Donanım Haber Forum
Giriş :
 Şifre:
Beni Hatırla / Şifremi unuttum ?
Benim Forumlarım'a git  
Ana Sayfa | Kayıt ol | Profilim | Gelen Kutusu | DH Hız Aşırtma VT | Adres Defteri | Email'le üyeliklerim | Benim forumlarım | Fotoğraf Albümleri
Favorileriniz | Üyeler | Arama | SSS | Şikayet listesi | Uyarı listesi | Nick işlemleri
Cevap: HijackThis Detayli Egitim & Log dosyasi analizleri! [Resimli]

İlgili konuları bak: (bu forumda | tüm forumlarda)

Bu isimle girdiniz: Guest
Bu konudaki kullanıcılar: hiç
  Basılabilir versiyon
Tüm forumlar >> [Donanım / Hardware] >> Network, İnternet ve Güvenlik >> Güvenlik >> Cevap: HijackThis Detayli Egitim & Log dosyasi analizleri! [Resimli] Sayfa: <<   < önceki  76 77 [78] 79 80 81 82 83 84 85   sonraki >   >>
Giriş
Mesaj << Daha eski konu   Daha yeni konu >>
muratgrb

Mesaj: 13


 4 Eylül 2008; 16:10:50 
Bu mesajla ilgili şikayetinizi bu icon a tıklayarak yapabilirsiniz.
Yine uzun bir liste olacak sanırım. Log Report'u aşağıya kopyalıyor ve sıradaki programla tarama hangisi onu beklemeye başlıyorum.

ComboFix 08-09-03.03 - Murat 2008-09-04 15:48:06.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1254.1.1055.18.1395 [GMT 3:00]
Running from: D:\Downloads\software\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\autorun.inf
C:\Program Files\FlashGet network
C:\Program Files\FlashGet Network\FlashGet\dbtrans_verbose.log
C:\Program Files\FlashGet Network\FlashGet\fgoption.ini
C:\Program Files\FlashGet Network\FlashGet\JCCHS.INI
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\0.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\1.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\10.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\11.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\12.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\13.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\14.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\15.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\16.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\17.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\18.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\19.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\2.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\20.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\21.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\3.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\4.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\5.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\6.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\7.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\8.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\9.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\garage\Headers\nologin.bmp
C:\Program Files\FlashGet Network\FlashGet\modules\Inmedia\Info.ini
C:\Program Files\FlashGet Network\FlashGet\modules\Inmedia\INMEDIA.dll
C:\Program Files\FlashGet Network\FlashGet\P2PCfg.ini
C:\Program Files\FlashGet Network\FlashGet\p2spmgr.ini
C:\Program Files\FlashGet Network\FlashGet\p4spmgr.ini
C:\Program Files\FlashGet Network\FlashGet\Profiles\config.dat
C:\Program Files\FlashGet Network\FlashGet\Profiles\tasks.dat
C:\Program Files\FlashGet Network\FlashGet\Temp\Default.jcd
C:\Program Files\FlashGet Network\FlashGet\Temp\setup.exe
C:\Program Files\FlashGet Network\FlashGet\transaction.log
C:\Program Files\SunPorn
C:\Program Files\SunPorn\unins000.dat
C:\Program Files\SunPorn\unins000.exe
C:\Program Files\update.exe
C:\Users\Murat\AppData\Roaming\BITS
C:\Users\Murat\AppData\Roaming\BITS\BITS.ini
C:\Users\Murat\AppData\Roaming\BITS\DHTTable.dat
C:\Users\Murat\AppData\Roaming\BITS\ProxyList.ini
C:\Users\Murat\AppData\Roaming\BITS\UPnP.ini
C:\Users\Murat\AppData\Roaming\macromedia\Flash Player\#SharedObjects\R5MAJNTG\bin.clearspring.com
C:\Users\Murat\AppData\Roaming\macromedia\Flash Player\#SharedObjects\R5MAJNTG\bin.clearspring.com\clearspring.sol
C:\Users\Murat\AppData\Roaming\macromedia\Flash Player\#SharedObjects\R5MAJNTG\bin.clearspring.com\ws\wan\wanLib.swf\4768333db966f3fc.sol
C:\Users\Murat\AppData\Roaming\macromedia\Flash Player\#SharedObjects\R5MAJNTG\bin.clearspring.com\ws\wan\wanLib.swf\47a76044b6216451.sol
C:\Users\Murat\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Users\Murat\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Users\Murat\AppData\Roaming\Microsoft\Windows\Cookies\murat@adsrv.adgroupm[1].txt
C:\Users\Murat\AppData\Roaming\Microsoft\Windows\Cookies\murat@dl.google[3].txt
C:\Windows\msvrc20.dll
C:\Windows\system32\admshare.dat
C:\Windows\system32\amvo.exe
C:\Windows\system32\amvo0.dll
C:\Windows\system32\drivers\msliksurserv.sys
C:\Windows\system32\msliksurcredo.dll
C:\Windows\system32\msliksurdns.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))
.

2008-09-04 12:29 . 2008-09-04 12:29 396 --a------ C:\Windows\ODBC.INI
2008-09-03 23:59 . 2008-09-03 23:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-03 18:39 . 2008-09-03 18:39 <DIR> d-------- C:\Users\Murat\AppData\Roaming\ICQ Toolbar
2008-09-03 00:02 . 2008-09-03 19:47 <DIR> d-------- C:\Program Files\ICQToolbar
2008-09-03 00:01 . 2008-09-03 00:03 <DIR> d-------- C:\Users\Murat\AppData\Roaming\ICQ
2008-09-03 00:01 . 2008-09-03 00:03 <DIR> d-------- C:\Program Files\ICQ6
2008-09-02 19:38 . 2008-09-02 19:38 <DIR> d-------- C:\Users\Public\CyberLink
2008-09-02 19:38 . 2008-09-02 19:38 <DIR> d-------- C:\Users\Murat\AppData\Roaming\CyberLink
2008-09-02 19:37 . 2008-09-02 19:40 <DIR> d-------- C:\Users\All Users\CyberLink
2008-09-02 19:37 . 2008-09-02 19:40 <DIR> d-------- C:\ProgramData\CyberLink
2008-09-02 19:37 . 2008-09-02 19:37 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-09-02 19:36 . 2008-09-02 19:37 <DIR> d-------- C:\Program Files\CyberLink
2008-09-02 19:36 . 2008-09-02 19:48 29,480 --a------ C:\Windows\System32\msxml3a.dll
2008-09-01 23:42 . 2008-09-02 04:35 <DIR> d-------- C:\Program Files\HispaDVB2
2008-09-01 22:41 . 2008-09-01 22:41 0 --a------ C:\Windows\graphedt.INI
2008-08-31 14:45 . 2008-08-31 14:45 <DIR> d-------- C:\WCH.CN
2008-08-31 14:45 . 2006-06-05 00:00 35,824 --a------ C:\Windows\System32\drivers\CH341SER.SYS
2008-08-31 14:45 . 2005-07-30 00:00 6,712 --a------ C:\Windows\System32\CH341PT.DLL
2008-08-31 02:17 . 2008-09-01 23:37 <DIR> d-------- C:\Program Files\ProgDVB
2008-08-31 01:36 . 2008-08-31 01:44 <DIR> d-------- C:\Program Files\vPlug Files Center
2008-08-31 01:03 . 2008-08-31 01:03 0 --a------ C:\Windows\graphedit.INI
2008-08-31 00:14 . 2008-08-31 00:14 <DIR> d-------- C:\Program Files\IGI Subtitler
2008-08-27 18:37 . 2008-08-28 18:44 <DIR> d-------- C:\Users\DvbDream\winlirc
2008-08-27 18:37 . 2008-08-27 18:37 <DIR> d-------- C:\Users\DvbDream\Transponders
2008-08-27 18:37 . 2008-08-27 18:37 <DIR> d-------- C:\Users\DvbDream\Tools
2008-08-27 18:36 . 2008-08-27 18:37 <DIR> d-------- C:\Users\DvbDream\Themes
2008-08-27 18:36 . 2008-02-15 01:15 <DIR> d-------- C:\Users\DvbDream\Record
2008-08-27 18:36 . 2008-08-27 18:36 <DIR> d-------- C:\Users\DvbDream\Plugins
2008-08-27 18:36 . 2008-08-27 18:36 <DIR> d-------- C:\Users\DvbDream\Modules
2008-08-27 18:36 . 2008-08-27 18:36 <DIR> d-------- C:\Users\DvbDream\Languages(9)
2008-08-27 18:36 . 2008-08-27 18:36 <DIR> d-------- C:\Users\DvbDream\Languages(285)
2008-08-27 18:36 . 2008-08-27 18:36 <DIR> d-------- C:\Users\DvbDream\Languages
2008-08-27 18:36 . 2008-08-27 18:36 <DIR> d-------- C:\Users\DvbDream\Docs
2008-08-27 18:36 . 2008-08-27 18:36 <DIR> d-------- C:\Users\DvbDream\Devices
2008-08-27 18:36 . 2008-08-27 18:37 <DIR> d-------- C:\Users\DvbDream
2008-08-27 18:36 . 2008-01-27 22:14 4,137,477 --a------ C:\Users\DvbDream\psiparser.dll
2008-08-27 18:36 . 2008-02-03 15:35 3,620,864 --a------ C:\Users\DvbDream\dvbdream.exe
2008-08-27 18:36 . 2008-05-28 20:20 674,101 --a------ C:\Users\DvbDream\unins000.exe
2008-08-27 18:36 . 2007-07-06 01:24 654,680 --a------ C:\Users\DvbDream\msvcr90.dll
2008-08-27 18:36 . 2008-02-03 12:13 637,440 --a------ C:\Users\DvbDream\rec_mng.dll
2008-08-27 18:36 . 2008-02-03 02:30 624,128 --a------ C:\Users\DvbDream\eitparser.dll
2008-08-27 18:36 . 2007-07-06 01:24 567,640 --a------ C:\Users\DvbDream\msvcp90.dll
2008-08-27 18:36 . 2007-07-05 20:05 224,768 --a------ C:\Users\DvbDream\msvcm90.dll
2008-08-27 18:36 . 2005-07-09 09:53 143,360 --a------ C:\Users\DvbDream\smartpci.dll
2008-08-27 18:36 . 2003-05-18 13:24 96,768 --a------ C:\Users\DvbDream\adpsi30.dll
2008-08-27 18:36 . 2008-05-28 20:20 40,123 --a------ C:\Users\DvbDream\unins000.dat
2008-08-27 18:36 . 2006-02-19 11:59 23,481 --a------ C:\Users\DvbDream\des.dll
2008-08-27 18:36 . 2004-11-29 23:29 6,656 --a------ C:\Users\DvbDream\dreamstart.exe
2008-08-27 18:36 . 2008-02-04 00:10 1,833 --a------ C:\Users\DvbDream\rc.dat
2008-08-27 18:36 . 2007-09-10 20:09 54 --a------ C:\Users\DvbDream\ddreg.bat
2008-08-25 20:33 . 2008-08-25 20:34 <DIR> d-------- C:\Users\Public\ie7updates
2008-08-22 23:16 . 2008-08-22 23:16 <DIR> d-------- C:\Program Files\Pure Networks
2008-08-22 23:14 . 2008-08-22 23:29 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-08-22 23:13 . 2008-08-22 23:29 <DIR> d-------- C:\Users\All Users\Pure Networks
2008-08-22 23:13 . 2008-08-22 23:29 <DIR> d-------- C:\ProgramData\Pure Networks
2008-08-18 22:39 . 2008-08-18 22:39 <DIR> d-------- C:\Users\Murat\AppData\Roaming\U3
2008-08-15 21:46 . 2008-08-15 21:46 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro
2008-08-15 21:44 . 2008-08-07 23:18 245,760 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2008-08-13 00:03 . 2008-07-16 04:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-12 23:56 . 2008-06-27 04:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-12 23:56 . 2008-06-27 07:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-12 23:56 . 2008-04-10 08:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-12 23:56 . 2008-06-19 06:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-12 23:56 . 2008-04-18 08:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-12 19:33 . 2008-08-12 19:33 <DIR> d-------- C:\Users\All Users\DFX
2008-08-12 19:33 . 2008-08-12 19:33 <DIR> d-------- C:\ProgramData\DFX
2008-08-12 19:33 . 2008-08-12 19:33 <DIR> d-------- C:\Program Files\Common Files\DFX
2008-08-12 19:18 . 2008-08-12 19:18 <DIR> d-------- C:\Program Files\Ashampoo
2008-08-08 23:22 . 2008-09-04 00:02 69 --a------ C:\Windows\NeroDigital.ini
2008-08-08 22:28 . 2008-08-08 22:28 <DIR> d-------- C:\Users\Murat\AppData\Roaming\Nero
2008-08-08 22:24 . 2008-08-08 22:24 <DIR> d-------- C:\Users\All Users\Nero
2008-08-08 22:24 . 2008-08-08 22:24 <DIR> d-------- C:\ProgramData\Nero
2008-08-08 22:24 . 2008-08-08 22:27 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-08-08 22:10 . 2008-09-02 19:35 <DIR> d-a------ C:\Users\All Users\TEMP
2008-08-08 22:10 . 2008-09-02 19:35 <DIR> d-a------ C:\ProgramData\TEMP
2008-08-08 22:10 . 2008-08-08 22:15 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-08-08 22:07 . 2008-08-08 22:07 <DIR> d-------- C:\Windows\Profiles
2008-08-08 22:07 . 2008-08-08 22:10 <DIR> d-------- C:\Users\Murat\AppData\Roaming\URSoft
2008-08-08 21:55 . 2008-08-08 22:24 <DIR> d-------- C:\Program Files\Nero
2008-08-08 21:55 . 2008-08-08 21:55 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-08-08 20:23 . 2008-08-08 20:29 <DIR> d-------- C:\Program Files\RegistryFix6
2008-08-07 23:18 . 2008-08-16 13:53 <DIR> d-------- C:\Program Files\AskTBar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 12:53 --------- d-----w C:\Program Files\Chameleon Clock
2008-09-04 12:40 --------- d-----w C:\Program Files\Ey DSL! 2.0
2008-09-04 09:28 --------- d-----w C:\Program Files\Microsoft Works
2008-09-03 19:50 --------- d-----w C:\Program Files\SiberSozluk
2008-09-03 12:32 --------- d-----w C:\Users\Murat\AppData\Roaming\LimeWire
2008-09-02 21:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-31 19:22 --------- d-----w C:\Program Files\DVB-S PowerInstall
2008-08-31 19:22 --------- d-----w C:\Program Files\Common Files\Elecard
2008-08-30 21:24 --------- d-----w C:\Program Files\FlashGet
2008-08-28 15:44 --------- d-----w C:\Program Files\Winamp
2008-08-28 15:44 --------- d-----w C:\Program Files\RocketDock
2008-08-28 15:44 --------- d-----w C:\Program Files\Hava Civa
2008-08-25 18:51 2,932 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-08-19 17:00 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-12 21:03 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-12 21:00 --------- d-----w C:\Program Files\Windows Mail
2008-08-12 16:46 --------- d-----w C:\Program Files\DFX
2008-08-09 23:01 24,944 ----a-w C:\Windows\system32\drivers\GVTDrv.sys
2008-08-09 18:15 --------- d-----w C:\ProgramData\RoboForm
2008-08-09 18:15 --------- d-----w C:\Program Files\LimeWire Turbo Accelerator
2008-08-09 17:59 --------- d--h--w C:\ProgramData\{585A445F-1CE2-4686-A6E6-E42E11BF74A4}
2008-08-09 17:42 --------- d-----w C:\Program Files\EA Sports
2008-08-08 18:58 --------- d-----w C:\Users\Murat\AppData\Roaming\Ahead
2008-08-03 17:30 --------- d-----w C:\ProgramData\TechSmith
2008-08-03 17:30 --------- d-----w C:\Program Files\TechSmith
2008-08-03 17:28 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-03 17:24 --------- d-----w C:\Program Files\DDD Pool
2008-08-03 17:23 --------- d-----w C:\Program Files\ReflexiveArcade
2008-07-23 18:15 --------- d-----w C:\ProgramData\Trymedia
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-18 19:15 --------- d-----w C:\Users\Murat\AppData\Roaming\Corel
2008-07-18 19:04 --------- d-----w C:\ProgramData\Corel
2008-07-18 19:02 --------- d-----w C:\Program Files\Common Files\Corel
2008-07-18 19:01 --------- d-----w C:\Program Files\Corel
2008-07-16 17:56 --------- d-----w C:\Program Files\Java
2008-07-13 14:06 --------- d-----w C:\Program Files\mpgconv
2008-07-05 21:17 --------- d-----w C:\Program Files\LimeWire
2008-07-01 19:20 174 --sha-w C:\Program Files\desktop.ini
2008-07-01 19:04 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-01 19:04 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-01 18:36 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-07-01 18:36 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-06-29 18:48 311,128 ----a-w C:\Windows\System32\libssl32.dll
2008-06-29 18:48 1,526,468 ----a-w C:\Windows\System32\libeay32.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-18 19:34 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-13 16:26 1,784,320 ----a-w C:\Program Files\autorun.dat
2008-03-13 16:21 88,497,795 ----a-w C:\Program Files\Group3.cab
2008-03-07 12:35 21,060 ----a-w C:\Program Files\config.dat
2008-02-17 21:24 13,904,959 ----a-w C:\Users\Public\K-Lite Codec Pack 3,75 Full.exe
2008-02-17 19:14 1,048,576 ----a-w C:\Program Files\6a79og0b.0
2008-02-17 19:13 69,794 ----a-w C:\Program Files\bios.ini
2008-02-17 19:13 528 ----a-w C:\Program Files\CONFIG.INI
2008-02-17 19:13 29 ----a-w C:\Program Files\new_ver.ini
2008-02-14 12:28 29 ----a-w C:\Program Files\version.ini
2008-02-14 12:23 231,944 ----a-w C:\Program Files\gwflash.exe
2008-01-28 08:54 397,312 ----a-r C:\Program Files\AutoRun.exe
2008-01-28 08:54 380,928 ----a-r C:\Program Files\EASetup.exe
2008-01-22 08:02 10,446 ----a-r C:\Program Files\clpc.ico
2007-09-21 17:42 19,008 ----a-w C:\Program Files\markfun.a64
2007-08-21 17:49 17,912 ----a-w C:\Program Files\markfun.w32
2007-08-21 17:49 125,504 ----a-w C:\Program Files\MarkFunDrv.dll
2007-03-30 02:36 301 ----a-w C:\Program Files\update.ini
2007-03-02 02:48 240,448 ----a-w C:\Program Files\gwf32.exe
2006-11-23 21:47 207,680 ----a-w C:\Program Files\BIOS_Run.exe
2006-11-23 21:40 60,224 ----a-w C:\Program Files\HUADRV.DLL
2005-04-27 17:40 6,800 ----a-w C:\Program Files\W95_HUA.vxd
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-15 171448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 125952]
"HomeAlarm"="C:\Program Files\Chameleon Clock\ChamClock.exe" [2007-12-11 709632]
"Google Update"="C:\Users\Murat\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Ashampoo Core Tuner"="C:\Program Files\Ashampoo\Ashampoo Core Tuner\ct.exe" [2008-08-06 1125720]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2008-08-08 91432]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 C:\Windows\RtHDVCpl.exe]

C:\Users\Murat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ey DSL! 2.0.lnk - C:\Program Files\Ey DSL! 2.0\EyDSL.exe [2008-07-29 378368]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Philips SNU5600 Wireless USB Adapter.lnk - C:\Program Files\philips\Philips SNU5600 Wireless USB Adapter Utility\PHUSBBGMonitor.exe [2007-06-20 1077248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Server4PC.lnk]
backup=C:\Windows\pss\Server4PC.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
--a------ 2006-01-25 00:07 61440 C:\Windows\VM303_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-11 18:06 81920 C:\Windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-12-11 18:06 86016 C:\Windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-02-15 20:07 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VM30xSnap]
--a------ 2007-02-05 19:37 53248 C:\Windows\VM30xSnap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3441214799-3378290686-3917231324-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\philips\\Philips SNU5600 Wireless USB Adapter Utility\\PHUSBBGMonitor.exe"= C:\Program Files\philips\Philips SNU5600 Wireless USB Adapter Utility\PHUSBBGMonitor.exe:*:Enabled:WLAN configuration utility

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{5B69064A-6766-4C1C-8211-93C16BA443BD}C:\\program files\\gigabyte\\et5pro\\update.exe"= UDP:C:\program files\gigabyte\et5pro\update.exe:ftptest
"UDP Query User{3424BD2B-B44B-4654-9AAC-9675D287C58B}C:\\program files\\gigabyte\\et5pro\\update.exe"= TCP:C:\program files\gigabyte\et5pro\update.exe:ftptest
"TCP Query User{63E85F05-45A9-4EAD-A265-C0F30F90C1C4}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{3CCC8907-95B0-4ACE-8261-3A3219A50939}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{14A2DFD6-0997-4E53-A0B2-053A315B22B9}C:\\program files\\gigabyte\\@bios\\gwflash.exe"= UDP:C:\program files\gigabyte\@bios\gwflash.exe:gwflash
"UDP Query User{16CFD85B-499C-408F-995A-9890E6AFD06C}C:\\program files\\gigabyte\\@bios\\gwflash.exe"= TCP:C:\program files\gigabyte\@bios\gwflash.exe:gwflash
"{A740AC40-8CFF-43C8-9B6C-FA1232FF0B09}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{AD2C0EAA-46AD-4B08-BDAD-D5137DEEE49F}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{437E4654-82AB-438F-8097-C51D8315E546}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{61EC0D57-509D-4AD2-BEB1-433876346AAC}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{E5A68EE5-FF78-483C-B4EA-75EC29A649A2}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{4E278BC1-1FAF-48AA-9136-D2AAD43F4B13}C:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= UDP:C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"UDP Query User{38E34639-76BF-41D3-9BFA-FF31732CDF6F}C:\\program files\\intuwave\\shared\\mrouterruntime\\mrouterruntime.exe"= TCP:C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime Module
"TCP Query User{77325EE7-1339-409D-81CF-10F19F12FB3A}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{5D12FA6C-9F2B-4786-8889-00EACF4DC41C}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"TCP Query User{218AFCC4-8177-4B76-A6AE-52654A615F16}C:\\program files\\electronic arts\\need for speed carbon\\nfsc.exe"= UDP:C:\program files\electronic arts\need for speed carbon\nfsc.exe:NFSC
"UDP Query User{CC4C14FB-4030-416D-8377-1EA2BC703D5F}C:\\program files\\electronic arts\\need for speed carbon\\nfsc.exe"= TCP:C:\program files\electronic arts\need for speed carbon\nfsc.exe:NFSC
"TCP Query User{E0C935CC-B508-4C95-889B-98E90F45A803}C:\\program files\\sony ericsson\\mobile4\\sync manager\\dxp syncml.exe"= UDP:C:\program files\sony ericsson\mobile4\sync manager\dxp syncml.exe:DXP SyncML Module
"UDP Query User{516C6FB1-440D-4EB1-BC3D-9ABCE8A3B933}C:\\program files\\sony ericsson\\mobile4\\sync manager\\dxp syncml.exe"= TCP:C:\program files\sony ericsson\mobile4\sync manager\dxp syncml.exe:DXP SyncML Module
"TCP Query User{1F16B098-E6C5-44C6-A644-72FA81670FC8}C:\\winclip\\winclip.exe"= UDP:C:\winclip\winclip.exe:WinClip
"UDP Query User{34E4017F-B826-4EA7-99F2-7700B0B61C0F}C:\\winclip\\winclip.exe"= TCP:C:\winclip\winclip.exe:WinClip
"{8E02A093-C1E6-44FE-9FA0-189B7DF86681}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"TCP Query User{7C0B247D-BB10-42A7-9A3F-323EEC174F51}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.2.407\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.2.407\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{F8023EAE-347C-4B5A-9D38-ED57F958B9D6}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.2.407\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.2.407\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"TCP Query User{BF8DB216-934F-46E1-9364-2BDB64E4BA8C}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{5E939B35-5385-49E1-883F-FFA52CB26DEC}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{5345B685-74CE-4CA3-B2FD-2A83D9836CC0}C:\\program files\\intersat\\counter strike client\\hl.exe"= UDP:C:\program files\intersat\counter strike client\hl.exe:Half-Life Launcher
"UDP Query User{1E409F1C-8774-4771-8E97-F424C875E4D8}C:\\program files\\intersat\\counter strike client\\hl.exe"= TCP:C:\program files\intersat\counter strike client\hl.exe:Half-Life Launcher
"TCP Query User{F9060534-EC78-4674-8FD9-4C5C90720CDF}C:\\program files\\flashget network\\flashget\\flashget.exe"= UDP:C:\program files\flashget network\flashget\flashget.exe:flashget
"UDP Query User{9090FA88-0C90-4335-B670-1D76D3503B36}C:\\program files\\flashget network\\flashget\\flashget.exe"= TCP:C:\program files\flashget network\flashget\flashget.exe:flashget
"{6B89CFC4-99D6-4FEA-81A8-330A0297E664}"= UDP:C:\Program Files\Ey DSL! 2.0\JdxWeb.exe:Ey DSL! 2.0
"{526496B6-1D45-4C91-B5BA-448CA1702D7C}"= TCP:C:\Program Files\Ey DSL! 2.0\JdxWeb.exe:Ey DSL! 2.0
"TCP Query User{CD82C16E-81B5-4F63-BCD3-9C230BE02E40}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{BF6B1D9A-99F7-4660-8714-D009F9A6BD21}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{2D80F88B-E0BE-4D11-B05A-38BFC9F4E4AE}C:\\program files\\nero\\nero8\\nero burning rom\\nero.exe"= UDP:C:\program files\nero\nero8\nero burning rom\nero.exe:Nero Express
"UDP Query User{A44F9FA4-B909-439F-B09C-225FF3F281E3}C:\\program files\\nero\\nero8\\nero burning rom\\nero.exe"= TCP:C:\program files\nero\nero8\nero burning rom\nero.exe:Nero Express
"TCP Query User{A07843CA-2264-4E77-A092-7E256C0AEE1A}C:\\dvbdream\\dvbdream.exe"= UDP:C:\dvbdream\dvbdream.exe:dvbdream
"UDP Query User{94647EC6-AFA3-4891-9FCB-2B2268E2F61A}C:\\dvbdream\\dvbdream.exe"= TCP:C:\dvbdream\dvbdream.exe:dvbdream
"TCP Query User{D8229F8A-F482-45CA-8241-5D74366ADE84}C:\\program files\\winlirc\\winlirc.exe"= UDP:C:\program files\winlirc\winlirc.exe:winlirc
"UDP Query User{71884F33-2138-4637-8D10-BFFEAB133764}C:\\program files\\winlirc\\winlirc.exe"= TCP:C:\program files\winlirc\winlirc.exe:winlirc
"{824C777A-A9AA-4B2A-A543-8E32A6E3B407}"= C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"TCP Query User{DF9ED91B-2C0F-4582-AC46-DD59948FF987}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{A7D4CDF9-4CD1-4BAB-BDBD-879DCC6A06E8}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\philips\\Philips SNU5600 Wireless USB Adapter Utility\\PHUSBBGMonitor.exe"= C:\Program Files\philips\Philips SNU5600 Wireless USB Adapter Utility\PHUSBBGMonitor.exe:*:Enabled:WLAN configuration utility
"C:\\Program Files\\FlashGet network\\FlashGet\\FlashGet.exe"= C:\Program Files\FlashGet network\FlashGet\FlashGet.exe:*:Enabled:Flashget2
"C:\\Program Files\\FlashGet network\\FlashGet\\LiveUpdate.exe"= C:\Program Files\FlashGet network\FlashGet\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"C:\\Program Files\\FlashGet network\\FlashGet\\LiveUpdateEx.exe"= C:\Program Files\FlashGet network\FlashGet\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-08-08 10:15 41456]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 ChamClock Set Time Service for Vista;Chameleon Clock Set Time for Vista;C:\Program Files\Chameleon Clock\settime.exe [2007-06-27 58880]
R2 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2004-10-25 17664]
R3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 O4501;802.11g Wireless USB Adapter Service;C:\Windows\system32\DRIVERS\O4501U.sys [2007-06-28 870400]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\Windows\system32\DRIVERS\SkyNET.SYS [2007-10-01 419344]
R3 VM30xx86;Vimicro USB PC Camera (ZC030x);C:\Windows\system32\Drivers\vm30xx86.sys [2007-01-29 1294336]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\Windows\system32\DRIVERS\zebrceb.sys [2007-04-13 62984]
S3 CH341SER;CH341SER;C:\Windows\system32\Drivers\CH341SER.SYS [2006-06-05 35824]
S3 SaiHFF0D;SaiHFF0D;C:\Windows\system32\DRIVERS\SaiHFF0D.sys [2007-01-30 126344]
S3 SaiUFF0D;SaiUFF0D;C:\Windows\system32\DRIVERS\SaiUFF0D.sys [2007-01-30 27264]
S3 zebrbus;Sony Ericsson Composite Device driver;C:\Windows\system32\DRIVERS\zebrbus.sys [2007-04-13 83080]
S3 zebrmdfl;Sony Ericsson Modem Filter;C:\Windows\system32\DRIVERS\zebrmdfl.sys [2007-04-13 15112]
S3 zebrmdm;Sony Ericsson Port (WDM);C:\Windows\system32\DRIVERS\zebrmdm.sys [2007-04-13 108296]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\Windows\system32\DRIVERS\zebrmdmc.sys [2007-04-13 108424]
S3 zebrsce;Sony Ericsson PC-Connect Port;C:\Windows\system32\DRIVERS\zebrsce.sys [2007-04-13 90888]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03f22388-dd59-11dc-ba22-00d0d712976f}]
\shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61a06e1d-dd8d-11dc-bcc1-00d0d712976f}]
\shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ccf8583-dd7e-11dc-8563-00d0d712976f}]
\shell\AutoRun\command - H:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ccf85a1-dd7e-11dc-8563-00d0d712976f}]
\shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b2677ad-db66-11dc-916b-806e6f6e6963}]
\shell\AutoRun\command - G:\Run.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c24d9a1a-0ebd-11dd-8ce6-00d0d712976f}]
\shell\AutoRun\command - J:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c24d9a1b-0ebd-11dd-8ce6-00d0d712976f}]
\shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf9b7c15-5fba-11dd-bf36-00d0d712976f}]
\shell\AutoRun\command - M:\uis.com
\shell\explore\Command - M:\uis.com
\shell\open\Command - M:\uis.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf9b7c16-5fba-11dd-bf36-00d0d712976f}]
\shell\AutoRun\command - N:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-TrueImageMonitor - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Murat\AppData\Roaming\Mozilla\Firefox\Profiles\9sfhue0b.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.tr/ig?hl=tr
FF -: plugin - C:\Users\Murat\AppData\Local\Google\Update\1.2.131.11\npGoogleOneClick5.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 15:53:41
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2008-09-04 15:57:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-04 12:57:08

Pre-Run: 7,954,612,224 bayt boş
Post-Run: 8,912,687,104 bayt boŸ

440 --- E O F --- 2008-09-04 02:54:50


_____________________________



Amcam ister fenerli olayım
Dayım ister cimbomlu olayım
Amcamın dayımın .....koyayım
Alayına isyan Beşiktaş'lıyım
serji

Mesaj: 7226
Bu kullanıcının bu kategori altındaki blog mesajlarına git Bu kullanıcının DH Blog sayfasina git


Sisteme Gözat

 4 Eylül 2008; 16:50:45 
Bu mesajla ilgili şikayetinizi bu icon a tıklayarak yapabilirsiniz.

quote:

Orjinalden alıntı: muratgrb

Yine uzun bir liste olacak sanırım. Log Report'u aşağıya kopyalıyor ve sıradaki programla tarama hangisi onu beklemeye başlıyorum.

Buyuk kismini hallettik isin artik son rotuslar kaldi.Sonra tertemiz bir pc olacak ins

Malwarebytes Antimalware adlı programı indirin.

http://www.guvenlikuzmanim.com/dosyalar/mbam-setup.exe

* Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
* Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
* Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
* Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
* Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
* Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
* Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
* Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
* Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.

_____________________________

HijackThis Kayit Dosyasi Analizi. Sistem Performansinizi artirin ve Guvenliginizi saglayin.
Sisteminizi detaylarıyla inceletip analiz sonuçlarına göre açıklarını kapatmayı ve hızını artırmayı istiyorsanız tıklayın.
blindshadow

 

Mesaj: 6


 4 Eylül 2008; 18:48:14 
Bu mesajla ilgili şikayetinizi bu icon a tıklayarak yapabilirsiniz.
üstat dediğin gibi fix ledim söylediklerini, daha sonra bir log daha aldım sonuçlar aşşağıda, ayrıca ilgin ve alakan için gerçekten çok teşekkür ederim,


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:03, on 04.09.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\pc\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay] C:\WINDOWS\system32\MSTMON_N.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdrid.exe] C:\WINDOWS\system32\kdrid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1AD9457-6E38-49DC-B5C9-F616FE076282}: NameServer = 85.255.116.73,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF62FC7F-13F0-4088-A0B5-4454A24E2DE2}: NameServer = 4.2.2.2,4.2.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.73 85.255.112.187
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.73 85.255.112.187
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.73 85.255.112.187
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.116.73 85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.73 85.255.112.187
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 4786 bytes


_____________________________
muratgrb

Mesaj: 13


 4 Eylül 2008; 19:58:23 
Bu mesajla ilgili şikayetinizi bu icon a tıklayarak yapabilirsiniz.
Hocam Malwarebytes ile taramayı yaptım. Birisi avastın kurulum klasöründe kalmış bir keygen ve birde msn klasöründeki bir exe dosyası olmak üzere iki virüs buldu. Ben daha detaylı bir liste bekliyordum ama sonuç böyle. Tabi sen daha iyi analiz edersin...
Birde şöyle bir durum var. Combofix'le tarama yaptıktan sonra avast sistem tepsisinden kayboldu. Başlangıçta açılmıyor artık. Ayrıca flashget, outlook gibi bir kaç programında ayarlarını sıfırlamış. Bu konuda da bir tafsiyeniz olursa sevinirim. Şu an avast çalışmadığı için virüs gitti mi duruyor mu bilemiyorum. Çünkü sistemim 8 aydır çok stabil bir şekilde çalışıyordu. Virüs bulaştığında da şu andada stabilite sorunu yok. Virüsün tek etkisi ise arada bir avast ile uyarı vermesi ve arada bir pop-up penceresi açmasıydı. Tamam dersen avastı yeniden kurarak devam edeceğim.
İnşallah başarılı olmuşuzdur. Bunca emeğin zayi olmasın. Olsada olmasada hakkını helal et. Baya vaktini aldık. Malwarebytesin verdiği son raporuda gönderiyorum. Görüşmek üzere...

Malwarebytes' Anti-Malware 1.26
Veribankasi versiyonu: 1112
Windows 6.0.6001 Service Pack 1

04.09.2008 19:09:04
mbam-log-2008-09-04 (19-09-04).txt

Tarama Turu: Tam Tarama (C:\|D:\|E:\|L:\|)
Taranan Nesneler: 207397
Gecen Zaman: 57 minute(s), 15 second(s)

Viruslu RAM Islemleri: 0
Viruslu RAM Modulleri: 0
Viruslu Kayit Girdileri: 0
Viruslu Kayit Degeleri: 0
Viruslu Kayit Data Nesneleri: 0
Viruslu Klasorler: 0
Viruslu Dosyalar: 2

Viruslu RAM Islemleri:
(Tehdit Olsuturacak Hicbirsey Tespit Edilmemistir)

Viruslu RAM Modulleri:
(Tehdit Olsuturacak Hicbirsey Tespit Edilmemistir)

Viruslu Kayit Girdileri:
(Tehdit Olsuturacak Hicbirsey Tespit Edilmemistir)

Viruslu Kayit Degeleri:
(Tehdit Olsuturacak Hicbirsey Tespit Edilmemistir)

Viruslu Kayit Data Nesneleri:
(Tehdit Olsuturacak Hicbirsey Tespit Edilmemistir)

Viruslu Klasorler:
(Tehdit Olsuturacak Hicbirsey Tespit Edilmemistir)

Viruslu Dosyalar:
C:\Program Files\Windows Live\Messenger\un_WLM9TR_19029.exe (Adware.Rabio) -> Quarantined and deleted successfully.
C:\Users\Murat\Contacts\Desktop\Geçici Dosyalar\Avast! Professional Edition v4.8.1169_Fit\keygen\Avast!Keygen.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.


_____________________________



Amcam ister fenerli olayım
Dayım ister cimbomlu olayım
Amcamın dayımın .....koyayım
Alayına isyan Beşiktaş'lıyım
serji

Mesaj: 7226
Bu kullanıcının bu kategori altındaki blog mesajlarına git Bu kullanıcının DH Blog sayfasina git


Sisteme Gözat

 4 Eylül 2008; 20:12:56 
Bu mesajla ilgili şikayetinizi bu icon a tıklayarak yapabilirsiniz.

quote:

Orjinalden alıntı: blindshadow

üstat dediğin gibi fix ledim söylediklerini, daha sonra bir log daha aldım sonuçlar aşşağıda, ayrıca ilgin ve alakan için gerçekten çok teşekkür ederim,

rica ederim. yapmang gerekenleri yazdim

ComboFix adlı programı masaüstünüze indirin.

http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe

1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.


quote:

Orjinalden alıntı: muratgrb

Hocam Malwarebytes ile taramayı yaptım. Birisi avastın kurulum klasöründe kalmış bir keygen ve birde msn klasöründeki bir exe dosyası olmak üzere iki virüs buldu. Ben daha detaylı bir liste bekliyordum ama sonuç böyle. Tabi sen daha iyi analiz edersin...
Birde şöyle bir durum var. Combofix'le tarama yaptıktan sonra avast sistem tepsisinden kayboldu. Başlangıçta açılmıyor artık. Ayrıca flashget, outlook gibi bir kaç programında ayarlarını sıfırlamış. Bu konuda da bir tafsiyeniz olursa sevinirim. Şu an avast çalışmadığı için virüs gitti mi duruyor mu bilemiyorum. Çünkü sistemim 8 aydır çok stabil bir şekilde çalışıyordu. Virüs bulaştığında da şu andada stabilite sorunu yok. Virüsün tek etkisi ise arada bir avast ile uyarı vermesi ve arada bir pop-up penceresi açmasıydı. Tamam dersen avastı yeniden kurarak devam edeceğim.
İnşallah başarılı olmuşuzdur. Bunca emeğin zayi olmasın. Olsada olmasada hakkını helal et. Baya vaktini aldık. Malwarebytesin verdiği son raporuda gönderiyorum. Görüşmek üzere...

Virusleri zaten daha once temizlemistik o yuzden bu sekilde bir sonuc cikmasi normal. Su anda sistem temiz. Avast'i kullanmaya devam edeceksen yeniden kurabilirsin bir sorun olmaz. Flashget icin ayarlar da cok sorun olacagini sanmiyorum yaniliyor muyum Ama outlook icin maalesef ayarlari bastan yapmak zorunda kalabilirsin. Yine de eger bu asamada ehrhangi bir sorunla karsilasisran elimden geldigi kadar yardimci olurum. Ama sistemin su anda tertemiz icin rahat olsun. Gule Gule kulan

_____________________________

HijackThis Kayit Dosyasi Analizi. Sistem Performansinizi artirin ve Guvenliginizi saglayin.
Sisteminizi detaylarıyla inceletip analiz sonuçlarına göre açıklarını kapatmayı ve hızını artırmayı istiyorsanız tıklayın.
muratgrb

Mesaj: 13