381868e8347263dc62a8a2152 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 00:45 15360 9d83d8f381868e8347263dc62a8a2152 C:\WINDOWS\system32\dllcache\ctfmon.exe
2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 00:45 57856 eded8ea387a59c4b6ea154f29e562aae C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\dllcache\spoolsv.exe
2004-08-04 00:45 24576 b0b1983041c5c1bee93e24907bc83722 C:\WINDOWS\system32\userinit.exe
2004-08-04 00:45 24576 b0b1983041c5c1bee93e24907bc83722 C:\WINDOWS\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-18 185896]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09}"= "C:\WINDOWS\system32\Bitkv0.dll" [2007-06-13 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-r------- 2008-02-01 17:22 21898024 C:\Documents and Settings\AOPEN\desktop\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-18 02:25 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"W32Time"=2 (0x2)
"LmHosts"=2 (0x2)
"lanmanserver"=2 (0x2)
"mnmsrvc"=3 (0x3)
"WZCSVC"=2 (0x2)
"ERSvc"=2 (0x2)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"VMSnap3"=C:\WINDOWS\VMSnap3.EXE
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
"Alcmtr"=ALCMTR.EXE
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"SkyTel"=SkyTel.EXE
"Domino"=C:\WINDOWS\Domino.EXE
"RTHDCPL"=RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Documents and Settings\\AOPEN\\Desktop\\Skype.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2008-07-14 2560]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-07-03 39424]
R3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 428160]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-06-20 13352]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b5883d5-20f3-11dd-8e2a-001d60ca5b51}]
\Shell\AutoRun\command - G:\e6.com
\Shell\explore\Command - G:\e6.com
\Shell\open\Command - G:\e6.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4466fd2c-8c83-11dd-8529-001d60ca5b51}]
\Shell\Auto\command - activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - activexdebugger32.exe f
\Shell\open\Command - activexdebugger32.exe f
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{681442de-3ec2-11dd-9b14-001d60ca5b51}]
\Shell\AutoRun\command - G:\e.exe
\Shell\explore\Command - G:\e.exe
\Shell\open\Command - G:\e.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0130550-acac-11dc-b9d8-001d60ca5b51}]
\Shell\AutoRun\command - G:\sasyg1y8.com
\Shell\explore\Command - G:\sasyg1y8.com
\Shell\open\Command - G:\sasyg1y8.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8248ffd-d16d-11dc-8bfd-001d60ca5b51}]
\Shell\AutoRun\command - G:\sasyg1y8.com
\Shell\explore\Command - G:\sasyg1y8.com
\Shell\open\Command - G:\sasyg1y8.com
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-10-08 C:\WINDOWS\Tasks\CryptLoad.job
- C:\Documents and Settings\AOPEN\Desktop\CrytLoad\CryptLoad.exe []
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-TRKY-DnsAyar - C:\Program Files\TRKY-DnsAyar\TRKY-DnsAyar.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\AOPEN\Application Data\Mozilla\Firefox\Profiles\2o2ztk0z.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF -: plugin - C:\Program Files\Picasa2\npPicasa2.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2008-10-08 16:39:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-08 16:40:27
ComboFix-quarantined-files.txt 2008-10-08 14:40:18
Pre-Run: 8.158.150.656 bayt bos
Post-Run: 8,167,534,592 bayt bos
345 --- E O F --- 2008-09-12 13:10:17
< Bu mesaj bu kişi tarafından değiştirildi fuhrergandhi -- 8 Ekim 2008; 16:43:50 >
-
quote:
Orjinalden alıntı: serji
* HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ve yeniden başlatın.
Evet durum biraz vahim. Ama temizleycegiz.
Combofix adli programi indirin.
http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
serji kardeşim combo fix log unuda gönderiyorum kolay gelsin
ComboFix 08-10-02.04 - Administrator 2008-10-08 0:40:06.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1254.1.1055.18.1661 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe
C:\Program Files.exe
C:\WINDOWS\system32\drivers\IsDrv118.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_IsDrv118
((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
.
2008-10-07 02:14 . 2006-12-06 12:19 76,800 --a-s---- C:\Documents and Settings\Administrator\Desktop.exe
2008-10-06 16:02 . 2008-10-06 16:02 0 --a------ C:\WINDOWS\bulmaca.INI
2008-10-05 22:39 . 2008-10-05 22:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-05 01:50 . 2008-10-05 01:50 <DIR> d-------- C:\Program Files\EA GAMES
2008-10-05 01:49 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-10-05 01:12 . 2008-10-05 01:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-10-05 01:12 . 2008-10-05 01:12 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-10-05 01:12 . 2008-10-05 01:12 103,736 --a------ C:\Documents and Settings\Administrator\Application Data\PnkBstrB.exe
2008-10-05 01:12 . 2008-10-05 01:12 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-10-05 01:12 . 2008-10-05 01:12 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-05 01:12 . 2008-10-05 01:12 22,328 --a------ C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2008-10-05 01:12 . 2008-10-05 01:12 319 --a------ C:\WINDOWS\game.ini
2008-10-05 01:05 . 2008-10-05 01:05 <DIR> d-------- C:\Program Files\Activision
2008-10-04 22:58 . 2008-10-04 22:58 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-10-04 05:10 . 2006-12-06 12:19 76,800 --a-s---- C:\Program Files\SRS Labs.exe
2008-10-04 03:59 . 2006-12-06 12:19 76,800 --a-s---- C:\Program Files\WindowsUpdate.exe
2008-10-04 03:59 . 2006-12-06 12:19 76,800 --a-s---- C:\Program Files\Uninstall Information.exe
2008-10-04 03:59 . 2006-12-06 12:19 76,800 --a-s---- C:\Program Files\InstallShield Installation Information.exe
2008-10-04 03:59 . 2006-12-06 12:19 76,800 --a-s---- C:\Program Files\AIMP2.exe
2008-10-04 03:58 . 2006-12-06 12:19 76,800 --a-s---- C:\Program Files\AntiVir PersonalEdition Classic.exe
2008-09-30 07:45 . 2006-12-06 12:19 76,800 --a-s---- C:\Documents and Settings\Administrator\Belgelerim.exe
2008-09-29 04:51 . 2008-09-29 04:51 <DIR> d--h----- C:\WINDOWS\PIF
2008-09-27 02:36 . 2008-09-27 02:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ACD Systems
2008-09-27 02:35 . 2008-09-27 02:36 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-09-27 02:35 . 2008-09-27 02:35 <DIR> d-------- C:\Program Files\ACD Systems
2008-09-27 02:35 . 2008-09-27 02:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-09-26 19:11 . 2008-09-26 19:11 62 --a------ C:\WINDOWS\soko.ini
2008-09-26 19:02 . 1998-11-17 13:44 328,704 --a------ C:\WINDOWS\IsUn0407.exe
2008-09-26 18:38 . 2008-09-26 18:38 0 --a------ C:\WINDOWS\wordsearch.INI
2008-09-23 00:38 . 2004-08-04 00:45 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-09-23 00:38 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-09-23 00:38 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-09-23 00:38 . 2001-11-21 21:35 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-09-21 18:22 . 2008-09-26 19:16 24 --a------ C:\WINDOWS\WINTOYS.INI
2008-09-21 18:21 . 2008-09-25 16:00 131 --a------ C:\WINDOWS\chess.ini
2008-09-20 12:48 . 2008-09-20 12:48 121 --a------ C:\WINDOWS\SYMGAMES.INI
2008-09-20 00:14 . 2008-09-20 00:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-09-20 00:13 . 2008-09-20 00:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GRETECH
2008-09-19 17:32 . 2008-09-26 20:12 1,327 --a------ C:\WINDOWS\EntPack.dat
2008-09-19 14:34 . 2008-10-07 15:44 1,358 --a------ C:\WINDOWS\entpack.ini
2008-09-19 14:24 . 2008-09-26 18:18 93 --a------ C:\WINDOWS\GECKOS.INI
2008-09-19 14:24 . 2008-09-21 18:23 71 --a------ C:\WINDOWS\dodger.ini
2008-09-19 03:17 . 2008-09-19 03:17 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-09-19 03:06 . 2008-10-04 05:11 <DIR> d--hs---- C:\Program Files\SRS Labs
2008-09-19 03:06 . 2008-09-19 03:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SRS Labs
2008-09-19 03:06 . 2007-07-26 09:25 47,360 -ra------ C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
2008-09-19 03:06 . 2007-07-26 09:25 47,104 -ra------ C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
2008-09-19 03:06 . 2007-07-26 09:25 42,112 -ra------ C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
2008-09-19 03:06 . 2007-07-26 09:25 39,808 -ra------ C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
2008-09-19 03:06 . 2007-07-26 09:25 32,000 -ra------ C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
2008-09-19 02:59 . 2008-10-07 15:10 <DIR> d--hs---- C:\Program Files\AIMP2
2008-09-19 02:53 . 2008-09-20 00:13 <DIR> d-------- C:\Program Files\GRETECH
2008-09-18 23:32 . 2008-09-18 23:32 <DIR> d-------- C:\Program Files\OpenAL
2008-09-18 23:30 . 2007-06-08 04:56 4,931,584 --a------ C:\WINDOWS\system32\stacgui.cpl
2008-09-18 23:30 . 2007-06-08 04:56 1,097,728 --a------ C:\WINDOWS\system32\stlang.dll
2008-09-18 23:30 . 2007-06-08 04:56 303,104 --a------ C:\WINDOWS\sttray.exe
2008-09-18 23:30 . 2007-06-08 04:56 90,112 --a------ C:\WINDOWS\system32\stacsv.exe
2008-09-18 23:25 . 2007-06-08 04:56 117,248 --a------ C:\WINDOWS\system32\staco.dll
2008-09-18 22:40 . 2008-09-18 22:40 <DIR> d-------- C:\Program Files\Webteh
2008-09-18 21:49 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-09-18 21:49 . 2008-09-19 03:24 396 --a------ C:\WINDOWS\ODBC.INI
2008-09-18 21:48 . 2008-09-18 21:49 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-18 21:48 . 2008-09-18 21:48 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-18 21:47 . 2008-09-18 21:47 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-18 21:44 . 2008-09-18 21:44 <DIR> dr-h----- C:\MSOCache
2008-09-18 21:36 . 2008-09-18 21:36 <DIR> d-------- C:\Program Files\SigmaTel
2008-09-18 21:36 . 2007-06-08 04:56 1,184,168 --a------ C:\WINDOWS\system32\drivers\sthda.sys
2008-09-18 21:36 . 2007-06-08 04:56 229,376 --a------ C:\WINDOWS\system32\stacapi.dll
2008-09-18 21:36 . 2007-06-08 04:56 54,272 --a------ C:\WINDOWS\system32\drivers\sfng32.sys
2008-09-18 21:36 . 2004-11-18 10:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-09-18 14:35 . 2008-09-19 14:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-09-18 14:27 . 2008-10-07 01:20 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-18 14:26 . 2008-09-18 14:26 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-09-18 14:26 . 2008-09-18 14:26 <DIR> d-------- C:\Program Files\Ahead
2008-09-18 14:26 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-09-18 14:26 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-09-18 14:26 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-09-18 14:26 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-09-18 14:26 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-09-18 14:26 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-09-18 14:26 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-09-18 14:26 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-09-18 14:15 . 2008-09-18 14:15 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-18 14:02 . 2008-09-18 14:02 <DIR> dr------- C:\Documents and Settings\merve\Sk Kullanlanlar
2008-09-18 14:02 . 2008-09-18 23:07 <DIR> dr------- C:\Documents and Settings\merve\Belgelerim
2008-09-18 14:02 . 2008-09-18 14:02 <DIR> d-------- C:\Documents and Settings\merve\Application Data\ATI
2008-09-18 14:02 . 2008-09-18 14:48 <DIR> d-------- C:\Documents and Settings\merve
2008-09-18 13:55 . 2008-09-18 13:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-09-18 13:55 . 2008-09-18 13:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2008-09-18 13:49 . 2008-09-18 13:49 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2008-09-18 13:46 . 2008-09-18 13:52 <DIR> d-------- C:\Program Files\ATI Technologies
2008-09-18 13:43 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-18 13:42 . 2008-09-18 13:42 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-09-18 13:42 . 2008-09-18 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-09-18 13:41 . 2008-09-18 13:43 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-18 13:37 . 1999-09-22 23:18 2,167,684 --------- C:\WINDOWS\system32\CT2MGM.SF2
2008-09-18 13:37 . 2007-09-26 10:17 22,764 --a------ C:\WINDOWS\system32\Ludap17.ini
2008-09-18 13:37 . 2008-09-30 07:33 1,568 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-09-18 13:37 . 2008-09-30 07:33 1,568 --a------ C:\WINDOWS\system32\settings.sfm
2008-09-18 13:37 . 2005-03-08 14:17 54 --a------ C:\WINDOWS\system32\ctzapxx.ini
2008-09-18 13:36 . 2008-10-05 01:12 <DIR> d--hs---- C:\Program Files\InstallShield Installation Information
2008-09-18 13:36 . 2008-09-18 13:37 <DIR> d-------- C:\Program Files\Creative
2008-09-18 13:36 . 2008-09-18 13:49 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-09-18 13:36 . 2008-09-18 14:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-09-18 13:33 . 2007-06-08 04:59 254,872 -ra------ C:\WINDOWS\system32\drivers\e1e5132.sys
2008-09-18 13:33 . 2007-06-08 04:59 179,048 -ra------ C:\WINDOWS\system32\e1000msg.dll
2008-09-18 13:33 . 2007-06-08 04:59 154,496 -ra------ C:\WINDOWS\system32\Prounstl.exe
2008-09-18 13:33 . 2007-06-08 04:59 66,424 -ra------ C:\WINDOWS\system32\NicEtCoE.dll
2008-09-18 13:33 . 2007-06-08 04:59 62,840 -ra------ C:\WINDOWS\system32\NicInstE.dll
2008-09-18 13:33 . 2007-06-08 04:59 28,536 -ra------ C:\WINDOWS\system32\NicCo.dll
2008-09-18 13:33 . 2007-06-08 04:59 2,889 -ra------ C:\WINDOWS\system32\e1e5132.din
2008-09-18 13:33 . 2007-06-08 04:58 1,904 --------- C:\WINDOWS\system32\SetupBD.din
2008-09-18 13:31 . 2008-09-18 13:31 <DIR> d-------- C:\Program Files\Intel Desktop Board
2008-09-18 13:31 . 2007-04-03 16:29 912,152 --a------ C:\WINDOWS\system32\heciudlg.exe
2008-09-18 13:31 . 2006-11-10 09:25 319,456 --a------ C:\WINDOWS\system32\difxapi.dll
2008-09-18 13:31 . 2007-03-13 13:05 44,672 --a------ C:\WINDOWS\system32\drivers\HECI.sys
2008-09-18 13:29 . 2008-09-18 13:31 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-18 13:29 . 2008-09-18 21:38 <DIR> d-------- C:\TempEI4
2008-09-18 13:29 . 2008-09-18 13:29 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-18 13:29 . 2008-09-18 13:33 <DIR> d-------- C:\Program Files\Intel
2008-09-18 13:29 . 2008-09-18 13:29 <DIR> d-------- C:\Intel
2008-09-18 13:28 . 2001-11-21 19:12 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-09-18 13:28 . 2001-11-21 19:12 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 21:32 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-09-18 21:32 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-09-17 09:41 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((( snapshot_2008-09-24_ 2.06.59.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-04 23:50:01 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-10-04 23:50:01 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-10-04 23:50:01 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-10-04 23:50:01 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-10-04 23:50:01 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-10-04 23:50:01 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-10-04 23:50:01 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-10-04 23:50:02 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-10-04 23:50:01 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-10-04 23:12:37 216,358 ----a-r C:\WINDOWS\Installer\{E48469CC-635E-4FD5-A122-1497C286D217}\ARPPRODUCTICON.exe
+ 2008-09-27 00:36:04 81,920 ----a-r C:\WINDOWS\Installer\{F8B98EB6-FC06-45BF-87D4-9784E0408611}\ACDSeeDesktopShortcu_F99F74B4972B4B06B8936B3B0DB0128B.exe
+ 2008-09-27 00:36:03 81,920 ----a-r C:\WINDOWS\Installer\{F8B98EB6-FC06-45BF-87D4-9784E0408611}\ACDSeePMShortcut_F99F74B4972B4B06B8936B3B0DB0128B.exe
+ 2008-09-27 00:36:04 566,608 ----a-r C:\WINDOWS\Installer\{F8B98EB6-FC06-45BF-87D4-9784E0408611}\ACDSeeShowroomShor_89621A33AFFC45029C8C9D5A4EA9D15A.exe
+ 2008-09-27 00:36:03 81,920 ----a-r C:\WINDOWS\Installer\{F8B98EB6-FC06-45BF-87D4-9784E0408611}\ARPPRODUCTICON.exe
+ 2008-09-27 00:36:04 45,056 ----a-r C:\WINDOWS\Installer\{F8B98EB6-FC06-45BF-87D4-9784E0408611}\DevDetectPMShortcut_ECE0113B23D04DD889E6D2F026CABF03.exe
+ 2005-03-18 15:23:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 15:23:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 15:23:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2005-03-18 15:23:10 145,920 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 15:23:10 159,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 15:23:14 364,544 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 15:23:12 178,176 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 15:23:14 223,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2005-05-26 13:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
- 2008-09-17 09:40:54 8,738 ----a-w C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
+ 2008-09-29 03:05:28 8,972 ----a-w C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
- 2008-09-17 09:40:52 86,327 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
+ 2008-09-29 03:05:44 86,327 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
- 2008-09-17 09:40:54 2,112 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2008-09-29 03:05:44 2,426 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
- 2008-09-19 02:44:07 34,308 ----a-w C:\WINDOWS\system32\BASSMOD.dll
+ 2008-10-04 03:07:57 34,308 ----a-w C:\WINDOWS\system32\BASSMOD.dll
+ 2002-01-05 02:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll
+ 2002-01-05 02:36:38 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll
+ 2002-01-05 01:38:38 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll
+ 2002-01-05 01:40:20 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
+ 2002-01-05 01:37:28 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
+ 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2008-10-04 3215360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 327720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.ACDV"= ACDV.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programlar^Başlangıç^Adobe Gamma.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programlar\Başlangıç\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 02:45 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
--a------ 2006-07-03 12:43 10752 C:\WINDOWS\system32\SPIRun.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2007-06-08 04:56 303104 C:\WINDOWS\sttray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-01-30 393216]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e8967eb-8576-11dd-8b29-001cc037a8bf}]
\Shell\AutOPLay\coMmaNd - G:\xvxb.pif
\Shell\AutoRun\command - G:\xvxb.pif
\Shell\eXpLorE\CommaND - G:\xvxb.pif
\Shell\oPeN\COMmanD - G:\xvxb.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58e0bf85-8688-11dd-8b36-001cc037a8bf}]
\shell\explore\Command - G:\boot.exe
\shell\open\Command - G:\boot.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a82263ee-863c-11dd-8b34-001cc037a8bf}]
\shell\explore\Command - G:\boot.exe
\shell\open\Command - G:\boot.exe
.
.
------- Supplementary Scan -------
.
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2008-10-08 00:42:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AutoRun
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AutoRun\AutoRun.bmp 295736 bytes
C:\WINDOWS\system32\drivers\nvmini.sys 17152 bytes executable
C:\WINDOWS\linkinfo.dll 46592 bytes executable
C:\WINDOWS\system32\linkinfo.dll 18944 bytes executable
scan completed successfully
hidden files: 5
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvmini]
"ImagePath"="system32\DRIVERS\nvmini.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\stacsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-10-08 0:43:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-07 22:43:04
ComboFix2.txt 2008-10-03 04:12:00
ComboFix3.txt 2008-10-03 03:32:18
ComboFix4.txt 2008-09-30 05:54:25
ComboFix5.txt 2008-10-07 22:39:49
Pre-Run: 47.001.141.248 bayt boŸ
Post-Run: 47,001,341,952 bayt boŸ
294
-
quote:
Orjinalden alıntı: :Fatih:
Buyur serji kardeşim..
Guzel. Yavas yavas sona yaklasiyoruz.
Perlovga Removal Tool adlı programı masaüstünüze indirin.
http://www.guvenlikuzmanim.com/dosyalar/perlovga.exe
Programı çalıştırıp Start tıklayın. Daha sonra bilgisayarınızı zaman kaybetmeden yeniden başlatın.
Daha sonra bir HJ logu daha gonder: -
quote:
Orjinalden alıntı: Golday
İşte rapor
Perlovga Removal Tool adlı programı masaüstünüze indirin.
http://www.guvenlikuzmanim.com/dosyalar/perlovga.exe
Programı çalıştırıp Start tıklayın. Daha sonra bilgisayarınızı zaman kaybetmeden yeniden başlatın.
The Avenger adlı programı masaüstünüze indirin.
http://www.guvenlikuzmanim.com/dosyalar/avenger.exe
1. Aşağıda yazılmış olan yazıların tamamını seçip CTRL+C basın ve kopyalayın.
Files to delete:
C:\o6pq1n8.com
C:\sasyg1y8.com
2. Program ikonunun üzerine çift tıklayarak programı çalıştırın.
* Load Script altında Paste from Clipboard seçin.
* Execute butonuna basın.
* Program soru sorarsa Evet tıklayın.
3. Bilgisayarınız yeniden başlayacak. (2 kez yeniden başlayabilir) Daha sonra bir takım işlemler yapılacaktır.
4. Tarama işlemi bittikten sonra C:\avenger.txt olarak bir log dosyası yaratılacaktır. (Yedekleriniz C:\avenger\backup.zip dizininde olacaktır.)
5. C:\avenger.txt dosyasını mesajınıza ekleyerek bize gönderin.
-
quote:
Orjinalden alıntı: absolutely33
serji kardeşim combo fix log unuda gönderiyorum kolay gelsin
Perlovga Removal Tool adlı programı masaüstünüze indirin.
http://www.guvenlikuzmanim.com/dosyalar/perlovga.exe
Programı çalıştırıp Start tıklayın. Daha sonra bilgisayarınızı zaman kaybetmeden yeniden başlatın.
Daha sonra bir HJ logu daha gonder.
-
quote:
Orjinalden alıntı: serji
quote:
Orjinalden alıntı: zonoli
bilgisayarımda aşırı derecede bir yavaşlama var. ayrıca yerel disk bölümlerini bilgisayarım penceresi üzerinden açamıyorum. ilginenirsen çok sevinirim..şimdiden teşekkürler.
* HijackThis adlı programı açın.
* Do a system scan only seçeneğine tıklayın.
* Aşağıdaki satırları işaretleyin.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Bittorrent] C:\WINDOWS\bittorrent.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [iexplore] C:\WINDOWS\iexplore.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
* HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ve yeniden başlatın.
Daha sonra:
Combofix adli programi indirin.
http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
buyur dostum dediğin adımları uyguladım..işte dosya.
ComboFix 08-10-07.06 - ********* 2008-10-08 19:00:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1254.1.1055.18.175 [GMT 3:00]
Running from: C:\Documents and Settings\*********\Desktop\ComboFix.exe
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\Documents and Settings\*********\Application Data\install.dat
C:\Documents and Settings\*********\Desktop\ders vs\program\R2V\Desktop_.ini
C:\Documents and Settings\*********\ravmonlog
C:\z.txt
E:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSASVC
((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
.
2008-10-08 18:48 . 2008-10-08 18:48 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-10-07 17:06 . 2008-05-01 17:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-08 16:13 --------- d-----w C:\Program Files\cFosSpeed
2008-10-08 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-06 11:50 286,720 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-10-06 11:49 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
1999-04-30 14:00 98,304 ----a-w C:\Program Files\internet explorer\plugins\UPjpeg.dll
2007-02-25 09:06 122,880 --sha-r C:\WINDOWS\system32\blat.dll
2006-12-26 13:49 98,592 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2006-12-26 13:49 6,688 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-09 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 77824]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-09-01 684032]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 155648]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-10-29 850896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 286720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 19:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^Adobe Reader Hızlı Çalıştırma.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç\Adobe Reader Hızlı Çalıştırma.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hızlı Çalıştırma.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^*********^Start Menu^Programlar^Başlangıç^YouTube Uploader.lnk]
path=C:\Documents and Settings\AYDIN GÜVEN\Start Menu\Programlar\Başlangıç\YouTube Uploader.lnk
backup=C:\WINDOWS\pss\YouTube Uploader.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-09 13:39 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-10-25 08:37 35328 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 77072]
S3 ovt530;WC-OML300;C:\WINDOWS\system32\Drivers\ov530vid.sys [2006-02-08 173939]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14066cc7-04bb-11dd-b4c0-00166f1f050b}]
\Shell\AutoRun\command - F:\t.com
\Shell\explore\Command - F:\t.com
\Shell\open\Command - F:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24555902-0092-11dd-b4b5-00166f1f050b}]
\Shell\AutoRun\command - F:\explorer.exe
\Shell\explore\Command - F:\explorer.exe
\Shell\open\Command - F:\explorer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27c531c5-0def-11dd-b4d8-00166f1f050b}]
\Shell\AutoRun\command - F:\t.com
\Shell\explore\Command - F:\t.com
\Shell\open\Command - F:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b942acb-64b7-11dd-b586-00166f1f050b}]
\Shell\AutoRun\command - F:\xk2n.bat
\Shell\explore\Command - F:\xk2n.bat
\Shell\open\Command - F:\xk2n.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{314fd69c-7051-11dc-b34d-00166f1f050b}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{765dc602-100c-11dc-b24c-00166f1f050b}]
\Shell\AutoRun\command - F:\u.bat
\Shell\explore\Command - F:\u.bat
\Shell\open\Command - F:\u.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97ddf224-5265-11dd-b575-00166f1f050b}]
\Shell\AutoRun\command - F:\xk2n.bat
\Shell\explore\Command - F:\xk2n.bat
\Shell\open\Command - F:\xk2n.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1b8e353-1475-11dc-b262-00166f1f050b}]
\Shell\Auto\command - F:\bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7542690-2d72-11dd-b524-00166f1f050b}]
\Shell\AutoRun\command - G:\t.com
\Shell\explore\Command - G:\t.com
\Shell\open\Command - G:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d572dfb8-b90c-11dc-b43f-00166f1f050b}]
\Shell\Auto\command - H:\sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4a193ea-032e-11dd-b4bc-00166f1f050b}]
\Shell\AutoRun\command - F:\t.com
\Shell\explore\Command - F:\t.com
\Shell\open\Command - F:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f63d18bf-0e17-11dd-b4d9-00166f1f050b}]
\Shell\AutoRun\command - F:\t.com
\Shell\explore\Command - F:\t.com
\Shell\open\Command - F:\t.com
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.tr/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
O8 -: &VİNDİR FOR YOUTUBE 2 >>> - C:\Program Files\Vindir for YouTube 2\context_handle.htm
O17 -: HKLM\CCS\Interface\{8CF3E319-5DA4-4B5A-ABF1-4530CD2ADB91}: NameServer = 4.2.2.1,4.2.2.2
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2008-10-08 19:13:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\WGATray.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
.
**************************************************************************
.
Completion time: 2008-10-08 19:22:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-08 16:21:52
Pre-Run: 4,796,575,744 bayt bos
Post-Run: 5,434,417,152 bayt bos
188 --- E O F --- 2008-10-08 15:14:54
-
quote:
Orjinalden alıntı: serji
Perlovga Removal Tool adlı programı masaüstünüze indirin.
http://www.guvenlikuzmanim.com/dosyalar/perlovga.exe
Programı çalıştırıp Start tıklayın. Daha sonra bilgisayarınızı zaman kaybetmeden yeniden başlatın.
Daha sonra bir HJ logu daha gonder.
tamam hocam yarın elindedir HJ logu (biliyorsun evde net olmayınca iş yerinden halletmeye çalışıyoruz
)
ha bu arada perlovga ya start derdemez pc yi yeniden başlatacam deilmi
-
quote:
Orjinalden alıntı: zonoli
buyur dostum dediğin adımları uyguladım..işte dosya.
Perlovga Removal Tool adlı programı masaüstünüze indirin.
http://www.guvenlikuzmanim.com/dosyalar/perlovga.exe
Programı çalıştırıp Start tıklayın. Daha sonra bilgisayarınızı zaman kaybetmeden yeniden başlatın.
Daha sonra bir HJ logu daha gonder. -
quote:
Orjinalden alıntı: serji
quote:
Orjinalden alıntı: zonoli
buyur dostum dediğin adımları uyguladım..işte dosya.
Perlovga Removal Tool adlı programı masaüstünüze indirin.
http://www.guvenlikuzmanim.com/dosyalar/perlovga.exe
Programı çalıştırıp Start tıklayın. Daha sonra bilgisayarınızı zaman kaybetmeden yeniden başlatın.
Daha sonra bir HJ logu daha gonder.
saolasın dostum ilgi için.. işte log dosya.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at OFLU 19:42, on 08.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\AYDIN GÜVEN\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare yazılımı.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &VİNDİR FOR YOUTUBE 2 >>> - C:\Program Files\Vindir for YouTube 2\context_handle.htm
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -http://www.yayindayiz.biz/yayin/ampx2.6.1.11_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CF3E319-5DA4-4B5A-ABF1-4530CD2ADB91}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 6527 bytes
-
quote:
Orjinalden alıntı: zonoli
Su anda sistem temiz gozukuyor. Eski sorunlar hala devam ediyor muı?
-
düzeldi dostum..çok teşekkür ederim 
Ip işlemleri
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
