Yeni Kayıt
Konudaki Resimler
önceki
< Bu mesaj bu kişi tarafından değiştirildi Ducard -- 29 Temmuz 2009; 23:26:05 > |
Hızlı 
Bildirim
Bilgisayarımda Virüs var (trojan, malware yada spyware) birçok program bulamıyor... Avira - Nod32 (2. sayfa)
Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Daha Fazla 
Bu Konudaki Kullanıcılar:
Daha Az 
4 Misafir - 4 Masaüstü
Giriş
Mesaj
-
-
Fazlaca araştırdım ama denk gelmemiştir, ayrıca key lisans vs gibi durumlardan dolayı avira kullanıyorum...
@tcebeci
Avengerda şöyle bir sorun gözüme çarptı, gizli driver bulunudu diyor bi baksan...
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
Hidden driver "sfycyq" found!
ImagePath: system32\drivers\njvecfha.sys
Start Type: 0 (Boot)
Rootkit scan completed.
Warning: Invalid contents in ServiceGroupOrder key!
There may be a driver loading earlier than Avenger!
File "c:\windows\smsWfi.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "c:\windows\smsWfi.exe" not found!
Deletion of file "c:\windows\smsWfi.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
-
"smsWfi.exe" virüsü silinmiş gözüküyor. Son kez USB disklerde takılıyken combofix ile taratıp, log gönderirmisin -
En son Combo log... 01/08/2009
ComboFix 09-07-31.04 - Administrator 01.08.2009 21:33.5.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.3070.2571 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\Program & Driver\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))
.
2009-07-30 09:13 . 2009-07-30 09:13 -------- d-----w- c:\windows\Sun
2009-07-29 08:52 . 2009-07-29 08:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-27 19:58 . 2009-07-27 19:59 -------- d-----w- C:\Downloads
2009-07-27 19:44 . 2009-08-01 18:38 -------- d-----w- c:\program files\FlashGet
2009-07-27 19:35 . 2009-07-27 19:34 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-27 19:34 . 2009-07-27 19:34 -------- d-----w- c:\program files\Java
2009-07-27 19:33 . 2009-07-27 19:33 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-07-27 19:27 . 2009-07-27 19:36 -------- d-----w- c:\program files\LimeWire
2009-07-27 18:57 . 2009-07-27 18:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mininova
2009-07-27 18:57 . 2009-07-27 18:58 -------- d-----w- c:\program files\Mininova
2009-07-26 07:35 . 2009-07-26 07:35 -------- d-----w- c:\program files\MadOnion.com
2009-07-25 18:53 . 2009-07-25 18:53 -------- d-----w- c:\windows\system32\xircom
2009-07-25 18:53 . 2009-07-25 18:53 -------- d-----w- c:\windows\system32\wbem\snmp
2009-07-25 18:53 . 2009-07-25 18:53 -------- d-----w- c:\program files\microsoft frontpage
2009-07-25 16:59 . 2009-07-25 16:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-25 16:58 . 2009-07-13 10:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 16:58 . 2009-07-25 16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 16:58 . 2009-07-25 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-25 16:58 . 2009-07-13 10:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-23 19:34 . 2009-07-23 19:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2009-07-23 18:08 . 2009-07-23 18:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\ESET
2009-07-23 18:07 . 2009-07-23 18:07 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ESET
2009-07-23 18:06 . 2009-07-23 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-21 19:53 . 2008-05-21 12:28 7994 ----a-w- C:\yama.vbs
2009-07-19 14:46 . 2009-07-19 14:46 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-07-19 10:50 . 2009-07-19 10:50 -------- d-----w- c:\program files\Dracula Virüs Temizleyici 3.5
2009-07-17 19:38 . 2009-07-21 19:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-17 19:38 . 2009-07-21 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-17 19:35 . 2009-07-17 19:35 -------- d--h--w- c:\windows\PIF
2009-07-17 17:47 . 2009-08-01 17:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2009-07-16 19:59 . 2008-06-19 14:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-16 19:58 . 2009-07-16 19:58 -------- d-----w- c:\program files\Panda Security
2009-07-12 11:28 . 2009-07-12 11:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-12 09:06 . 2009-07-12 09:06 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-07-10 19:51 . 2009-07-10 19:51 -------- d-----w- c:\program files\Bonjour
2009-07-10 19:46 . 2009-07-10 19:46 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-09 09:20 . 2009-07-09 09:20 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-07-09 09:19 . 2009-07-09 09:19 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-09 04:02 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-09 04:01 . 2009-07-09 04:01 -------- d-----w- c:\windows\ie8updates
2009-07-09 04:01 . 2009-04-30 21:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-09 04:01 . 2009-04-30 21:14 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-07-09 04:01 . 2009-04-30 21:14 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-07-09 04:01 . 2009-04-30 21:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-09 04:00 . 2009-07-09 04:01 -------- dc-h--w- c:\windows\ie8
2009-07-05 13:15 . 2009-07-05 18:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BS_Player
2009-07-05 13:15 . 2009-07-05 13:15 -------- d-----w- c:\program files\Conduit
2009-07-05 13:15 . 2009-07-05 13:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2009-07-05 13:15 . 2009-07-05 13:46 -------- d-----w- c:\program files\BS_Player
2009-07-05 13:15 . 2009-07-05 13:15 -------- d-----w- c:\program files\Webteh
2009-07-05 13:08 . 2009-07-05 13:08 -------- d-----w- c:\program files\AirTies
2009-07-05 13:08 . 2007-03-16 09:53 450944 ----a-w- c:\windows\system32\drivers\TUSB1150.sys
2009-07-05 13:08 . 2006-12-04 12:42 97388 ----a-w- c:\windows\system32\drivers\Fwusb1b.bin
2009-07-03 20:45 . 2009-07-12 17:46 158 ----a-w- C:\tw0001.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 19:37 . 2009-07-27 19:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2009-07-30 18:20 . 2009-06-18 07:35 -------- d-----w- c:\program files\MSN Messenger
2009-07-26 07:35 . 2009-06-18 06:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-25 19:20 . 2009-06-18 16:12 -------- d-----w- c:\program files\Unlocker
2009-07-10 19:51 . 2009-06-18 16:18 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-26 19:05 . 2009-06-26 19:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Datalayer
2009-06-26 19:04 . 2009-06-26 19:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\DIFX
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-26 19:01 . 2009-06-26 19:01 -------- d-----w- c:\program files\Nokia
2009-06-26 19:00 . 2009-06-26 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-06-26 16:57 . 2009-06-18 07:41 68456 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-23 09:52 . 2001-11-22 15:00 68472 ----a-w- c:\windows\system32\perfc01F.dat
2009-06-23 09:52 . 2001-11-22 15:00 383452 ----a-w- c:\windows\system32\perfh01F.dat
2009-06-21 14:30 . 2009-06-21 14:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\GRETECH
2009-06-20 17:06 . 2009-06-18 16:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2009-06-18 17:12 . 2009-06-18 17:06 -------- d-----w- c:\program files\proeWildfire 3.0
2009-06-18 17:00 . 2009-06-18 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-18 16:59 . 2009-06-18 16:59 -------- d-----w- c:\program files\Microsoft Works
2009-06-18 16:58 . 2009-06-18 16:58 -------- d-----w- c:\program files\MSBuild
2009-06-18 16:58 . 2009-06-18 16:58 -------- d-----w- c:\program files\Microsoft.NET
2009-06-18 16:56 . 2009-06-18 16:56 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-18 16:52 . 2009-06-18 16:51 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-18 16:51 . 2009-06-18 16:51 -------- d-----w- c:\program files\Nero
2009-06-18 16:17 . 2009-06-18 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-06-18 16:17 . 2009-06-18 16:17 -------- d-----w- c:\program files\TechSmith
2009-06-18 16:12 . 2009-06-18 16:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Desktopicon
2009-06-18 16:03 . 2009-06-18 16:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-06-18 16:02 . 2009-06-18 16:02 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-18 15:09 . 2009-06-18 15:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-06-18 15:08 . 2009-06-18 15:08 -------- d-----w- c:\program files\VideoLAN
2009-06-18 15:04 . 2009-06-18 15:04 -------- d-----w- c:\program files\HD Tune
2009-06-18 13:25 . 2009-06-18 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-06-18 13:25 . 2009-06-18 13:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI
2009-06-18 10:27 . 2009-06-18 10:27 -------- d-----w- c:\program files\AIMP2
2009-06-18 08:35 . 2009-06-18 08:35 0 ----a-w- c:\windows\ativpsrm.bin
2009-06-18 08:34 . 2009-06-18 08:33 -------- d-----w- c:\program files\ATI Technologies
2009-06-18 08:33 . 2009-06-18 07:45 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-18 08:22 . 2009-06-18 08:22 -------- d-----w- c:\program files\Vimicro
2009-06-18 08:20 . 2009-06-18 06:49 16608 ----a-w- c:\windows\gdrv.sys
2009-06-18 08:18 . 2009-06-18 08:18 319488 ----a-w- c:\windows\HideWin.exe
2009-06-18 08:07 . 2009-06-18 08:07 0 ----a-w- c:\windows\nsreg.dat
2009-06-18 07:53 . 2009-06-18 06:40 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-18 07:53 . 2009-06-18 07:53 12328 ----a-w- c:\documents and settings\beyaz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-18 07:46 . 2009-06-18 07:46 -------- d-----w- c:\program files\Intel
2009-06-18 07:45 . 2009-06-18 06:50 -------- d-----w- c:\program files\Realtek
2009-06-18 06:57 . 2009-06-18 06:57 -------- d-----w- c:\program files\Avira
2009-06-18 06:57 . 2009-06-18 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-18 06:50 . 2009-06-18 06:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-06-18 06:39 . 2009-06-18 06:39 21736 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-16 03:58 . 2009-05-16 03:58 4069888 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-05-16 03:39 . 2009-05-16 03:39 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-05-16 03:38 . 2009-05-16 03:38 335872 ----a-w- c:\windows\system32\ati2dvag.dll
2009-05-16 03:18 . 2009-05-16 03:18 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-05-16 03:17 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-05-16 03:17 . 2009-05-16 03:17 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-05-16 03:17 . 2009-05-16 03:17 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-05-16 03:17 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-05-16 03:15 . 2009-05-16 03:15 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-05-16 03:14 . 2009-05-16 03:14 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-05-16 03:07 . 2009-05-16 03:07 2987136 ----a-w- c:\windows\system32\ati3duag.dll
2009-05-16 02:55 . 2009-05-16 02:55 11423744 ----a-w- c:\windows\system32\atioglxx.dll
2009-05-16 02:54 . 2009-05-16 02:54 2122624 ----a-w- c:\windows\system32\ativvaxx.dll
2009-05-16 02:54 . 2009-05-16 02:54 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-05-16 02:54 . 2009-05-16 02:54 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-05-16 02:51 . 2009-05-16 02:51 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-05-16 02:38 . 2009-05-16 02:38 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-05-16 02:38 . 2009-05-16 02:38 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-05-16 02:33 . 2009-05-16 02:33 479232 ----a-w- c:\windows\system32\atikvmag.dll
2009-05-16 02:31 . 2009-05-16 02:31 139264 ----a-w- c:\windows\system32\atiadlxx.dll
2009-05-16 02:31 . 2009-05-16 02:31 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-05-16 02:30 . 2009-05-16 02:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-05-16 02:26 . 2009-05-16 02:26 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-05-16 02:24 . 2009-05-16 02:24 651264 ----a-w- c:\windows\system32\ati2cqag.dll
2009-05-16 01:35 . 2009-05-16 01:35 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-05-16 01:34 . 2009-05-16 01:34 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-05-16 01:33 . 2009-05-16 01:33 3158016 ----a-w- c:\windows\system32\aticaldd.dll
2009-05-15 18:05 . 2009-06-18 08:33 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-05-13 05:04 . 2008-04-14 06:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-04-14 06:00 345088 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 19:33 . 2009-05-05 19:33 118784 ----a-w- c:\windows\system32\atibtmon.exe
2009-07-22 23:11 . 2009-06-18 08:07 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-25_16.48.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-01 17:57 . 2009-08-01 17:57 16384 c:\windows\system32\config\systemprofile\Local Settings\temp\Perflib_Perfdata_a08.dat
+ 2009-07-29 20:06 . 2009-07-29 20:06 29696 c:\windows\Installer\59f6c58.msi
+ 2009-07-29 20:05 . 2009-07-29 20:05 29926 c:\windows\Installer\{CB7D9F91-E82E-450C-B884-3DB9A7099C73}\MsblIco.Exe
- 2009-07-18 17:48 . 2009-07-18 17:48 29926 c:\windows\Installer\{CB7D9F91-E82E-450C-B884-3DB9A7099C73}\MsblIco.Exe
+ 2009-07-27 19:35 . 2009-07-27 19:34 148888 c:\windows\system32\javaws.exe
+ 2009-07-27 19:35 . 2009-07-27 19:34 144792 c:\windows\system32\javaw.exe
+ 2009-07-27 19:35 . 2009-07-27 19:34 144792 c:\windows\system32\java.exe
+ 2009-07-27 19:34 . 2009-07-27 19:34 562176 c:\windows\Installer\5f1cb6.msi
+ 2009-07-29 20:05 . 2009-07-29 20:05 732160 c:\windows\Installer\59f6c52.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960]
"{f592709f-ff4a-4862-b659-4afabda56312}"= "c:\program files\Mininova\tbMin0.dll" [2009-07-15 2224152]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312}]
2009-07-15 07:09 2224152 ----a-w- c:\program files\Mininova\tbMin0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-05 13:46 2215960 ----a-w- c:\program files\BS_Player\tbBS_1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960]
"{f592709f-ff4a-4862-b659-4afabda56312}"= "c:\program files\Mininova\tbMin0.dll" [2009-07-15 2224152]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960]
"{F592709F-FF4A-4862-B659-4AFABDA56312}"= "c:\program files\Mininova\tbMin0.dll" [2009-07-15 2224152]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-18 133104]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2009-07-30 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"AIMP2"="c:\program files\AIMP2\AIMP2.exe" [2008-12-30 358400]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"BigDog303"="c:\windows\VM303_STI.EXE" [BU]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-27 136600]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.06.2009 09:57 108289]
R3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [05.07.2009 16:08 450944]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [18.06.2009 11:22 428160]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\documents and settings\Administrator\Desktop\RealTemp_3.00\WinRing0.sys [26.07.2009 19:30 14416]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1383384898-1177238915-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 07:30]
2009-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1383384898-1177238915-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 07:30]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Windowss - smsWfi.exe
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {626F8656-8372-48BB-A7AD-C46E20F35E43} = 127.0.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4pnj89e2.default\
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-08-01 21:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2052111302-1383384898-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,47,2b,4b,1a,01,8e,45,96,75,54,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,47,2b,4b,1a,01,8e,45,96,75,54,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1960)
c:\windows\system32\WININET.dll
c:\program files\FlashGet\fgmgr.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-08-01 21:41
ComboFix-quarantined-files.txt 2009-08-01 18:41
ComboFix2.txt 2009-07-26 19:35
ComboFix3.txt 2009-07-26 16:59
ComboFix4.txt 2009-07-26 10:42
ComboFix5.txt 2009-08-01 18:32
Pre-Run: 83.579.682.816 bayt boş
Post-Run: 84.943.335.424 bayt boş
287 --- E O F --- 2009-07-09 04:02
Usbde gizli klasörler artık yok...
-
Temiz görünüyor. 
Yanlız şunu belirteyim, işyerindeki bilgisayarada virüs büyük ihtimalle bulaşmıştır. Eğer flash diskini onada takıyorsan dikkat et. Atlayıp tekrar evdeki bilgisayara bulaşmasın.
< Bu mesaj bu kişi tarafından değiştirildi tcebeci -- 1 Ağustos 2009; 22:49:45 > -
yardımların için çok teşekkür ederim... 
birde zararlıların combodan nasıl anlaşıldığını anlatsan tam olacak...
-
quote:
Orijinalden alıntı: 01mrt
yardımların için çok teşekkür ederim...
birde zararlıların combodan nasıl anlaşıldığını anlatsan tam olacak...
çok şey istiyorsun ama
oda sonraya kalsın
-
Merhaba
Aynı virüsten bizede bulaştı. Combofix ve mbam programlarını indirmeye çalıştım ama verilen linkler çalışmıyor.
Yardımcı olabilirmisiniz?
Teşekkürler -
mbam için
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button
combo için
http://www.gezginler.net/modules/mydownloads/singlefile.php?download=combofix&lid=7011
not: comboyu indirdikten sonra kendisi gerekirse güncelleme yapacaktır...
cevap çok gecikti özür dilerim, işim ve yaşadığım yer değişikliğinden ötürü böyle oldu...
-
@tcebeci
Bu arada yeni bir combo log (başka bir bilgisayara ait)...
ComboFix 09-09-17.04 - MuRaT 18.09.2009 10:26.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.1791.1119 [GMT 3:00]
Running from: c:\documents and settings\MuRaT\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1535911280-805724543-1250089438-1001
c:\documents and settings\MuRaT\Application Data\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\ARPPRODUCTICON.exe
c:\documents and settings\MuRaT\Application Data\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\flatout.exe_853599CE1B5C4FEFB643B8F48F508EDC.exe
c:\documents and settings\MuRaT\Application Data\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\flatout.exe1_853599CE1B5C4FEFB643B8F48F508EDC.exe
c:\program files\driver
c:\windows\Alcmtr.exe
c:\windows\Installer\118559.msi
c:\windows\system32\scrrntr.dll
.
((((((((((((((((((((((((( Files Created from 2009-08-18 to 2009-09-18 )))))))))))))))))))))))))))))))
.
2009-09-18 07:24 . 2009-09-18 07:24 -------- d-----w- c:\documents and settings\MuRaT\Application Data\Malwarebytes
2009-09-18 07:24 . 2009-09-10 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-18 07:24 . 2009-09-18 07:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 07:24 . 2009-09-18 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-18 07:24 . 2009-09-10 11:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-18 07:12 . 2008-03-22 21:37 113896 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2009-09-18 07:12 . 2009-09-18 07:12 -------- d-----w- c:\program files\KeyScrambler
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 07:30 . 2009-05-12 21:01 -------- d-----w- c:\documents and settings\MuRaT\Application Data\Orbit
2009-09-18 07:29 . 2009-04-11 16:44 49152 ----a-w- c:\windows\IgorDRV.dll
2009-09-18 07:29 . 2009-04-11 16:44 25040 ----a-w- c:\windows\system32\drivers\TVicHW32.sys
2009-09-18 07:29 . 2009-05-10 15:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-18 07:18 . 2009-04-15 08:09 -------- d-----w- c:\program files\Total Video Converter
2009-09-18 06:42 . 2008-04-15 12:00 75218 ----a-w- c:\windows\system32\perfc01F.dat
2009-09-18 06:42 . 2008-04-15 12:00 414516 ----a-w- c:\windows\system32\perfh01F.dat
2009-09-17 17:54 . 2009-06-15 15:38 -------- d-----w- c:\documents and settings\MuRaT\Application Data\TeraCopy
2009-08-17 12:17 . 2009-03-26 20:51 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-25 08:26 . 2008-04-15 12:00 729600 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2008-04-15 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2008-04-15 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2008-04-15 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:26 . 2008-04-15 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2008-04-15 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2008-04-15 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-24 203928]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"Fraps"="c:\program files\FRAPS\FRAPS.EXE" [2008-01-14 913064]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"AIMP2"="c:\program files\AIMP2\AIMP2.exe" [2008-12-30 358400]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"MaxBlastMonitor.exe"="c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2008-06-27 1325800]
"AcronisTimounterMonitor"="c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe" [2008-06-27 904776]
"Maxtor Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2008-06-27 136472]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-04-04 1822720]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-10 16126464]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\MuRaT\Start Menu\Programlar\BaŸlang‡\
Girder3.lnk - c:\documents and settings\MuRaT\Desktop\Kumanda\mce-kumanda\girder\Girder.exe [2009-5-2 1576960]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]
c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-5-13 1690824]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"d:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [26.03.2009 23:28 13696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26.03.2009 23:51 108289]
R2 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [27.06.2008 17:03 431384]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [18.09.2009 10:12 113896]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [26.03.2009 23:42 428160]
S1 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\documents and settings\MuRaT\Desktop\hw32_240\HWiNFO32.SYS --> c:\documents and settings\MuRaT\Desktop\hw32_240\HWiNFO32.SYS [?]
S3 ATHFMWDL;Philips USB Wireless Adapter Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [06.05.2009 15:54 43392]
S3 CPWUA6D;Philips USB Wireless Network Adapter Service;c:\windows\system32\drivers\CPWUA6D1.sys [07.05.2009 11:06 285696]
S3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [26.05.2009 12:05 450944]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [21.04.2004 17:51 16384]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\MuRaT\Application Data\Mozilla\Firefox\Profiles\pnw7vyx2.default\
FF - component: c:\documents and settings\MuRaT\Application Data\Mozilla\Firefox\Profiles\pnw7vyx2.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv501.dll
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-BigDog303 - c:\windows\VM303_STI.EXE
HKLM-Run-AirTiesWUS-300 - c:\program files\AirTies\AirTiesWUS-300\WUS300.exe
AddRemove-Allway Sync 'n' Go_is1 - i:\allway sync 'n' go\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-09-18 10:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(964)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(4008)
c:\windows\system32\SHDOCVW.dll
c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2009-09-18 10:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-18 07:31
Pre-Run: 8.946.614.272 bayt boş
Post-Run: 9.750.769.664 bayt boş
171 --- E O F --- 2009-09-11 18:14
-
baya virüs bulaşmış,
mbam
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button
mbam ile gelişmiş tarama yaptıralım, daha sonra combofix ile bir kez daha taratıp her ikisinin log unu gönder. Beni PM ile de uyarırsan iyi olur. -
Mbam Log
Malwarebytes' Anti-Malware 1.41
Veritabanı sürümü: 2819
Windows 5.1.2600 Service Pack 3
18.09.2009 16:50:15
mbam-log-2009-09-18 (16-50-15).txt
Tarama biçimi: Gelişmiş Tarama (C:\|D:\|E:\|F:\|)
Taranan öğeler: 143915
Geçen süre: 15 minute(s), 40 second(s)
Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 0
Etkilenmiş Kayıt Değerleri: 0
Etkilenmiş Kayıt Verisi Öğeleri: 0
Etkilenmiş Klasörler: 0
Etkilenmiş Dosyalar: 0
Etkilenmiş Hafıza İşlemleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Hafıza Modülleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Anahtarları:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Değerleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Verisi Öğeleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Klasörler:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Dosyalar:
(Herhangi bir tehlikeli öğe bulunmadı)
Combo Log
ComboFix 09-09-17.04 - MuRaT 18.09.2009 16:52.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.1791.1117 [GMT 3:00]
Running from: c:\documents and settings\MuRaT\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-08-18 to 2009-09-18 )))))))))))))))))))))))))))))))
.
2009-09-18 07:24 . 2009-09-18 07:24 -------- d-----w- c:\documents and settings\MuRaT\Application Data\Malwarebytes
2009-09-18 07:24 . 2009-09-10 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-18 07:24 . 2009-09-18 07:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 07:24 . 2009-09-18 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-18 07:24 . 2009-09-10 11:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-18 07:12 . 2008-03-22 21:37 113896 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2009-09-18 07:12 . 2009-09-18 07:12 -------- d-----w- c:\program files\KeyScrambler
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 13:52 . 2009-05-10 15:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-18 13:30 . 2008-04-15 12:00 75218 ----a-w- c:\windows\system32\perfc01F.dat
2009-09-18 13:30 . 2008-04-15 12:00 414516 ----a-w- c:\windows\system32\perfh01F.dat
2009-09-18 13:27 . 2009-05-12 21:01 -------- d-----w- c:\documents and settings\MuRaT\Application Data\Orbit
2009-09-18 13:26 . 2009-04-11 16:44 49152 ----a-w- c:\windows\IgorDRV.dll
2009-09-18 13:26 . 2009-04-11 16:44 25040 ----a-w- c:\windows\system32\drivers\TVicHW32.sys
2009-09-18 07:49 . 2009-06-15 15:38 -------- d-----w- c:\documents and settings\MuRaT\Application Data\TeraCopy
2009-09-18 07:18 . 2009-04-15 08:09 -------- d-----w- c:\program files\Total Video Converter
2009-08-17 12:17 . 2009-03-26 20:51 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-25 08:26 . 2008-04-15 12:00 729600 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2008-04-15 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2008-04-15 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2008-04-15 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:26 . 2008-04-15 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2008-04-15 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2008-04-15 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-09-18_07.29.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-15 12:00 . 2009-09-18 06:42 66376 c:\windows\system32\perfc009.dat
+ 2008-04-15 12:00 . 2009-09-18 13:30 66376 c:\windows\system32\perfc009.dat
+ 2008-04-15 12:00 . 2009-09-18 13:30 427592 c:\windows\system32\perfh009.dat
- 2008-04-15 12:00 . 2009-09-18 06:42 427592 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-24 203928]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"Fraps"="c:\program files\FRAPS\FRAPS.EXE" [2008-01-14 913064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"AIMP2"="c:\program files\AIMP2\AIMP2.exe" [2008-12-30 358400]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"MaxBlastMonitor.exe"="c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2008-06-27 1325800]
"AcronisTimounterMonitor"="c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe" [2008-06-27 904776]
"Maxtor Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2008-06-27 136472]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-04-04 1822720]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-10 16126464]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\MuRaT\Start Menu\Programlar\BaŸlang‡\
Girder3.lnk - c:\documents and settings\MuRaT\Desktop\Kumanda\mce-kumanda\girder\Girder.exe [2009-5-2 1576960]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]
c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-5-13 1690824]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"d:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [26.03.2009 23:28 13696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26.03.2009 23:51 108289]
R2 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [27.06.2008 17:03 431384]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [18.09.2009 10:12 113896]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [26.03.2009 23:42 428160]
S1 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\documents and settings\MuRaT\Desktop\hw32_240\HWiNFO32.SYS --> c:\documents and settings\MuRaT\Desktop\hw32_240\HWiNFO32.SYS [?]
S3 ATHFMWDL;Philips USB Wireless Adapter Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [06.05.2009 15:54 43392]
S3 CPWUA6D;Philips USB Wireless Network Adapter Service;c:\windows\system32\drivers\CPWUA6D1.sys [07.05.2009 11:06 285696]
S3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [26.05.2009 12:05 450944]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [21.04.2004 17:51 16384]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\MuRaT\Application Data\Mozilla\Firefox\Profiles\pnw7vyx2.default\
FF - component: c:\documents and settings\MuRaT\Application Data\Mozilla\Firefox\Profiles\pnw7vyx2.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv501.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-09-18 16:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(940)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(996)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(348)
c:\windows\system32\SHDOCVW.dll
c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
Completion time: 2009-09-18 16:56
ComboFix-quarantined-files.txt 2009-09-18 13:56
ComboFix2.txt 2009-09-18 07:32
Pre-Run: 9.784.422.400 bayt boş
Post-Run: 9.768.878.080 bayt boş
145 --- E O F --- 2009-09-11 18:14
-
Herhangi bir sorun görünmüyor
-
int. explorer açtığımda birkaç siteye girdiğimde kablosuz bağlantım kesiliyordu...
combofix çalıştırdım şuan bağlantım gitmiyor ama daha öncede yaptığı gibi aimp müzik çalarken takılıyor, sanki bir sorun var gibi...
mozillada takılma yok ie7 de var anlamadım...
loglar
ComboFix 10-01-11.03 - MuRaT 12.01.2010 15:31:47.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.1791.1298 [GMT 2:00]
Running from: c:\documents and settings\MuRaT\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ccrpTmr6.dll
c:\windows\unins000.dat
c:\windows\unins000.exe
.
((((((((((((((((((((((((( Files Created from 2009-12-12 to 2010-01-12 )))))))))))))))))))))))))))))))
.
2010-01-12 13:26 . 2010-01-12 13:25 414720 ----a-w- c:\windows\system32\CF13641.exe
2010-01-10 10:46 . 2010-01-10 13:48 -------- d-----w- c:\documents and settings\MuRaT\Application Data\Asterisks Password Viewer
2010-01-10 10:40 . 2010-01-10 13:47 -------- d-----w- c:\program files\ABF software
2010-01-10 10:33 . 2010-01-10 10:33 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-10 05:25 . 2010-01-10 05:26 1956528 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-01-10 05:25 . 2010-01-10 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-10 04:10 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-01-10 04:10 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-09 12:06 . 2010-01-09 12:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-09 12:06 . 2010-01-09 12:06 -------- d-----w- c:\program files\Microsoft
2010-01-09 12:05 . 2010-01-09 12:05 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-05 12:46 . 2010-01-05 12:46 -------- d-----w- c:\documents and settings\MuRaT\Local Settings\Application Data\Labcenter Electronics
2010-01-05 12:44 . 2010-01-05 12:44 -------- d-----w- c:\program files\Common Files\Labcenter Electronics
2010-01-05 12:44 . 2005-10-18 15:36 54784 ----a-w- c:\windows\system32\INETWH32.DLL
2010-01-05 12:44 . 2005-10-18 15:36 1048576 ----a-w- c:\windows\system32\ROBOEX32.DLL
2010-01-05 12:44 . 2010-01-05 12:44 -------- d-----w- c:\program files\Labcenter Electronics
2009-12-20 13:38 . 2010-01-10 10:46 -------- d-----w- C:\Downloads
2009-12-19 14:32 . 2009-12-19 14:32 -------- d-----w- C:\Games
2009-12-13 14:04 . 2004-07-09 02:26 354816 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2009-12-13 14:04 . 2004-07-09 02:26 354816 ----a-w- c:\windows\system32\psisdecd.dll
2009-12-13 14:04 . 2004-07-09 02:26 52096 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2009-12-13 14:04 . 2004-07-09 02:26 52096 ----a-w- c:\windows\system32\drivers\msdv.sys
2009-12-13 14:04 . 2004-07-09 02:26 15104 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2009-12-13 14:04 . 2004-07-09 02:26 15104 ----a-w- c:\windows\system32\drivers\mpe.sys
2009-12-13 14:04 . 2004-07-09 02:26 11392 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2009-12-13 14:04 . 2004-07-09 02:26 11392 ----a-w- c:\windows\system32\drivers\bdasup.sys
2009-12-13 14:04 . 2005-12-05 16:07 63696 ----a-w- c:\windows\system32\dxdllreg.exe
2009-12-13 13:44 . 2009-12-13 13:44 554 ----a-w- c:\windows\eReg.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 13:33 . 2008-04-15 12:00 76428 ----a-w- c:\windows\system32\perfc01F.dat
2010-01-12 13:33 . 2008-04-15 12:00 417200 ----a-w- c:\windows\system32\perfh01F.dat
2010-01-12 13:29 . 2009-11-09 20:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-01-12 13:29 . 2009-11-09 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-01-12 13:27 . 2009-05-12 21:01 -------- d-----w- c:\documents and settings\MuRaT\Application Data\Orbit
2010-01-12 13:26 . 2009-05-10 15:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-12 12:50 . 2009-06-15 15:38 -------- d-----w- c:\documents and settings\MuRaT\Application Data\TeraCopy
2010-01-10 12:16 . 2009-09-18 07:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 09:17 . 2009-03-26 20:51 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-09 12:06 . 2009-03-26 20:27 18440 ----a-w- c:\documents and settings\MuRaT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-09 12:05 . 2009-03-27 19:53 -------- d-----w- c:\program files\Windows Live
2010-01-09 09:05 . 2009-03-26 20:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-07 14:07 . 2009-09-18 07:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 14:07 . 2009-09-18 07:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-14 12:31 . 2009-11-09 20:37 -------- d-----w- c:\documents and settings\MuRaT\Application Data\VMware
2009-11-30 13:56 . 2009-11-30 13:56 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2009-11-15 13:42 . 2009-11-15 13:42 -------- d-----w- c:\program files\Croteam
2009-11-08 16:22 . 2009-04-11 16:44 49152 ----a-w- c:\windows\IgorDRV.dll
2009-11-08 16:22 . 2009-04-11 16:44 25040 ----a-w- c:\windows\system32\drivers\TVicHW32.sys
.
------- Sigcheck -------
[-] 2008-04-15 . BDF500F38016C7E1DD490E00DA28CD30 . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-15 . BDF500F38016C7E1DD490E00DA28CD30 . 976384 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-24 203928]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"Fraps"="c:\program files\FRAPS\FRAPS.EXE" [2008-01-14 913064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2007-04-04 1822720]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"MaxBlastMonitor.exe"="c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2008-06-27 1325800]
"AcronisTimounterMonitor"="c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe" [2008-06-27 904776]
"Maxtor Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2008-06-27 136472]
"AIMP2"="c:\program files\AIMP2\AIMP2.exe" [2008-12-30 358400]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2008-09-18 64048]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang�‡\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-5-12 1690824]
Update Scheduler for Proteus Professional 7.lnk - c:\program files\Labcenter Electronics\Proteus 7 Professional\BIN\UDSCHED.EXE [2010-1-5 66076]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"d:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"c:\\Documents and Settings\\MuRaT\\Desktop\\WiFi\\airwin\\bin\\buddy-ng.exe"=
"d:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [26.03.2009 22:28 13696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26.03.2009 22:51 108289]
R2 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [27.06.2008 16:03 431384]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [18.09.2008 23:06 54960]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [18.09.2009 09:12 113896]
R3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [26.05.2009 11:05 450944]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [26.03.2009 22:42 428160]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07.06.2009 13:08 717296]
S1 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\documents and settings\MuRaT\Desktop\hw32_240\HWiNFO32.SYS --> c:\documents and settings\MuRaT\Desktop\hw32_240\HWiNFO32.SYS [?]
S3 ATHFMWDL;Philips USB Wireless Adapter Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [06.05.2009 14:54 43392]
S3 CPWUA6D;Philips USB Wireless Network Adapter Service;c:\windows\system32\drivers\CPWUA6D1.sys [07.05.2009 10:06 285696]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [08.11.2009 12:22 332928]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [21.04.2004 16:51 16384]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
TCP: {4E32316D-2AB0-408F-97F3-0BC5A95CF30A} = 4.2.2.1,4.2.2.2
FF - ProfilePath - c:\documents and settings\MuRaT\Application Data\Mozilla\Firefox\Profiles\pnw7vyx2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tr
FF - component: c:\documents and settings\MuRaT\Application Data\Mozilla\Firefox\Profiles\pnw7vyx2.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv501.dll
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-BigDog303 - c:\windows\VM303_STI.EXE
AddRemove-RecoveryDisk6281_is1 - c:\windows\unins000.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1085031214-879983540-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A6A5BFD-47FA-B036-172A-3DBB72293D79}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1268)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1324)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-01-12 15:35:13
ComboFix-quarantined-files.txt 2010-01-12 13:35
Pre-Run: 6.904.332.288 bayt boş
Post-Run: 7.281.844.224 bayt boş
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT /USEPMTIMER
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 963F37558C882F0D16362B1FC8539B0D
Malwarebytes' Anti-Malware 1.44
Veritabanı sürümü: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
12.01.2010 15:24:16
mbam-log-2010-01-12 (15-24-16).txt
Tarama biçimi: Gelişmiş Tarama (C:\|D:\|E:\|F:\|G:\|)
Taranan öğeler: 220795
Geçen süre: 39 minute(s), 35 second(s)
Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 0
Etkilenmiş Kayıt Değerleri: 0
Etkilenmiş Kayıt Verisi Öğeleri: 0
Etkilenmiş Klasörler: 0
Etkilenmiş Dosyalar: 1
Etkilenmiş Hafıza İşlemleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Hafıza Modülleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Anahtarları:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Değerleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Verisi Öğeleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Klasörler:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Dosyalar:
G:\E'deki\Program\wrar371tr\Unipatch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
< Bu mesaj bu kişi tarafından değiştirildi 01Mrt -- 12 Ocak 2010; 16:50:28 >
-
Norman malware cleaner programını indirip
flash diskleride ekleyip taratın, sonra Combofix le taratın
Her ikisininde loglarını gönderin.
Edit: bir hayli virüs bulaşmış
< Bu mesaj bu kişi tarafından değiştirildi tcebeci -- 12 Ocak 2010; 17:06:33 > -
loglar
ComboFix 10-01-11.03 - MuRaT 12.01.2010 18:36:43.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.1791.1391 [GMT 2:00]
Running from: c:\documents and settings\MuRaT\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((( Files Created from 2009-12-12 to 2010-01-12 )))))))))))))))))))))))))))))))
.
2010-01-12 13:26 . 2010-01-12 13:25 414720 ----a-w- c:\windows\system32\CF13641.exe
2010-01-10 10:46 . 2010-01-10 13:48 -------- d-----w- c:\documents and settings\MuRaT\Application Data\Asterisks Password Viewer
2010-01-10 10:40 . 2010-01-10 13:47 -------- d-----w- c:\program files\ABF software
2010-01-10 10:33 . 2010-01-10 10:33 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-10 05:25 . 2010-01-10 05:26 1956528 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-01-10 05:25 . 2010-01-10 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-10 04:10 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-01-10 04:10 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-09 12:06 . 2010-01-09 12:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-09 12:06 . 2010-01-09 12:06 -------- d-----w- c:\program files\Microsoft
2010-01-09 12:05 . 2010-01-09 12:05 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-05 12:46 . 2010-01-05 12:46 -------- d-----w- c:\documents and settings\MuRaT\Local Settings\Application Data\Labcenter Electronics
2010-01-05 12:44 . 2010-01-05 12:44 -------- d-----w- c:\program files\Common Files\Labcenter Electronics
2010-01-05 12:44 . 2005-10-18 15:36 54784 ----a-w- c:\windows\system32\INETWH32.DLL
2010-01-05 12:44 . 2005-10-18 15:36 1048576 ----a-w- c:\windows\system32\ROBOEX32.DLL
2010-01-05 12:44 . 2010-01-05 12:44 -------- d-----w- c:\program files\Labcenter Electronics
2009-12-20 13:38 . 2010-01-10 10:46 -------- d-----w- C:\Downloads
2009-12-19 14:32 . 2009-12-19 14:32 -------- d-----w- C:\Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 16:40 . 2008-04-15 12:00 76428 ----a-w- c:\windows\system32\perfc01F.dat
2010-01-12 16:40 . 2008-04-15 12:00 417200 ----a-w- c:\windows\system32\perfh01F.dat
2010-01-12 16:36 . 2009-11-09 20:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-01-12 16:36 . 2009-11-09 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-01-12 16:34 . 2009-05-12 21:01 -------- d-----w- c:\documents and settings\MuRaT\Application Data\Orbit
2010-01-12 16:34 . 2009-05-10 15:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-12 12:50 . 2009-06-15 15:38 -------- d-----w- c:\documents and settings\MuRaT\Application Data\TeraCopy
2010-01-10 12:16 . 2009-09-18 07:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 09:17 . 2009-03-26 20:51 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-09 12:06 . 2009-03-26 20:27 18440 ----a-w- c:\documents and settings\MuRaT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-09 12:05 . 2009-03-27 19:53 -------- d-----w- c:\program files\Windows Live
2010-01-09 09:05 . 2009-03-26 20:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-07 14:07 . 2009-09-18 07:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 14:07 . 2009-09-18 07:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-14 12:31 . 2009-11-09 20:37 -------- d-----w- c:\documents and settings\MuRaT\Application Data\VMware
2009-12-13 13:44 . 2009-12-13 13:44 554 ----a-w- c:\windows\eReg.dat
2009-11-30 13:56 . 2009-11-30 13:56 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2009-11-15 13:42 . 2009-11-15 13:42 -------- d-----w- c:\program files\Croteam
2009-11-08 16:22 . 2009-04-11 16:44 49152 ----a-w- c:\windows\IgorDRV.dll
2009-11-08 16:22 . 2009-04-11 16:44 25040 ----a-w- c:\windows\system32\drivers\TVicHW32.sys
.
------- Sigcheck -------
[-] 2008-04-15 . BDF500F38016C7E1DD490E00DA28CD30 . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-15 . BDF500F38016C7E1DD490E00DA28CD30 . 976384 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-12_13.34.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-12 16:36 . 2010-01-12 16:36 16384 c:\windows\temp\Perflib_Perfdata_9fc.dat
+ 2008-04-15 12:00 . 2010-01-12 16:40 67586 c:\windows\system32\perfc009.dat
- 2008-04-15 12:00 . 2010-01-12 13:33 67586 c:\windows\system32\perfc009.dat
+ 2008-04-15 12:00 . 2010-01-12 16:40 430276 c:\windows\system32\perfh009.dat
- 2008-04-15 12:00 . 2010-01-12 13:33 430276 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-24 203928]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"Fraps"="c:\program files\FRAPS\FRAPS.EXE" [2008-01-14 913064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2007-04-04 1822720]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"MaxBlastMonitor.exe"="c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2008-06-27 1325800]
"AcronisTimounterMonitor"="c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe" [2008-06-27 904776]
"Maxtor Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2008-06-27 136472]
"AIMP2"="c:\program files\AIMP2\AIMP2.exe" [2008-12-30 358400]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2008-09-18 64048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-5-12 1690824]
Update Scheduler for Proteus Professional 7.lnk - c:\program files\Labcenter Electronics\Proteus 7 Professional\BIN\UDSCHED.EXE [2010-1-5 66076]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"d:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"c:\\Documents and Settings\\MuRaT\\Desktop\\WiFi\\airwin\\bin\\buddy-ng.exe"=
"d:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [26.03.2009 22:28 13696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26.03.2009 22:51 108289]
R2 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [27.06.2008 16:03 431384]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [18.09.2008 23:06 54960]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [18.09.2009 09:12 113896]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07.06.2009 13:08 717296]
S1 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\documents and settings\MuRaT\Desktop\hw32_240\HWiNFO32.SYS --> c:\documents and settings\MuRaT\Desktop\hw32_240\HWiNFO32.SYS [?]
S3 ATHFMWDL;Philips USB Wireless Adapter Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [06.05.2009 14:54 43392]
S3 CPWUA6D;Philips USB Wireless Network Adapter Service;c:\windows\system32\drivers\CPWUA6D1.sys [07.05.2009 10:06 285696]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [08.11.2009 12:22 332928]
S3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [26.05.2009 11:05 450944]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [26.03.2009 22:42 428160]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [21.04.2004 16:51 16384]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
TCP: {4E32316D-2AB0-408F-97F3-0BC5A95CF30A} = 4.2.2.1,4.2.2.2
FF - ProfilePath - c:\documents and settings\MuRaT\Application Data\Mozilla\Firefox\Profiles\pnw7vyx2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tr
FF - component: c:\documents and settings\MuRaT\Application Data\Mozilla\Firefox\Profiles\pnw7vyx2.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv501.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2010-01-12 18:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1085031214-879983540-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A6A5BFD-47FA-B036-172A-3DBB72293D79}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1184)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1240)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-01-12 18:55:30
ComboFix-quarantined-files.txt 2010-01-12 16:55
ComboFix2.txt 2010-01-12 13:35
Pre-Run: 7.113.007.104 bayt boş
Post-Run: 7.186.632.704 bayt boş
- - End Of File - - 710981457CED903F0B1A4C37F7FC817B
Norman Malware Cleaner
Version 1.6.2
Copyright © 1990 - 2009, Norman ASA. Built 2010/01/12 10:16:01
Norman Scanner Engine Version: 6.04.03
Nvcbin.def Version: 6.04.00, Date: 2010/01/12 10:16:01, Variants: 4681230
Scan started: 12/01/2010 17:48:34
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
Logged on user: MRT\MuRaT
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> SFCScan = 0x00000000
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
Scanning bootsectors...
Number of sectors found: 0
Number of sectors scanned: 0
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s
Scanning running processes and process memory...
Number of processes/threads found: 5636
Number of processes/threads scanned: 5636
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 1m 42s
Scanning file system...
Scanning: prescan
Scanning: C:\*.*
C:\Documents and Settings\MuRaT\Desktop\usb\MRT\11-Klite.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
C:\Documents and Settings\MuRaT\Desktop\usb\pro\BSplayer.Pro.2.50.built.1011.rar/BSplayer.Pro.2.50.built.1011\bsplayer_pro250.1011.exe/noname.nsis/file29/fsback.bmp (Error whilst scanning file: I/O Error (0x00220005))
C:\Documents and Settings\MuRaT\Desktop\usb\pro\BSplayer.Pro.2.50.built.1011.rar/BSplayer.Pro.2.50.built.1011\bsplayer_pro250.1011.exe/noname.nsis/file30 (Error whilst scanning file: I/O Error (0x00220005))
C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AxSrvUACHlper.exe (Infected with W32/Suspicious_Gen2.dam)
Deleted file
C:\Program Files\Labcenter Electronics\Proteus 7 Professional\BIN\SDFGEN.EXE (Infected with W32/Stration.MNK)
Deleted file
C:\Program Files\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img/root.img (Error whilst scanning file: I/O Error (0x0022000A))
C:\Program Files\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img (Possible archive bomb)
Scanning: D:\*.*
Scanning: E:\*.*
E:\Film\Arşiv\Lost\Arşiv\Sezon 4\Altyazı\Lost.4x06......TR_ALtyazi..........The_Other_Woman.PROPER.HDTV_XviD-FoV.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\Film\Arşiv\Lost\Arşiv\Sezon 4\Altyazı\lost.s04e05.hdtv.xvid-0tv_-_TR_-_Altyazi.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\Film\Arşiv\Lost\Lost Sezon 5\Lost s05e01\Y.i.t.i.k.s05b01.TRaltyazi.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\Program\AdbeRdr90_tr_TR.exe (Infected with W32/Smalltroj.LUCH)
Deleted file
E:\Program\Adobe_Photoshop_CS3_Extended_Portable.rar/Adobe Photoshop CS3 Extended Portable\Photoshop Cs3.exe (Infected with W32/Perfloger.APS)
Deleted file
E:\Program\Babylon_Portable_7.0.3.23.exe (Infected with W32/Agent.GYYJ)
Deleted file
E:\Program\Oyun\speed.exe (Infected with W32/Agent.JCIX)
Deleted file
E:\Program\Oyun\Turt1x.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\Program\Portable_K-Lite_Codec_Pack_5.0.5_Full.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\Program\WinXP_USB\SSS6690_USB_Flash_Sorting_v4.002.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\Program\WinXP_USB\SSS6690_USB_Flash_Sorting_v4.002.rar/RR (Error whilst scanning file: I/O Error (0x00220000))
E:\Program\WinXP_USB\UT165_UFDUtility_v3.2.4.0.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\Program\WinXP_USB\UT165_UFDUtility_v3.2.4.0.rar/RR (Error whilst scanning file: I/O Error (0x00220000))
E:\Program\WinXP_USB\v1.96.00.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\Program\WinXP_USB\Yeni Klasör\ChipGenius_v3.0.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\Program\WinXP_USB\Yeni Klasör\ChipGenius_v3.0.rar/RR (Error whilst scanning file: I/O Error (0x00220000))
E:\Program\WinXP_USB\Yeni Klasör\SK6211_20090227_BA.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\Program\WinXP_USB\Yeni Klasör\SK6211_20090227_BA.rar/RR (Error whilst scanning file: I/O Error (0x00220000))
E:\Program\WinXP_USB\Yeni Klasör\UsbIDCheck.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\Program\WinXP_USB\Yeni Klasör\UsbIDCheck.rar/RR (Error whilst scanning file: I/O Error (0x00220000))
E:\Program\WLMUniversalPatcherPlusPlus101.exe (Infected with Suspicious_Gen2.ALAQ)
Deleted file
E:\w810i\Pacth\large_lcd_font_for_hours_in_sleep_mode_v1.1_w810_r4ea031.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\w810i\Pacth\W810i 031 CID49 Patch (268 tane)\Java Başlatılıyor Mesajını Silme Patchi.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\w810i\Pacth\W810i 031 CID49 Patch (268 tane)\saat fontu büyütme.rar/saat fontu bytme\saat_fontu_w810_r4ea031.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\w810i\Pacth\W810i 031 CID49 Patch (268 tane)\Tel Hafızasındaki Diger Klasörüne Atılan GFX Dosyasının Pacthi.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\w810i\Pacth\W810i 031 CID49 Patch (268 tane)\Yazıları İnceltme Patchi.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\w810i\Rarlar\açılan\Blue_Radioactive_SysGfx_Icons_by_PM5k.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\w810i\Rarlar\açılan\Icons_Complite.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\w810i\Rarlar\açılan\iPhoneBattery_V3_by_michlantecuhtli.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\w810i\Rarlar\açılan\iPhoneBlue_signal_icons_by_michlantecuhtli.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\w810i\Rarlar\açılan\iPhoneBlue_v2_battery_icon_pac_by_michlantecuhtli.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\w810i\Rarlar\açılan\iSuiteX_folder_gfx_by_michlantecuhtli.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\w810i\Rarlar\açılan\Mac_OSx_filesystem.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\w810i\Rarlar\açılan\SX_Signal_and_Battery_gfx_edited_by_Denim-610.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\w810i\Rarlar\açılan\Sysgfx_Icons_by_ARMhaker.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\w810i\Rarlar\açılan\SysGfx_Icons_Pack_DB2020_by_PM5k.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\w810i\Rarlar\açılan\TopMegaMod_Icons.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\w810i\Rarlar\açılan\W610_Icons_Pack.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\w810i\Rarlar\açılan\W610_Mega_Icons.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
E:\Yedek\Adobe Photoshop CS3 Extended Portable\Photoshop Cs3.exe (Infected with W32/Perfloger.APS)
Deleted file
Scanning: F:\*.*
Scanning: G:\*.*
G:\E'deki\Film\Arşiv\Lost\Arşiv\Sezon 4\Altyazı\Lost.4x06......TR_ALtyazi..........The_Other_Woman.PROPER.HDTV_XviD-FoV.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\Film\Arşiv\Lost\Arşiv\Sezon 4\Altyazı\lost.s04e05.hdtv.xvid-0tv_-_TR_-_Altyazi.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\Film\Lost Sezon 5\Lost s05e01\Y.i.t.i.k.s05b01.TRaltyazi.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\Program\AdbeRdr90_tr_TR.exe (Infected with W32/Smalltroj.LUCH)
Deleted file
G:\E'deki\Program\Adobe_Photoshop_CS3_Extended_Portable.rar/Adobe Photoshop CS3 Extended Portable\Photoshop Cs3.exe (Infected with W32/Perfloger.APS)
Deleted file
G:\E'deki\Program\Babylon_Portable_7.0.3.23.exe (Infected with W32/Agent.GYYJ)
Deleted file
G:\E'deki\Program\Oyun\speed.exe (Infected with W32/Agent.JCIX)
Deleted file
G:\E'deki\Program\Oyun\Turt1x.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\Program\WinXP_USB\SSS6690_USB_Flash_Sorting_v4.002.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\Program\WinXP_USB\SSS6690_USB_Flash_Sorting_v4.002.rar/RR (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\Program\WinXP_USB\UT165_UFDUtility_v3.2.4.0.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\Program\WinXP_USB\UT165_UFDUtility_v3.2.4.0.rar/RR (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\Program\WinXP_USB\v1.96.00.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\Program\WLMUniversalPatcherPlusPlus101.exe (Infected with Suspicious_Gen2.ALAQ)
Deleted file
G:\E'deki\w810i\Pacth\large_lcd_font_for_hours_in_sleep_mode_v1.1_w810_r4ea031.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\w810i\Pacth\W810i 031 CID49 Patch (268 tane)\Java Başlatılıyor Mesajını Silme Patchi.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\w810i\Pacth\W810i 031 CID49 Patch (268 tane)\saat fontu büyütme.rar/saat fontu bytme\saat_fontu_w810_r4ea031.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\w810i\Pacth\W810i 031 CID49 Patch (268 tane)\Tel Hafızasındaki Diger Klasörüne Atılan GFX Dosyasının Pacthi.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\w810i\Pacth\W810i 031 CID49 Patch (268 tane)\Yazıları İnceltme Patchi.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\w810i\Rarlar\açılan\Blue_Radioactive_SysGfx_Icons_by_PM5k.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\w810i\Rarlar\açılan\Icons_Complite.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\w810i\Rarlar\açılan\iPhoneBattery_V3_by_michlantecuhtli.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\w810i\Rarlar\açılan\iPhoneBlue_signal_icons_by_michlantecuhtli.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\w810i\Rarlar\açılan\iPhoneBlue_v2_battery_icon_pac_by_michlantecuhtli.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\w810i\Rarlar\açılan\iSuiteX_folder_gfx_by_michlantecuhtli.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\w810i\Rarlar\açılan\Mac_OSx_filesystem.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\w810i\Rarlar\açılan\SX_Signal_and_Battery_gfx_edited_by_Denim-610.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\w810i\Rarlar\açılan\Sysgfx_Icons_by_ARMhaker.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\w810i\Rarlar\açılan\SysGfx_Icons_Pack_DB2020_by_PM5k.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\w810i\Rarlar\açılan\TopMegaMod_Icons.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\w810i\Rarlar\açılan\W610_Icons_Pack.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\w810i\Rarlar\açılan\W610_Mega_Icons.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))
G:\E'deki\Yedek\Adobe Photoshop CS3 Extended Portable\Photoshop Cs3.exe (Infected with W32/Perfloger.APS)
Deleted file
G:\Need for Speed Most Wanted\speed.exe (Infected with W32/Agent.JCIX)
Deleted file
Scanning: H:\*.*
H:\usb\pro\BSplayer.Pro.2.50.built.1011.rar/BSplayer.Pro.2.50.built.1011\bsplayer_pro250.1011.exe/noname.nsis/file29/fsback.bmp (Error whilst scanning file: I/O Error (0x00220005))
H:\usb\pro\BSplayer.Pro.2.50.built.1011.rar/BSplayer.Pro.2.50.built.1011\bsplayer_pro250.1011.exe/noname.nsis/file30 (Error whilst scanning file: I/O Error (0x00220005))
Scanning: I:\*.*
Scanning: E:\System Volume Information\*.*
Scanning: postscan
Running post-scan cleanup routine:
Number of files found: 248286
Number of archives unpacked: 3701
Number of files scanned: 248194
Number of files not scanned: 92
Number of files skipped due to exclude list: 0
Number of infected files found: 16
Number of infected files repaired/deleted: 15
Number of infections removed: 15
Total scanning time: 43m 18s
-
http://www.guvenlikuzmanim.com/dosyalar/avenger.exe
programında pencere içine;
Files to delete:
c:\windows\system32\CF13641.exe
yazıp ,programı çalıştırın, işlem bittikten sonra birde "hjackthis" programını kullanıp hiçbir şeyi fix lemeden log dosyasını gönderin -
avenger için verdiğiniz adres çalışmıyor bende burdan indirdim...
aslında daha önce indirmiştim vardı ama...
http://swandog46.geekstogo.com/avenger2/download.php
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "c:\windows\system32\CF13641.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:16:07, on 13.01.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\AIMP2\AIMP2.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRAM FILES\FRAPS\FRAPS.EXE
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Maxtor Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AIMP2] C:\Program Files\AIMP2\AIMP2.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\PROGRAM FILES\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Girder3.lnk = C:\Documents and Settings\MuRaT\Desktop\Kumanda\mce-kumanda\girder\Girder.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Update Scheduler for Proteus Professional 7.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E32316D-2AB0-408F-97F3-0BC5A95CF30A}: NameServer = 4.2.2.1,4.2.2.2
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Maxtor Scheduler2 Service (MaxSch2Svc) - Maxtor - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 10192 bytes
-
quote:
Orijinalden alıntı: 01mrt
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Yukarıdaki satırları fix leyin, bunun dışında sorun görünmüyor
-
bakın arkadaşlar bu olay benim başıma 50 kez geldi diyebilirim ben eskiden internet cafe sahibiydim ve bu virüsler trojenler yüzünden kafayı yemek üzereydimki bi antivirüs programı bunun üstesinden gelmeyi başardı belki 50 tane antivirüs kullandım ve inanın hiç biri fayda etmedi bu virüs bilgisayarınozda hangi program veya windowsun kendi güvenlik duvarı olursa olsun takmıyor tınlamıyor eğer bu tehlikeli yazılımın ömür boyu bilgisayarınıza girmesini istemiyorsanız şu antivirüs testleri varya oraya pek takmayın ben onların dediklerinin zerresine inanmıyorum pandayı kullanacaksın pandanın öyle bir güvenlik duvarı varki sen çalışıyormu çalışmıyormu diye anlayamazsın bile ama işini yapıyor isterseniz kolay yoldan kendiniz test ediniz bu virüs bilgisayarınıza bulaşmışsa kasperi nod32 norton aklınıza hangi antivirüs gelirse gelsin deneyin bir şey yapmayacaktır emin olun sileceği bi kaç virüstür ama bu olay devam edecektir birde pandayı yükleyin o zaman neler yaptığını göreceksiniz. pandayı hala kullanırım ağır bir programdır ama ne zaman pandayı kullandımsa gerçekten pcye ne virüs bulaşmıştır nede virüs kalmıştır cafe zamanımdada 20 bilgisayara 1 yılda bir virüs dahi girememişti.
< Bu mesaj bu kişi tarafından değiştirildi Cyberranger27 -- 31 Ağustos 2010; 3:30:27 >
Ip işlemleri
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
