HiJackThis & ComboFix Log Kayıtları

Arkadaşlar bilgisayarı 5 dk önce güvenli modda açıp ComboFix ve HiJackThis programları tarafından tarattım sonuç olarak

COMBOFİX RAPARO

ComboFix 12-01-19.02 - User 23.01.2012 15:27:16.2.2 - x86 MINIMAL
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-23 to 2012-01-23 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 12:41 . 2008-04-14 07:01 294912 ----a-w- c:\windows\system32\msh263.drv
2011-12-28 12:41 . 2008-04-14 07:00 52736 ----a-w- c:\windows\system32\wzcsapi.dll
2011-12-28 12:41 . 2008-04-14 07:00 483840 ----a-w- c:\windows\system32\wzcsvc.dll
2011-12-28 12:41 . 2008-04-14 07:00 35328 ----a-w- c:\windows\system32\pid.dll
2011-12-28 12:41 . 2008-04-14 07:00 48128 ----a-w- c:\windows\system32\dmutil.dll
2011-12-28 12:41 . 2008-04-14 07:00 20992 ----a-w- c:\windows\system32\hid.dll
2011-12-28 12:41 . 2008-04-14 06:44 80256 ----a-w- c:\windows\system32\drivers\parport.sys
2011-12-28 12:41 . 2008-04-14 06:44 46464 ----a-w- c:\windows\system32\drivers\p3.sys
2011-12-28 12:41 . 2008-04-14 06:40 40576 ----a-w- c:\windows\system32\drivers\crusoe.sys
2011-12-28 12:41 . 2008-04-14 06:35 41472 ----a-w- c:\windows\system32\drivers\amdk7.sys
2011-12-28 12:41 . 2008-04-14 06:35 41088 ----a-w- c:\windows\system32\drivers\amdk6.sys
2011-12-28 12:41 . 2008-04-14 06:34 39680 ----a-w- c:\windows\system32\drivers\processr.sys
2011-12-28 12:41 . 2008-04-14 06:33 23168 ----a-w- c:\windows\system32\drivers\mouclass.sys
2011-12-28 12:41 . 2008-04-14 06:33 30208 ----a-w- c:\windows\system32\drivers\modem.sys
2011-12-28 12:41 . 2008-04-13 09:56 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
2011-12-28 12:41 . 2008-04-13 09:56 14592 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2011-12-28 12:41 . 2008-04-13 09:51 61824 ----a-w- c:\windows\system32\drivers\nic1394.sys
2011-12-28 12:41 . 2008-04-13 09:51 60800 ----a-w- c:\windows\system32\drivers\arp1394.sys
2011-12-28 12:41 . 2008-04-13 09:46 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys
2011-12-28 12:41 . 2008-04-13 09:45 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys
2011-12-28 12:41 . 2008-04-13 09:45 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys
2011-12-28 12:41 . 2008-04-13 09:45 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys
2011-12-28 12:41 . 2008-04-13 09:39 4352 ----a-w- c:\windows\system32\drivers\swenum.sys
2011-12-28 12:41 . 2008-04-13 09:36 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2011-12-28 12:41 . 2008-04-13 09:36 63744 ----a-w- c:\windows\system32\drivers\mf.sys
2011-12-28 12:41 . 2001-11-21 19:35 55296 ----a-w- c:\windows\system32\dvdplay.exe
2011-12-28 12:41 . 2001-11-21 19:35 8192 ----a-w- c:\windows\system32\streamci.dll
2011-12-28 12:41 . 2001-11-21 18:31 12160 ----a-w- c:\windows\system32\drivers\fsvga.sys
2011-12-28 12:41 . 2001-08-17 19:06 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys
2011-12-28 12:41 . 2001-08-17 18:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2011-12-15 18:56 . 2011-12-15 18:56 44536 ----a-w- c:\windows\system32\wups2.dll
2011-12-15 18:56 . 2011-12-15 18:56 35320 ----a-w- c:\windows\system32\wups.dll
2011-12-15 18:56 . 2011-12-15 18:56 209400 ----a-w- c:\windows\system32\wuweb.dll
2011-12-15 18:56 . 2011-12-15 18:56 165376 ----a-w- c:\windows\system32\wusetup.exe
2011-12-15 18:56 . 2011-12-15 18:56 82944 ----a-w- c:\windows\system32\drivers\wudfrd.sys
2011-12-15 18:56 . 2011-12-15 18:56 55808 ----a-w- c:\windows\system32\wudfsvc.dll
2011-12-15 18:56 . 2011-12-15 18:56 316416 ----a-w- c:\windows\system32\wudfx.dll
2011-12-15 18:56 . 2011-12-15 18:51 165376 ----a-w- c:\windows\system32\WudfPlatform.dll
2011-12-15 18:56 . 2011-12-15 18:56 77568 ----a-w- c:\windows\system32\drivers\wudfpf.sys
2011-12-15 18:56 . 2011-12-15 18:56 327672 ----a-w- c:\windows\system32\wucltui.dll
2011-12-15 18:56 . 2011-12-15 18:56 146432 ----a-w- c:\windows\system32\wudfhost.exe
2011-12-15 18:56 . 2011-12-15 18:51 95344 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2011-12-15 18:56 . 2011-12-15 18:51 23544 ----a-w- c:\windows\system32\wucltui.dll.mui
2011-12-15 18:56 . 2011-12-15 18:56 22520 ----a-w- c:\windows\system32\wuauserv.dll
2011-12-15 18:56 . 2011-12-15 18:56 1931256 ----a-w- c:\windows\system32\wuaueng.dll
2011-12-15 18:56 . 2011-12-15 18:51 17400 ----a-w- c:\windows\system32\wuaueng.dll.mui
2011-12-15 18:56 . 2011-12-15 18:56 217592 ----a-w- c:\windows\system32\wuaucpl.cpl
2011-12-15 18:56 . 2011-12-15 18:51 15352 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2011-12-15 18:56 . 2011-12-15 18:56 575480 ----a-w- c:\windows\system32\wuapi.dll
2011-12-15 18:56 . 2011-12-15 18:56 53240 ----a-w- c:\windows\system32\wuauclt.exe
2011-12-15 18:56 . 2011-12-15 18:51 15352 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-12-15 18:56 . 2011-12-15 18:56 90112 ----a-w- c:\windows\system32\wshext.dll
2011-12-15 18:56 . 2011-12-15 18:56 155648 ----a-w- c:\windows\system32\wscript.exe
2011-12-15 18:56 . 2011-12-15 18:56 135168 ----a-w- c:\windows\system32\wshom.ocx
2011-12-15 18:56 . 2011-12-15 18:56 38528 ----a-w- c:\windows\system32\drivers\wpdusb.sys
2011-12-15 18:56 . 2011-12-15 18:56 356352 ----a-w- c:\windows\system32\wpdsp.dll
2011-12-15 18:56 . 2011-12-15 18:56 38400 ----a-w- c:\windows\system32\wpdshextres.dll
2011-12-15 18:56 . 2011-12-15 18:56 2603008 ----a-w- c:\windows\system32\wpdshext.dll
2011-12-15 18:56 . 2011-12-15 18:56 17408 ----a-w- c:\windows\system32\wpdshextautoplay.exe
2011-12-15 18:56 . 2011-12-15 18:56 133632 ----a-w- c:\windows\system32\wpdshserviceobj.dll
2011-12-15 18:56 . 2011-12-15 18:56 63488 ----a-w- c:\windows\system32\wpdmtpus.dll
2011-12-15 18:56 . 2011-12-15 18:56 671232 ----a-w- c:\windows\system32\wpdmtpdr.dll
2011-12-15 18:56 . 2011-12-15 18:56 629760 ----a-w- c:\windows\system32\wpd_ci.dll
2011-12-15 18:56 . 2011-12-15 18:56 35840 ----a-w- c:\windows\system32\wpdconns.dll
2011-12-15 18:56 . 2011-12-15 18:56 154624 ----a-w- c:\windows\system32\wpdmtp.dll
2011-12-15 18:56 . 2011-12-15 18:56 656896 ----a-w- c:\windows\system32\wmvxencd.dll
2011-12-15 18:56 . 2011-12-15 18:56 767488 ----a-w- c:\windows\system32\wmvsencd.dll
2011-12-15 18:56 . 2011-12-15 18:56 1382912 ----a-w- c:\windows\system32\wmvsdecd.dll
2011-12-15 18:56 . 2011-12-15 18:56 1575424 ----a-w- c:\windows\system32\wmvencod.dll
2011-12-15 18:56 . 2011-12-15 18:56 4096 ----a-w- c:\windows\system32\wmvdmoe2.dll
2011-12-15 18:56 . 2011-12-15 18:56 4096 ----a-w- c:\windows\system32\wmvdmod.dll
2011-12-15 18:56 . 2011-12-15 18:56 1543680 ----a-w- c:\windows\system32\wmvdecod.dll
2011-12-15 18:56 . 2011-12-15 18:56 4096 ----a-w- c:\windows\system32\wmvadve.dll
2011-12-15 18:56 . 2011-12-15 18:56 4096 ----a-w- c:\windows\system32\wmvadvd.dll
2011-12-15 18:56 . 2011-12-15 18:56 1329152 ----a-w- c:\windows\system32\wmspdmoe.dll
2011-12-15 18:56 . 2011-12-15 18:56 604160 ----a-w- c:\windows\system32\wmspdmod.dll
2011-12-15 18:56 . 2011-12-15 18:56 4096 ----a-w- c:\windows\system32\wmsdmoe2.dll
2011-12-15 18:56 . 2011-12-15 18:56 4096 ----a-w- c:\windows\system32\wmsdmod.dll
2011-12-15 18:56 . 2011-12-15 18:56 204288 ----a-w- c:\windows\system32\wmpsrcwp.dll
2011-12-15 18:56 . 2011-12-15 18:56 99840 ----a-w- c:\windows\system32\wmpshell.dll
2011-12-15 18:56 . 2011-12-15 18:56 130048 ----a-w- c:\windows\system32\wmpps.dll
2011-12-15 18:56 . 2011-12-15 18:56 613376 ----a-w- c:\windows\system32\wmpmde.dll
2011-12-15 18:55 . 2011-12-15 18:55 8252416 ----a-w- c:\windows\system32\wmploc.dll
2011-12-15 18:55 . 2011-12-15 18:55 1661952 ----a-w- c:\windows\system32\wmpencen.dll
2011-12-15 18:55 . 2011-12-15 18:55 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2011-12-15 18:55 . 2011-12-15 18:51 295936 ----a-w- c:\windows\system32\wmpeffects.dll
2011-12-15 18:55 . 2011-12-15 18:55 211456 ----a-w- c:\windows\system32\wmpasf.dll
2011-12-15 18:55 . 2011-12-15 18:55 938496 ----a-w- c:\windows\system32\wmnetmgr.dll
2011-12-15 18:55 . 2011-12-15 18:55 157184 ----a-w- c:\windows\system32\wmidx.dll
2011-12-15 18:55 . 2011-12-15 18:55 535040 ----a-w- c:\windows\system32\wmdrmsdk.dll
2011-12-15 18:55 . 2011-12-15 18:55 221696 ----a-w- c:\windows\system32\wmerror.dll
2011-12-15 18:55 . 2011-12-15 18:55 429056 ----a-w- c:\windows\system32\wmdrmdev.dll
2011-12-15 18:55 . 2011-12-15 18:55 348672 ----a-w- c:\windows\system32\wmdrmnet.dll
2011-12-15 18:55 . 2011-12-15 18:55 37376 ----a-w- c:\windows\system32\wmdmps.dll
2011-12-15 18:55 . 2011-12-15 18:55 33792 ----a-w- c:\windows\system32\wmdmlog.dll
2011-12-15 18:55 . 2011-12-15 18:55 222208 ----a-w- c:\windows\system32\wmasf.dll
2011-12-15 18:55 . 2011-12-15 18:55 1117696 ----a-w- c:\windows\system32\wmadmoe.dll
2011-12-15 18:55 . 2011-12-15 18:55 757248 ----a-w- c:\windows\system32\wmadmod.dll
2011-12-15 18:55 . 2011-12-15 18:55 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-12-15 18:55 . 2011-12-15 18:55 178176 ----a-w- c:\windows\system32\wintrust.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-12-28 . E88631E21A9CACA06104802F9E915115 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2012-01-21_12.01.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-15 13:00 . 2012-01-23 13:29 97862 c:\windows\system32\perfc01F.dat
+ 2008-04-15 13:00 . 2012-01-23 13:29 86076 c:\windows\system32\perfc009.dat
+ 2012-01-20 12:14 . 2011-12-10 13:24 20464 c:\windows\system32\drivers\mbam.sys
+ 2008-04-15 13:00 . 2012-01-23 13:29 484750 c:\windows\system32\perfh01F.dat
+ 2008-04-15 13:00 . 2012-01-23 13:29 499312 c:\windows\system32\perfh009.dat
+ 2012-01-21 15:38 . 2008-04-15 11:00 171008 c:\windows\system32\dllcache\msconfig.exe
+ 2012-01-21 15:38 . 2008-04-15 11:00 171008 c:\windows\PCHealth\HelpCtr\Binaries\msconfig.exe
+ 2012-01-21 18:36 . 2012-01-21 18:36 1094656 c:\windows\Installer\184796.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 14:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-10-27 3437976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-02-23 2219184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2011-12-15 128512]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-01-20 691696]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 IDMTDI;IDMTDI;c:\windows\system32\DRIVERS\idmtdi.sys [2011-07-06 101616]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-01-20 253600]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 mv61xxmm;mv61xxmm; [x]
S0 mv64xxmm;mv64xxmm; [x]
S0 mvxxmm;mvxxmm; [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-01-20 11:34]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-448539723-1417001333-500Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-20 12:03]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-448539723-1417001333-500UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-20 12:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.tr/
IE: Bütün linkleri IDM ile indir - c:\program files\Internet Download Manager\IEGetAll.htm
IE: IDM ile indir - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C18FD287-FF51-430D-BADF-3084B9B17435}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\qhslpn53.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tr/
FF - prefs.js: keyword.URL -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\User\Application Data\IDM\idmmzcc5
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2012-01-23 15:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-861567501-448539723-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,84,3a,5c,77,31,6d,44,a3,89,8b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,84,3a,5c,77,31,6d,44,a3,89,8b,\
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"="BUSINESS EDITION"
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:0000041f
"PackageTag"=dword:00000000
"ProductBase"=dword:00000001
"ProductCode"="{EA231024-1FCB-4747-A58F-8309BF236B6D}"
"ProductName"="ESET Smart Security"
"ProductType"="essbe"
"ProductVersion"="4.2.71.2"
"UniqueId"="000FAA504F195985"
"ScannerBuild"=dword:00001dd3
"ScannerVersionId"=dword:000015fe
"ScannerVersion"="ready"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1748)
c:\windows\system32\WININET.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
.
Completion time: 2012-01-23 15:31:26
ComboFix-quarantined-files.txt 2012-01-23 13:31
ComboFix2.txt 2012-01-21 12:02
.
Pre-Run: 31.227.965.440 bayt boş
Post-Run: 31.440.408.576 bayt boş
.
- - End Of File - - 029C1D3830B814EA699FAFC92754CBAA

HiJackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:34:57, on 23.01.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-21-861567501-448539723-1417001333-500\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C18FD287-FF51-430D-BADF-3084B9B17435}: NameServer = 8.8.8.8,8.8.4.4
O22 - SharedTaskScheduler: Browseui önceden yükleyicisi - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Bileşen Katergorileri önbellek daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre8\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4267 bytes

Sonuçlar böyle arkadaşlar

daha sonra bilgisayarı güvenli moddan normal hale getirdim ve yeniden başlattım

bilgisayar açıldığında msconfig sistem yapılandırması çıktı ve msnconfig başlangıçta msnmgr yani messenger kaybolmuştu bende onu farkettiğim an setupunu ve kurulu olan programını kaldırdım messengırın

acaba sorun ne olabilir bana yardım edebilirmisiniz arkadaşlar ?

_____________________________

HiJackThis & ComboFix Log Kayıtları

Benzer içerikler