Yeni Kayıt
Konudaki Resimler
|
Hızlı 
Bildirim
HBService32(System.exe)'den bir türlü kurtulamıyorum
Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Daha Fazla 
Bu Konudaki Kullanıcılar:
Daha Az 
2 Misafir - 2 Masaüstü
Giriş
Mesaj
-
-
O kadar ugrasmana ve 2. konuyu acmana ragmen hala benim konuya goz atmamissin. Sanirim gormedin. Her neyse. Bir de biz deneyelim:
http://forum.donanimhaber.com/m_9478084/tm.htm bu konuya bir log gonder. -
İlginçtir ki bu sabah kalktığımda system.exe yi ne kayıt defterinde ne de msconfig de gördüm çok mutluyum fakat onun yerine başka bir şey gelmiş o da virüs mü ?
@serji hijackthis raporumu senin topiğine de attım fakat buraya da atmakta yarar görüyorum.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
-
O virus degil Hata Raporu Gonderme bileseni. O yuzden endiselenmene gerek yok. Fakat HJ logu'nu eksik gondermissin. Hic bir kismini kesmeden gondermen gerekiyor. -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:38:29, on 18.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file)
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O20 - AppInit_DLLs: HBmhly.dll,HBSO2.dll,HBFY.dll,HBCHIBI.dll,HBQQSG.dll,HBZHUXIAN.dll,HBZG.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
--
End of file - 7053 bytes
-
hocam şuan benim için virüsün yok edilmesi tamamen bilgisayarımdan silinmesi çok önemli çünki xp cd'si ile format atmaya kalktıgımda atamayorum.Xp menüsü bana hdd görülmedi diyor.Bunun sebebi de virüs olabilir mi ? ( Hdd nin görülmemesi) -
quote:
Orjinalden alıntı: Méchatronic
hocam şuan benim için virüsün yok edilmesi tamamen bilgisayarımdan silinmesi çok önemli çünki xp cd'si ile format atmaya kalktıgımda atamayorum.Xp menüsü bana hdd görülmedi diyor.Bunun sebebi de virüs olabilir mi ? ( Hdd nin görülmemesi)
Hayir onun sebebi HDD'nin sata olmasi. Anakart ile birlikte verilen sata surucusunu takman gerekiyor kurulum esnasinda. Genellikle disket olur. Onun haricinde sistemde ciddi anlamda virus var hala.
* HijackThis adlı programı açın.
* Do a system scan only seçeneğine tıklayın.
* Aşağıdaki satırları işaretleyin.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: HBmhly.dll,HBSO2.dll,HBFY.dll,HBCHIBI.dll,HBQQSG.dll,HBZHUXIAN.dll,HBZG.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
* CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı Adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.
NOT: Bu islemleri guvenli modda yapman gerekiyor cunku bulasan virus anca boyle silinebilir. Digerlerinden biraz daha zorlu. Daha sonra bir log daha gondermeni istiyorum.
-
quote:
Hayir onun sebebi HDD'nin sata olmasi. Anakart ile birlikte verilen sata surucusunu takman gerekiyor kurulum esnasinda. Genellikle disket olur.
Yalnız bnm pc Laptop doğal olarak diskette yok.Sata olayını nasıl yapabilirim ?
quote:
Onun haricinde sistemde ciddi anlamda virus var hala.
Dediklerini yaptım
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45:49, on 18.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
--
End of file - 4172 bytes
-
Virusleri devre disi biraktik. Simdi temizleyelim:
Combofix adli programi indirin.
http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
Ayrica internette Sata driverleri entegre edilmis XP'leri bulabilirsin.
-
tamam herşeyi anladım yapıcam fakat quote:
Ayrica internette Sata driverleri entegre edilmis XP'leri bulabilirsin.
bunu anlamadım ? -
quote:
Orjinalden alıntı: Méchatronic
tamam herşeyi anladım yapıcam fakatquote:
Ayrica internette Sata driverleri entegre edilmis XP'leri bulabilirsin.
bunu anlamadım ?
Ya da onu bosver. Internetten anakartina ait sata surucusunu bulup bir cd'ye cek kurulum esnasinda F6 bas (altta goreceksin uyariyi) daha sonra o cd'yi takip surucuyu tanit. Sonra Tekrar XP cdsini takip devam edebilirsin kuruluma. -
ComboFix 08-10-17.01 - Blues 2008-10-18 15:52:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1254.90.1055.18.1630 [GMT 3:00]
Running from: C:\Documents and Settings\Blues\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Blues\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\AppPatch\AcSpecf.sdb
C:\WINDOWS\system32\08223B03.cfg
C:\WINDOWS\system32\122B901E.cfg
C:\WINDOWS\system32\1B1D8534.cfg
C:\WINDOWS\system32\43ACDCC5.cfg
C:\WINDOWS\system32\495271CA.cfg
C:\WINDOWS\system32\4BF9CBA3.cfg
C:\WINDOWS\system32\4EFDDEBE.cfg
C:\WINDOWS\system32\7ADC2AB1.cfg
C:\WINDOWS\system32\9CA963CA.cfg
C:\WINDOWS\system32\C250CF20.cfg
C:\WINDOWS\system32\D91BC61E.cfg
C:\WINDOWS\system32\DE02F764.cfg
C:\WINDOWS\system32\drivers\TfSysMon.sys
C:\WINDOWS\VFIND.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_4C70249
-------\Legacy_8882FA1
-------\Legacy_AECFF9
-------\Legacy_C551839
-------\Legacy_ETH8023
-------\Legacy_HBKERNEL32
-------\Legacy_TFSYSMON
-------\Service_4c70249
-------\Service_8882fa1
-------\Service_aecff9
-------\Service_c551839
-------\Service_eth8023
-------\Service_HBKernel32
-------\Service_TfSysMon
((((((((((((((((((((((((( Files Created from 2008-09-18 to 2008-10-18 )))))))))))))))))))))))))))))))
.
2008-10-18 11:26 . 2008-10-18 14:28 <DIR> d-------- C:\Program Files\DC++
2008-10-18 10:24 . 2008-10-18 10:24 <DIR> d-------- C:\WINDOWS\Sun
2008-10-17 17:40 . 2008-10-17 17:40 <DIR> d-------- C:\Program Files\AntiVir PersonalEdition Premium
2008-10-17 17:40 . 2008-10-17 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Premium
2008-10-17 17:40 . 2008-10-17 17:40 120,286 --a------ C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2008-10-16 23:59 . 2008-10-16 23:59 <DIR> d---s---- C:\Documents and Settings\Blues\UserData
2008-10-16 23:48 . 2008-10-16 23:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-16 20:49 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-10-16 19:33 . 2008-10-16 19:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-10-16 14:52 . 2008-10-16 14:55 <DIR> d-------- C:\Program Files\Security Task Manager
2008-10-16 14:52 . 2008-10-16 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-10-16 13:04 . 2008-10-16 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-10-16 13:03 . 2008-10-16 12:49 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-10-16 12:50 . 2008-10-16 12:50 51,520 --a------ C:\WINDOWS\system32\drivers\TfFsMon.sys
2008-10-16 12:50 . 2008-10-16 12:50 33,088 --a------ C:\WINDOWS\system32\drivers\TfNetMon.sys
2008-10-16 12:50 . 2008-10-16 12:50 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys
2008-10-16 12:48 . 2008-10-16 13:03 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-10-16 12:28 . 2008-10-16 12:28 27 --a------ C:\WINDOWS\SmartAudio.INI
2008-10-16 12:18 . 2008-10-16 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-15 20:51 . 2008-08-25 12:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-15 20:51 . 2008-08-25 12:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-15 20:51 . 2008-08-25 12:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-15 20:51 . 2008-06-02 16:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-15 20:50 . 2008-10-18 15:51 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-10-15 20:50 . 2008-10-15 20:50 <DIR> d-------- C:\Documents and Settings\Blues\Application Data\PC Tools
2008-10-15 20:37 . 2008-10-15 20:37 96,559 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-10-15 20:37 . 2008-10-15 20:37 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-10-15 20:36 . 2008-10-15 20:36 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-10-15 20:36 . 2008-10-18 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-15 20:36 . 2008-10-18 15:56 992,800 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-15 20:36 . 2008-10-18 15:56 262,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-15 20:36 . 2008-10-18 15:56 9,884 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-15 20:36 . 2008-10-18 15:56 1,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-15 20:30 . 2004-08-04 00:45 33,280 --a------ C:\WINDOWS\system32\rundll32.exe
2008-10-15 20:30 . 2004-08-04 00:45 33,280 --a------ C:\WINDOWS\system32\dllcache\rundll32.exe
2008-10-15 19:55 . 2008-10-15 19:55 <DIR> d-------- C:\Documents and Settings\Blues\Application Data\F-Secure
2008-10-15 19:33 . 2008-10-15 20:44 <DIR> d-------- C:\Program Files\F-Secure Internet Security
2008-10-15 19:31 . 2008-10-15 19:31 <DIR> d-------- C:\Program Files\ESET
2008-10-15 19:31 . 2008-10-15 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-10-15 19:04 . 2008-10-15 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-10-15 19:03 . 2008-10-15 19:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-15 19:03 . 2008-10-15 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\f-secure
2008-10-15 18:01 . 2008-10-16 23:47 <DIR> d-------- C:\Program Files\Unlocker
2008-10-15 18:01 . 2008-10-15 19:25 <DIR> d-------- C:\Documents and Settings\Blues\Application Data\Desktopicon
2008-10-15 17:16 . 2008-10-18 15:51 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-15 17:09 . 2008-10-15 17:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-15 17:09 . 2008-10-15 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-15 17:01 . 2008-10-15 17:01 <DIR> d-------- C:\Program Files\CCleaner
2008-10-15 12:31 . 2008-10-16 12:18 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-15 12:31 . 2008-10-15 12:31 <DIR> d-------- C:\Documents and Settings\Blues\Application Data\SUPERAntiSpyware.com
2008-10-15 12:30 . 2008-10-15 17:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-14 22:43 . 2008-10-14 22:43 <DIR> d-------- C:\Documents and Settings\Blues\Contacts
2008-10-14 22:16 . 2008-10-14 22:43 <DIR> d-------- C:\Program Files\Windows Live
2008-10-14 22:16 . 2008-10-14 22:42 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-14 22:16 . 2008-10-16 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-14 20:50 . 2008-10-14 20:50 <DIR> d-------- C:\Program Files\uTorrent
2008-10-14 20:50 . 2008-10-16 19:37 <DIR> d-------- C:\Documents and Settings\Blues\Application Data\uTorrent
2008-10-14 17:17 . 2008-10-14 17:21 <DIR> d-------- C:\Program Files\Valve
2008-10-14 15:28 . 2008-10-14 15:28 <DIR> d-------- C:\Program Files\EA GAMES
2008-10-14 15:28 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-10-14 15:20 . 2008-10-14 15:20 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-10-14 15:19 . 2008-10-14 15:19 <DIR> d-------- C:\Documents and Settings\Blues\Application Data\DAEMON Tools
2008-10-14 15:19 . 2008-10-14 15:19 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-10-14 14:44 . 2008-10-14 14:44 <DIR> d-------- C:\Documents and Settings\Blues\Application Data\Sonic
2008-10-14 14:44 . 2008-10-14 14:44 <DIR> d-------- C:\Documents and Settings\Blues\Application Data\Leadertech
2008-10-13 22:16 . 2008-10-13 22:16 240 --ahs---- C:\WINDOWS\system32\4D023DE9.cfg
2008-10-13 22:16 . 2008-10-13 22:16 200 --ahs---- C:\WINDOWS\system32\D251FE2F.cfg
2008-10-13 22:15 . 2008-10-13 22:15 196 --ahs---- C:\WINDOWS\system32\4F34C688.cfg
2008-10-13 21:20 . 2008-10-13 21:20 <DIR> d-------- C:\Documents and Settings\Blues\Bluetooth Software
2008-10-13 21:19 . 2008-10-13 21:19 <DIR> d-------- C:\Program Files\WIDCOMM
2008-10-13 21:17 . 2008-10-16 15:06 <DIR> dr------- C:\Documents and Settings\Blues\Sık Kullanılanlar
2008-10-13 21:17 . 2008-10-17 12:53 <DIR> dr------- C:\Documents and Settings\Blues\Belgelerim
2008-10-13 21:17 . 2008-10-13 21:18 1,759 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Pavilion dv5000 (RC409EA#AB8)_YN_0Pavi_QCND6201N6R_E398803143_46_I30A7_SHP_V56.25_BF.0A_T060413_WXH2_L41F_M2047_J160_7Intel_8T2300_91.66_#081013_N80861092_(RC409EA#AB8)_XMOBILE_CN10_Z_2F.0A.MRK
2008-10-13 21:16 . 2008-10-18 15:48 <DIR> d-------- C:\Documents and Settings\Blues
2008-10-13 21:14 . 2001-11-21 19:12 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-10-13 21:13 . 2001-08-17 21:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 17:31 --------- d-----w C:\Program Files\Symantec
2008-10-15 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-15 16:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-14 03:56 --------- d-----w C:\Program Files\Synaptics
2008-10-14 03:56 --------- d-----w C:\Program Files\Sonic
2008-10-14 03:55 --------- d-----w C:\Program Files\Microsoft Works
2008-10-14 03:55 --------- d-----w C:\Program Files\microsoft frontpage
2008-10-14 03:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-14 03:54 --------- d-----w C:\Program Files\Java
2008-10-14 03:54 --------- d-----w C:\Program Files\Intel
2008-10-14 03:54 --------- d-----w C:\Program Files\HP
2008-10-14 03:54 --------- d-----w C:\Program Files\Hewlett-Packard
2008-10-14 03:54 --------- d-----w C:\Program Files\Easy Internet signup
2008-10-14 03:54 --------- d-----w C:\Program Files\CONEXANT
2008-10-14 03:54 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-10-14 03:53 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-10-14 03:53 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-10-14 03:53 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-10-14 03:53 --------- d-----w C:\Program Files\Common Files\Java
2008-10-14 03:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-14 03:53 --------- d-----w C:\Program Files\Common Files\HP
2008-10-14 03:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-10-14 03:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-10-14 03:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-10-14 03:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-10-13 18:13 --------- d-----w C:\Program Files\HPQ
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-15 7331840]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^HP Photosmart Premier Hızlı Başlat.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç\HP Photosmart Premier Hızlı Başlat.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Hızlı Başlat.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2006-05-10 13:01 233512 C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2008-07-29 20:20 206088 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2005-06-29 13:48 233534 C:\Program Files\HPQ\Default Settings\Cpqset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2005-12-22 08:57 405504 C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
--a------ 2008-07-01 09:01 1447168 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2005-12-13 16:45 507904 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-08-25 12:36 1168264 C:\Program Files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:35 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-12-15 14:42 7331840 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-12-15 14:42 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2005-12-12 11:39 94208 C:\Program Files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
--a------ 2005-10-11 10:23 1187840 C:\WINDOWS\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-09-03 14:07 1576176 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-11-11 11:04 761945 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-03-01 08:10 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-02-16 16:16 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-12-15 14:42 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys [2008-10-16 51520]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-10-16 160792]
R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe [2006-05-23 172072]
R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe [2006-05-04 45096]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys [2008-10-16 33088]
S3 ThreatFire;ThreatFire;C:\Program Files\Spyware Doctor\TFEngine\TFService.exe service [ ]
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{4F34C688-FD49-42FC-97F7-87D2F5791612} - 4F34C688.dll
ShellExecuteHooks-{D251FE2F-DD5C-4828-85F7-9E7EABB6DD6F} - D251FE2F.dll
ShellExecuteHooks-{4D023DE9-F4B5-4BE0-99C6-7C7AD0CF5426} - 4D023DE9.dll
MSConfigStartUp-3PMmUpdate - C:\WINDOWS\Update.dll
MSConfigStartUp-ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-F-Secure Manager - C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
MSConfigStartUp-F-Secure TNB - C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe
MSConfigStartUp-SSC_UserPrompt - C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
MSConfigStartUp-HBService32 - System.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Blues\Application Data\Mozilla\Firefox\Profiles\5c324mpm.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -www.google.com.tr
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2008-10-18 15:57:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-18 16:00:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-18 13:00:54
Pre-Run: 137.011.298.304 bayt boş
Post-Run: 137,282,846,720 bayt boş
286
< Bu mesaj bu kişi tarafından değiştirildi Smoch -- 18 Ekim 2008; 16:13:34 >
-
quote:
Orjinalden alıntı: Méchatronic
Simdi bir de HJ logu alabilir miyim? -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22:54, on 18.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
--
End of file - 4977 bytes
-
quote:
Orjinalden alıntı: Méchatronic
Silent Runner adlı programı masaüstünüze indirin.
http://www.guvenlikuzmanim.com/dosyalar/sr.vbs
* Sr.vbs çift tıklayarak programı açın.
* Evet (Yes) tıklayın ve biraz bekleyin.
* Tarama bittikten sonra program bir pencerede bunu size bildirecek OK tıklayın.
* Startup Programs adında bir metin dosyası oluşacaktır. Dosyayı mesajınıza ekleyerek bize gönderin. -
"Silent Runners.vbs", revision 58,http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"msnmsgr" = ""C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"" ["Kaspersky Lab"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = "IEVkbdBHO"
-> {HKLM...CLSID} = "IEVkbdBHO Class"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll" ["Kaspersky Lab"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Görüntü Paneli CPL Uzantısı"
-> {HKLM...CLSID} = "Görüntü Paneli CPL Uzantısı"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "ShellViewRTF"
-> {HKLM...CLSID} = "ShellViewRTF"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {HKLM...CLSID} = "My Bluetooth Places"
\InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Paylaşım Klasörlerim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension"
-> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web traffic protection statistics"
-> {HKLM...CLSID} = "Web traffic protection statistics"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Premium\shlext.dll" ["H+BEDV Datentechnik GmbH"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> !SASWinLogon\DLLName = "C:\Program Files\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"]
<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Premium\shlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Premium\shlext.dll" ["H+BEDV Datentechnik GmbH"]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
Default executables:
--------------------
<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}
"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Desktop\adsız.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Blues\Desktop\adsız.bmp"
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
HPUnloadAutoplay\
"Provider" = "HP Photosmart Aktarımı Yazılımı"
"InvokeProgID" = "HpqUnApl.Autoplay"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\HpqUnApl.Autoplay\shell\Play\DropTarget\CLSID = "{E1A1C814-FD09-4c9d-BB4A-0394B836A1F0}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe" ["Hewlett-Packard"]
QuickPlayDCameraArrival\
"Provider" = "HP QuickPlay"
"InvokeProgID" = "Picture"
"InvokeVerb" = "PlayWithQuickPlay"
HKLM\SOFTWARE\Classes\Picture\shell\PlayWithQuickPlay\Command\(Default) = ""C:\Program Files\HP\QuickPlay\QP.exe" AUTOPLAY DSC "%L"" ["CyberLink Corp."]
QuickPlayDVArrival\
"Provider" = "HP QuickPlay"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\HP\QuickPlay\QP.exe" DV "%L""
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
QuickPlayMusicFilesArrival\
"Provider" = "HP QuickPlay"
"InvokeProgID" = "MusicFiles"
"InvokeVerb" = "PlayWithQuickPlay"
HKLM\SOFTWARE\Classes\MusicFiles\shell\PlayWithQuickPlay\Command\(Default) = ""C:\Program Files\HP\QuickPlay\QP.exe" AUTOPLAY MUSIC "%L"" ["CyberLink Corp."]
QuickPlayPlayCDAudioOnArrival\
"Provider" = "HP QuickPlay"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithQuickPlay"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithQuickPlay\Command\(Default) = ""C:\Program Files\HP\QuickPlay\QP.exe" AUTOPLAY CD "%L"" ["CyberLink Corp."]
QuickPlayPlayDVDMovieOnArrival\
"Provider" = "HP QuickPlay"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithQuickPlay"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithQuickPlay\Command\(Default) = ""C:\Program Files\HP\QuickPlay\QP.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]
QuickPlayVideoFilesArrival\
"Provider" = "HP QuickPlay"
"InvokeProgID" = "VideoFiles"
"InvokeVerb" = "PlayWithQuickPlay"
HKLM\SOFTWARE\Classes\VideoFiles\shell\PlayWithQuickPlay\Command\(Default) = ""C:\Program Files\HP\QuickPlay\QP.exe" AUTOPLAY VIDEO "%L"" ["CyberLink Corp."]
SonicSCAudioCDTask\
"Provider" = "Sonic Audio Module"
"InvokeProgID" = "Sonic.SonicCentral"
"InvokeVerb" = "AudioCDTask"
HKLM\SOFTWARE\Classes\Sonic.SonicCentral\shell\AudioCDTask\Command\(Default) = ""C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch {EBD22732-1CC3-4CD7-9A45-B8D98DA0E784}" [null data]
SonicSCCopyCD\
"Provider" = "Sonic Copy Module"
"InvokeProgID" = "Sonic.SonicCentral"
"InvokeVerb" = "ExactCopyJob"
HKLM\SOFTWARE\Classes\Sonic.SonicCentral\shell\ExactCopyJob\Command\(Default) = ""C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch {49B235A3-1C3E-4802-9B5C-BAFBE69A3C85}" [null data]
SonicSCCopyDisc\
"Provider" = "Sonic Copy Module"
"InvokeProgID" = "Sonic.SonicCentral"
"InvokeVerb" = "ExactCopyJob"
HKLM\SOFTWARE\Classes\Sonic.SonicCentral\shell\ExactCopyJob\Command\(Default) = ""C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch {49B235A3-1C3E-4802-9B5C-BAFBE69A3C85}" [null data]
SonicSCDataProject\
"Provider" = "Sonic Data Module"
"InvokeProgID" = "Sonic.SonicCentral"
"InvokeVerb" = "DataGuide"
HKLM\SOFTWARE\Classes\Sonic.SonicCentral\shell\DataGuide\Command\(Default) = ""C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch Data" [null data]
SonicSCDataTask\
"Provider" = "Sonic Data Module"
"InvokeProgID" = "Sonic.SonicCentral"
"InvokeVerb" = "DataTask"
HKLM\SOFTWARE\Classes\Sonic.SonicCentral\shell\DataTask\Command\(Default) = ""C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch {0BAC5C34-DF45-4C0F-8D64-8E92DCCF007D}" [null data]
SonicVideoCameraArrival\
"Provider" = "Sonic Solutions"
"ProgID" = "MyDVD.MyDVDAPHandler"
"InitCmdLine" = "new"
HKLM\SOFTWARE\Classes\MyDVD.MyDVDAPHandler\CLSID\(Default) = "{3D5EF619-F606-4FAA-97C0-222B7DCA05EC}"
-> {HKLM...CLSID} = "MyDVDAPHandler Class"
\LocalServer32\(Default) = "C:\PROGRA~1\Sonic\DIGITA~1\MYDVDP~1\MyDVD.EXE -autoplay" ["Sonic Solutions"]
SonicVideoCameraArrivalDirect\
"Provider" = "Sonic Solutions"
"ProgID" = "MyDVD.MyDVDAPHandler"
"InitCmdLine" = ""C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch {3563B7B4-E6D4-4360-8E38-64E008F52C5C}"
HKLM\SOFTWARE\Classes\MyDVD.MyDVDAPHandler\CLSID\(Default) = "{3D5EF619-F606-4FAA-97C0-222B7DCA05EC}"
-> {HKLM...CLSID} = "MyDVDAPHandler Class"
\LocalServer32\(Default) = "C:\PROGRA~1\Sonic\DIGITA~1\MYDVDP~1\MyDVD.EXE -autoplay" ["Sonic Solutions"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll ["PC Tools Research Pty Ltd."], 01, 17
%SystemRoot%\system32\mswsock.dll [MS], 02 - 04, 07 - 16
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06
avsda.dll ["H+BEDV Datentechnik GmbH"], 18 - 20
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Web traffic protection statistics"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Web traffic protection statistics"
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.hp.com
[Strings]: SAFESITE_VALUE="örneğin search.msn.com"
Missing lines (compared with English-language version):
[Strings]: 2 lines
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AntiVir PersonalEdition Premium Guard, AntiVirService, "C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe" ["AVIRA GmbH"]
AntiVir PersonalEdition Premium MailGuard, AntiVirMailService, "C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe" ["Avira GmbH"]
AntiVir PersonalEdition Premium MailGuard helper service, AVEService, "C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe" ["Avira GmbH"]
AntiVir PersonalEdition Premium Scheduler, AntiVirScheduler, "C:\Program Files\AntiVir PersonalEdition Premium\sched.exe" ["Avira GmbH"]
Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."]
Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"]
hpqwmiex, hpqwmiex, "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" ["Hewlett-Packard Development Company, L.P."]
Lavasoft Ad-Aware Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"" ["Lavasoft"]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
Messenger Paylaşım Klasörleri USN Günlük Okuyucu hizmeti, usnjsvc, ""C:\Program Files\Windows Live\Messenger\usnsvc.exe"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Keyboard Driver Filters:
------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = <<!>> "TfKbMon" ["PC Tools"]
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Bluetooth Printer Port\Driver = "bthcrp.dll" ["Broadcom Corporation."]
---------- (launch time: 2008-10-18 16:34:01)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 46 seconds, including 18 seconds for message boxes)
-
Sistem temiz. 
-
Çok teşekkürler ilgin ve yardımların için sorunum çözüldü. -
quote:
Orjinalden alıntı: Méchatronic
Çok teşekkürler ilgin ve yardımların için sorunum çözüldü.
Rica ederim sonucu bildirdigin icin tesekkurler kolay gelsin.
Sayfa:
1
Ip işlemleri
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
