Üye Girişi
Bağlan Google+ ile Bağlan Facebook ile Bağlan
Yeni Kayıt
Tüm Forumlar
  • Tüm Forumlar
  • İşletim Sistemleri ve Yazılımlar
  • Yazılım Genel
  • Güvenlik Programları
  • Bu Konuda
Şimdi Ara

HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (269. sayfa)

Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Daha Fazla
Bu Konudaki Kullanıcılar: Daha Az
3 Misafir - 3 Masaüstü
5 sn
9.878
Cevap
17
Favori
1.234.475
Tıklama
Daha Fazla
İstatistik
  • Konu İstatistikleri Yükleniyor
Konuya Özel
0 oy
Öne Çıkar
Cevapla
Sayfa: önceki 267268269270271
Sayfaya Git
Git
sonraki
Giriş
Mesaj
  • quote:

    Orjinalden alıntı: wartexy

    İlgili arkadaşlar benim de log dosyama bakarsanız sevinirim.. çok güzel bir topic oldu bu.. emei geçen herkesin eline salık diyorum..

    Tesekkurler. Fakat logun baslik kismini kesmissiniz. Bir tarama daha yapip tekrar gonderirseniz daha iyi olur.

    quote:

    Orjinalden alıntı: absolutely33

    burak dostum benim pc göçtü
    işe gelirken bilgisayarcıya bıraktım. artık sorun kalmadı anlayacağın






  • avenger raporu:

    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows XP

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!


    Error: file "C:\WINDOWS\karna.dat" not found!
    Deletion of file "C:\WINDOWS\karna.dat" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Error: file "C:\WINDOWS\igdpyp.dll" not found!
    Deletion of file "C:\WINDOWS\igdpyp.dll" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Error: file "C:\WINDOWS\system32\igdpyp.dll" not found!
    Deletion of file "C:\WINDOWS\system32\igdpyp.dll" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist

    File "C:\WINDOWS\system32\yayvWNfe.dll" deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.




  • hocam ilk başlada bahsettigim internetten gelen saldırılar ve masaüstündeki sorun halloldu. benim görebildigim tek sorun bilgisayardaki aşırı yavaslık ve internetten nadir gelen bazı sacma virüs programı reklamları. bilgisayarıma girerken bile cpu kullanımı yüzde 80lere vuruyor.
  • quote:

    Orjinalden alıntı: linkin_park20

    hocam ilk başlada bahsettigim internetten gelen saldırılar ve masaüstündeki sorun halloldu. benim görebildigim tek sorun bilgisayardaki aşırı yavaslık ve internetten nadir gelen bazı sacma virüs programı reklamları. bilgisayarıma girerken bile cpu kullanımı yüzde 80lere vuruyor.

    Onlari da cozecegiz ins. Simdi bir kez daha HJ logu gonderir misin?

    Ama ondan once su islemleri yap:

    * Bilgisayarınızı taramak için Bitdefender Çevrimiçi Tarama açın.

    http://www.bitdefender.com/scan8/ie.html

    * I agree ve sonra da Scan tıklayın. (Ayarları değiştirmeyin)
    * Tarama bittikten sonra Detected Problems sekmesini tıklayın ve Click here to export the scan report.
    * Raporu HTML olarak kaydettikten sonra mesajınıza ekleyerek bize gönderin.

    SuperAntiSpyware adlı programı indirip kurun.

    http://www.superantispyware.com/downloads/SUPERAntiSpyware.exe

    * SUPERAntiSypware.exe çift tıklayın ve programı varsayılan ayarlarıyla kurun.
    * Masaüstünüzde programın ikonu oluşacaktır. Programı çalıştırmak için ikona çift tıklayın.
    * Eğer güncellemeniz için soru sorarsa Evet tıklayın. Eğer sormazsa, taratmadan önce kendiniz Check for Updates butonuna tıklayarak güncelleştirin.
    * Configuration and Preferences sekmesi altında Preferences butonuna tıklayın.
    * General and Startup sekmesine tıklayın ve Start-up Options altında Start SUPERAntiSpyware when Windows starts seçeneğinin seçili olmadığından emin olun.
    * Scanning Control sekmesine gelin ve Scanner Options altında yalnızca aşağıdakilerin işaretli olduğundan emin olun. (Diğerlerini işaretsiz bırakın.)

    # Close browsers before scanning.
    # Scan for tracking cookies.
    # Terminate memory threats before quarantining.
    * Close butonuna tıklayarak programı kapatın.
    * Henüz sisteminizi taratmayın.

    Şimdi tekrar programı çalıştırın:

    * Ana menüde Scan for Harmful Software altında Scan your computer tıklayın.
    * Sol tarafta C:\Fixed Drive işaretli olduğundan emin olun.
    * Sağ tarafta Complete Scan altında Perform Complete Scan seçin ve Next tıklayın.
    * Tarama işlemi bittikten sonra zararlı yazılımları içeren bir tarama özeti açılacak. OK tıklayın.
    * Herşeyin işaretli olduğundan emin olun ve Next tıklayın.
    * Quarantine and Removal is Complete şeklinde bir uyarı alacaksınız. OK tıklayın ve ana menüye dönmek için Finish tıklayın.
    * Eğer yeniden başlatmanız gerektiği söylenirse, Yes tıklayıp bilgisayarınızı yeniden başlatın.
    * İşlem sonuçlarını öğrenmek için:
    # Preferences tıklayın ve Statistics/Logs sekmesine gelin.
    # Scanner Logs altında SUPERAntiSpyware Scan Log çift tıklayın.
    # Eğer birden fazla log varsa, güncel olanı seçin ve View log tıklayın. Bir yazı dosyası açılacaktır.
    # Açılan dosyayı kaydedip mesajınıza ekleyerek bize gönderin.
    * Close tıklayarak programı kapatın.




  • quote:

    Orjinalden alıntı: serji


    quote:

    Orjinalden alıntı: EliNTeR

    Serji laptop birden sürekli takılmalar yapmaya başladı.. 

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar 
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll 
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)  
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"  
      O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe 
      O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe 
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') 
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') 
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present 
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll 
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll 
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    Evet sistemde virus gozukuyor. Yukaridaki islemlerden sonra:

    Combofix adli programi indirin.

    http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe

    1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
    2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
    3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
    4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
    5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
    6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
    7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
    8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
    9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.


    ComboFix 08-10-15.08 - EliNTeR 2008-10-16 21:36:42.1 - NTFSx86
    Running from: C:\Documents and Settings\EliNTeR\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\EliNTeR\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

    .
    ((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))
    .

    2008-10-16 00:17 . 2008-10-16 00:17 <DIR> d-------- C:\Program Files\QuickTime
    2008-10-16 00:08 . 2008-10-16 00:08 <DIR> d-------- C:\Documents and Settings\EliNTeR\Application Data\CyberLink
    2008-10-15 15:05 . 2008-10-15 15:05 <DIR> d-------- C:\Program Files\DG-DEV
    2008-10-15 05:33 . 2008-08-14 16:23 2,191,104 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-15 05:33 . 2008-08-14 16:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-15 05:33 . 2008-08-14 16:23 2,067,968 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-15 05:33 . 2008-08-14 16:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-15 05:33 . 2008-09-15 18:25 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-10-15 05:33 . 2008-09-08 13:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
    2008-10-14 15:11 . 2008-10-16 01:39 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
    2008-10-14 15:11 . 2008-10-14 15:11 <DIR> d-------- C:\DVDVideoSoft
    2008-10-14 15:11 . 2002-01-05 15:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
    2008-10-14 01:15 . 2008-10-14 01:15 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-10-12 02:58 . 2008-10-12 02:58 <DIR> d-------- C:\Program Files\Camfrog
    2008-10-12 02:58 . 2008-10-12 02:58 <DIR> d-------- C:\Documents and Settings\EliNTeR\Application Data\Camfrog
    2008-10-11 04:31 . 2008-10-16 21:33 <DIR> d-------- C:\Documents and Settings\EliNTeR\Application Data\OpenOffice.org2
    2008-10-11 04:31 . 2004-08-04 12:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_21025.nls
    2008-10-11 04:31 . 2004-08-04 12:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_20880.nls
    2008-10-11 04:31 . 2004-08-04 12:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_20269.nls
    2008-10-11 04:31 . 2004-08-04 12:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_1148.nls
    2008-10-11 04:31 . 2004-08-04 12:00 66,082 --a------ C:\WINDOWS\system32\c_21025.nls
    2008-10-11 04:31 . 2004-08-04 12:00 66,082 --a------ C:\WINDOWS\system32\c_20880.nls
    2008-10-11 04:31 . 2004-08-04 12:00 66,082 --a------ C:\WINDOWS\system32\c_20269.nls
    2008-10-11 04:31 . 2004-08-04 12:00 66,082 --a------ C:\WINDOWS\system32\c_1148.nls
    2008-10-11 04:03 . 2008-10-11 04:03 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
    2008-10-10 23:46 . 2008-10-10 23:50 <DIR> d-------- C:\Documents and Settings\EliNTeR\Application Data\ImgBurn
    2008-10-10 23:36 . 2008-10-10 23:36 <DIR> d-------- C:\Program Files\ImgBurn
    2008-10-10 22:58 . 2008-10-10 22:58 <DIR> d-------- C:\Documents and Settings\EliNTeR\Application Data\Sonic
    2008-10-10 22:58 . 2008-10-10 22:58 <DIR> d-------- C:\Documents and Settings\EliNTeR\Application Data\Leadertech
    2008-10-10 22:42 . 2008-10-10 22:42 <DIR> d-------- C:\WINDOWS\system32\tr
    2008-10-10 22:42 . 2008-10-10 22:42 <DIR> d-------- C:\WINDOWS\system32\bits
    2008-10-10 22:42 . 2008-10-10 22:42 <DIR> d-------- C:\WINDOWS\l2schemas
    2008-10-10 22:39 . 2008-10-10 22:43 <DIR> d-------- C:\WINDOWS\ServicePackFiles
    2008-10-10 22:30 . 2008-10-10 22:30 <DIR> d-------- C:\WINDOWS\EHome
    2008-10-10 22:26 . 2008-10-10 22:26 <DIR> d-------- C:\Program Files\Alcohol Soft
    2008-10-10 21:59 . 2008-10-10 21:59 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-10-09 04:28 . 2008-10-03 20:02 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-10-09 04:28 . 2007-04-17 12:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-10-09 04:28 . 2007-03-08 08:12 1,015,808 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-10-09 04:28 . 2008-08-26 11:11 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-10-09 04:28 . 2008-08-26 11:11 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-10-09 04:28 . 2008-08-26 11:11 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-10-09 04:28 . 2008-08-26 11:11 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-10-09 04:28 . 2008-08-26 11:11 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-10-09 04:28 . 2008-08-25 11:38 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-10-08 03:14 . 2008-10-08 03:14 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-10-08 03:10 . 2008-10-08 03:10 <DIR> d-------- C:\Program Files\MSXML 4.0
    2008-10-08 03:00 . 2008-10-08 03:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-10-08 02:55 . 2008-10-08 02:55 <DIR> d-------- C:\Program Files\Bonjour
    2008-10-08 02:46 . 2008-10-08 02:46 <DIR> d-------- C:\Documents and Settings\EliNTeR\Application Data\Skype
    2008-10-08 02:46 . 2008-10-08 02:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2008-10-08 02:41 . 2008-10-08 02:41 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
    2008-10-08 00:28 . 2008-10-08 00:28 <DIR> d--h----- C:\WINDOWS\PIF
    2008-10-08 00:22 . 2008-10-08 00:22 <DIR> d-------- C:\Documents and Settings\EliNTeR\Application Data\AdobeUM
    2008-10-07 21:00 . 2008-10-07 21:00 <DIR> d-------- C:\WINDOWS\system32\LogFiles
    2008-10-07 19:10 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-10-07 19:10 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
    2008-10-07 19:10 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-10-07 17:10 . 2008-10-07 17:10 <DIR> d-------- C:\Program Files\uTorrent
    2008-10-07 17:09 . 2008-10-16 21:33 <DIR> d-------- C:\Documents and Settings\EliNTeR\Application Data\uTorrent
    2008-10-07 14:45 . 2008-10-07 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-10-07 03:07 . 2008-10-07 03:07 <DIR> d-------- C:\Program Files\Messenger Plus! Live
    2008-10-07 03:07 . 2008-10-07 03:07 <DIR> d--hs---- C:\Documents and Settings\EliNTeR\UserData
    2008-10-07 03:02 . 2008-10-15 11:34 <DIR> d-------- C:\Documents and Settings\EliNTeR\Contacts
    2008-10-07 02:58 . 2008-10-07 03:01 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-10-07 02:57 . 2008-10-07 03:02 <DIR> d-------- C:\Program Files\Windows Live
    2008-10-07 02:57 . 2008-10-07 02:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-10-07 02:47 . 2008-10-16 01:34 <DIR> d-------- C:\Documents and Settings\EliNTeR\Application Data\dvdcss
    2008-10-07 02:32 . 2008-10-07 03:37 <DIR> d-------- C:\Documents and Settings\EliNTeR\Application Data\vlc
    2008-10-07 02:14 . 2008-10-14 00:42 2,463,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-10-07 02:14 . 2008-10-14 00:42 29,276 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-10-07 01:39 . 2008-10-10 22:42 <DIR> d-------- C:\WINDOWS\system32\tr-TR
    2008-10-07 01:37 . 2008-10-07 01:39 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
    2008-10-07 01:37 . 2008-10-07 01:37 <DIR> d-------- C:\Program Files\Reference Assemblies
    2008-10-07 01:37 . 2008-10-07 01:37 <DIR> d-------- C:\Program Files\MSBuild
    2008-10-07 01:36 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2008-10-07 01:33 . 2008-10-07 01:33 <DIR> d-------- C:\Program Files\MSXML 6.0
    2008-10-07 01:27 . 2008-10-07 01:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-10-07 01:20 . 2008-10-07 01:20 <DIR> d-------- C:\Documents and Settings\EliNTeR\dwhelper
    2008-10-07 01:15 . 2008-10-07 01:15 <DIR> d-------- C:\Program Files\ZoneAlarmSB
    2008-10-07 01:14 . 2008-10-07 01:14 <DIR> d-------- C:\Program Files\Zone Labs
    2008-10-07 01:14 . 2008-10-07 01:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-10-07 01:12 . 2008-10-07 01:12 <DIR> d-------- C:\Program Files\Avira
    2008-10-07 01:12 . 2008-10-07 01:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-10-07 01:09 . 2008-10-16 15:40 <DIR> d-------- C:\WINDOWS\Internet Logs
    2008-10-07 00:52 . 2008-10-07 00:52 <DIR> d-------- C:\Program Files\VideoLAN
    2008-10-07 00:52 . 2008-10-07 00:52 <DIR> d-------- C:\Program Files\Sun
    2008-10-07 00:51 . 2008-10-07 00:51 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
    2008-10-07 00:46 . 2008-10-07 00:46 <DIR> d-------- C:\WINDOWS\system32\Adobe
    2008-10-07 00:46 . 2008-10-07 00:46 <DIR> d-------- C:\Program Files\Ares
    2008-10-07 00:21 . 2004-08-04 00:36 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
    2008-10-07 00:16 . 2008-10-07 00:16 0 --a------ C:\WINDOWS\nsreg.dat
    2008-10-07 00:12 . 2008-10-07 00:12 <DIR> d-------- C:\Program Files\SystemRequirementsLab
    2008-10-07 00:04 . 2008-10-07 00:04 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
    2008-10-07 00:04 . 2008-10-07 00:04 <DIR> d-------- C:\Documents and Settings\EliNTeR\Application Data\Intel
    2008-10-07 00:04 . 2008-10-07 00:04 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
    2008-10-07 00:03 . 2008-10-07 03:02 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-10-07 00:03 . 2008-10-07 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel
    2008-10-07 00:02 . 2008-06-14 20:33 272,000 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-10-07 00:02 . 2008-06-14 20:33 272,000 --------- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-10-06 23:56 . 2008-10-06 23:58 <DIR> d-------- C:\WINDOWS\nview
    2008-10-06 23:56 . 2006-06-12 18:11 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
    2008-10-06 23:56 . 2008-10-16 20:50 51,048 --a------ C:\WINDOWS\system32\nvapps.xml
    2008-10-06 23:56 . 2006-06-12 18:11 16,960 --a------ C:\WINDOWS\system32\nvdisp.nvu
    2008-10-06 23:54 . 2008-04-11 22:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2008-10-06 23:54 . 2008-05-01 17:35 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
    2008-10-06 23:54 . 2008-05-08 17:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-10-06 23:51 . 2008-10-06 23:51 <DIR> d-------- C:\WINDOWS\Sun
    2008-10-06 23:46 . 2001-11-21 19:12 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-10-06 23:46 . 2001-11-21 19:12 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-10-06 23:34 . 2008-10-06 23:28 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
    2008-10-06 23:34 . 2008-10-09 15:06 <DIR> dr------- C:\Documents and Settings\EliNTeR\Sık Kullanılanlar
    2008-10-06 23:34 . 2008-10-15 21:12 <DIR> dr------- C:\Documents and Settings\EliNTeR\Belgelerim
    2008-10-06 23:34 . 2008-10-16 04:14 <DIR> d-------- C:\Documents and Settings\EliNTeR
    2008-10-06 23:34 . 2004-08-04 20:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-10-06 23:31 . 2008-10-06 23:31 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
    2008-10-06 23:29 . 2008-10-06 23:29 333 --a------ C:\WINDOWS\system32\$ncsp$.inf
    2008-10-06 23:29 . 2008-10-06 23:29 61 --a------ C:\WINDOWS\smscfg.ini
    2008-10-06 23:28 . 2008-10-06 23:28 2,220,254 --------- C:\WINDOWS\system\RESTORE.INS
    2008-10-06 23:28 . 2008-10-06 23:28 2,220,254 --a------ C:\WINDOWS\RESTORE.INS
    2008-10-06 23:26 . 2008-10-16 00:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-10-06 23:26 . 2008-10-06 23:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2008-10-06 23:25 . 2008-10-06 23:25 <DIR> d-------- C:\Program Files\CyberLink
    2008-10-06 23:25 . 2006-02-23 12:08 198,144 --a------ C:\WINDOWS\system32\_psisdecd.dll
    2008-10-06 23:25 . 2006-02-23 12:08 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-13 10:42 3,170,816 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
    2008-10-13 10:42 1,489,920 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
    2008-10-07 19:38 1,354,240 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2008-09-15 15:25 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-08-27 09:11 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-08-25 08:43 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-08-14 13:23 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 13:23 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll
    2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ares"="C:\Program Files\Ares\Ares.exe" [2008-08-21 888832]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-10-07 270128]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SMSERIAL"="C:\WINDOWS\sm56hlpr.exe" [2006-03-21 544768]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713]
    "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-23 106496]
    "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "PCMService"="c:\APPS\Powercinema\PCMService.exe" [2006-02-23 147456]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-12 7577600]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-12 86016]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
    "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-10-16 413696]
    "High Definition Audio Özellik Sayfası Kısayolu"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
    "nwiz"="nwiz.exe" [2006-06-12 C:\WINDOWS\system32\nwiz.exe]

    C:\Documents and Settings\EliNTeR\Start Menu\Programlar\BaŸlang‡\
    OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-10-20 393216]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableChangePassword "= 1 (0x1)
    "DisableLockWorkstation "= 1 (0x1)
    "DisableChangePassword"= 0 (0x0)
    "DisableLockWorkstation"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Ares\\Ares.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\APPS\\skype\\phone\\Skype.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=


    *Newly Created Service* - PROCEXP90
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-SmpcSys - C:\APPS\SMP\SmpSys.exe


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\EliNTeR\Application Data\Mozilla\Firefox\Profiles\jvczy1e7.default\
    FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
    FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
    Rootkit scan 2008-10-16 21:45:25
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    C:\DOCUME~1\EliNTeR\LOCALS~1\Temp\RGIB4.tmp

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    Completion time: 2008-10-16 21:49:23
    ComboFix-quarantined-files.txt 2008-10-16 18:48:46

    Pre-Run: 49.445.109.760 bayt boş
    Post-Run: 49,545,838,592 bayt boş

    245 --- E O F --- 2008-10-15 21:59:50




  • Bu sorunlu makinada gene virus bulasti sanirim. internet exploreri acar acmaz avast bagirmaya baslior virus bulundu. panik yapmayın diye siliyorum fakat sonra tekrar oluyor ...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:54:15, on 16.10.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\Administrator\Desktop\w3hph.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [AirTiesWUS-300] C:\Program Files\AirTies\AirTiesWUS-300\WUS300.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [38465945] rundll32.exe "C:\WINDOWS\system32\xdyvnslt.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O20 - AppInit_DLLs: pjrtlj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 4342 bytes




  • quote:

    Orjinalden alıntı: EliNTeR

    Malwarebytes Antimalware adlı programı indirin.

    http://www.guvenlikuzmanim.com/dosyalar/mbam-setup.exe

    * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
    * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
    * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
    * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
    * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
    * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
    * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
    * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
    * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

    NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.




  • quote:

    quote:

    Orjinalden alıntı: EliNTeR


    Malwarebytes Antimalware adlı programı indirin.

    http://www.guvenlikuzmanim.com/dosyalar/mbam-setup.exe

    * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
    * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
    * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
    * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
    * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
    * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
    * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
    * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
    * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

    NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.


    Benim icin de aynısı mı gecerli üstat




  • Üstat anlayışın ve zahmetin için teşekkür ederim. Gecikme için kusura bakma malum işten eve gelince ancak.
    Dediklerini 3 kez yapmak istedim ancak olmadı.

    Yazdıklarını harfiyen uyguluyorum. Fakat CTRL+ALT+DEL sonrası problem çıkıyor. Şöyleki;

    1) wvauclt.exe - Kapattıktan sonra tekrar geliyor.
    2) csrss.exe - Sonlandırmıyor. (This is a critical system process. Task Manager cannot end this process)
    smss.exe - Sonlandırmıyor. (This is a critical system process. Task Manager cannot end this process)
    lsass.exe - Sonlandırmıyor. (This is a critical system process. Task Manager cannot end this process)

    Belki başkalarında da aynı mesaj olacak ama fırsat kalmıyor. Sebebi de svchost.exe lerden kaynaklı.
    Birden fazla svchost.exe var. Sıra ile kapatmaya çalışıyorum. Bazıları kapanıyor, ancak bazılarında karşıma bir pencere çıkıyor.
    Pencerede This shutdown was initiated by NT AUTHORITY SYSTEM diyor. Sonra da 60 saniyeden geri sayıp makineyi restart ediyor.

    Altında da başka bir pencere oluyor. Orada 2 ayrı mesaj çıktı.
    İlkinde Remote Procedure Call Service (RPC) was terminated unexpectedly, ikincisinde DCOM Server Process Launcher was terminated unexpectedly ibareleri vardı.

    Tıkandım kaldım. Yardımını rica ediyorum.

    Sağlıcakla kal.




    quote:

    Orjinalden alıntı: serji


    quote:

    Orjinalden alıntı: aoitsukinosuke
    Üstat kusura bakma ben bu konularda ümmiyim. Gönderdiğin listeyi ne yapmam gerekiyor?
    (Bir yandan yardım için eski sayfalara bakıyorum ama bağlantım zır pırt kopuyor. Acaba tez elden yol göstermen mümkün mü?)

    Estag. Kusura bakma gondermeyi unutmusum.

    * HijackThis adlı programı açın.
    * Do a system scan only seçeneğine tıklayın.
    * Aşağıdaki satırları işaretleyin. 

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://tkm.ibb.gov.tr/ 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://windowsupdate.microsoft.com/ 
      F2 - REG:system.ini: Shell=explorer.exe 
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll 
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
      O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll  
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll  
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k 
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe  
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') 
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') 
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')  
      O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html 
      O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html 
      O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html 
      O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html 
      O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html 
      O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html 
      O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html 
      O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html  
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll 
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll 
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL  
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı Adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.




  • quote:

    Orjinalden alıntı: recoill

    Bu sorunlu makinada gene virus bulasti sanirim. internet exploreri acar acmaz avast bagirmaya baslior virus bulundu. panik yapmayın diye siliyorum fakat sonra tekrar oluyor ...

    * HijackThis adlı programı açın.
    * Do a system scan only seçeneğine tıklayın.
    * Aşağıdaki satırları işaretleyin. 

    O4 - HKLM\..\Run: [38465945] rundll32.exe "C:\WINDOWS\system32\xdyvnslt.dll",b 
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe  
      O20 - AppInit_DLLs: pjrtlj.dll


    * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı Adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.

    Daha sonra da:

    Combofix adli programi indirin.

    http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe

    1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
    2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
    3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
    4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
    5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
    6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
    7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
    8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
    9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.




  • quote:

    Orjinalden alıntı: aoitsukinosuke

    Üstat anlayışın ve zahmetin için teşekkür ederim. Gecikme için kusura bakma malum işten eve gelince ancak.
    Dediklerini 3 kez yapmak istedim ancak olmadı.

    Yazdıklarını harfiyen uyguluyorum. Fakat CTRL+ALT+DEL sonrası problem çıkıyor. Şöyleki;

    1) wvauclt.exe - Kapattıktan sonra tekrar geliyor.
    2) csrss.exe - Sonlandırmıyor. (This is a critical system process. Task Manager cannot end this process)
    smss.exe - Sonlandırmıyor. (This is a critical system process. Task Manager cannot end this process)
    lsass.exe - Sonlandırmıyor. (This is a critical system process. Task Manager cannot end this process)

    Belki başkalarında da aynı mesaj olacak ama fırsat kalmıyor. Sebebi de svchost.exe lerden kaynaklı.
    Birden fazla svchost.exe var. Sıra ile kapatmaya çalışıyorum. Bazıları kapanıyor, ancak bazılarında karşıma bir pencere çıkıyor.
    Pencerede This shutdown was initiated by NT AUTHORITY SYSTEM diyor. Sonra da 60 saniyeden geri sayıp makineyi restart ediyor.

    Altında da başka bir pencere oluyor. Orada 2 ayrı mesaj çıktı.
    İlkinde Remote Procedure Call Service (RPC) was terminated unexpectedly, ikincisinde DCOM Server Process Launcher was terminated unexpectedly ibareleri vardı.

    Ufak bir noktayi kaciriyorsun. Tum islemleri degil. Kullanici adinin karsisindaki tum islemleri sonlandiracaksin. Yani system yazanlar degil kullanici adin yazanlar





  • Hemen deneyeyim.
    Lam ben adam olmam. Babam haklıymış.
  • quote:

    Orjinalden alıntı: aoitsukinosuke


    Hemen deneyeyim.
    Lam ben adam olmam. Babam haklıymış.

    Estag. Fakat simdi yatmam gerekiyor. Yarin aksam yine saat 9 civari cevaplari yazmis olurum. Iyi geceler.
  • quote:

    Orjinalden alıntı: serji


    quote:

    Orjinalden alıntı: aoitsukinosuke


    Hemen deneyeyim.
    Lam ben adam olmam. Babam haklıymış.

    Estag. Fakat simdi yatmam gerekiyor. Yarin aksam yine saat 9 civari cevaplari yazmis olurum. Iyi geceler.


    Tamam üstat, Allah rahatlık versin.

    Bu arada dediklerini yaptım ve tekrarHijackthis ile scan edip log aldım. Sonuçlar aşağıda. Ellerinden öperler.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:42:52, on 17.10.2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPSMON\UPSMON_Service.Exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\UPSMON\UPSMON.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\HFXP2\hfxp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\*****\Desktop\HiJackThis.exe

    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [UPSMON] C:\Program Files\UPSMON\UPSMON.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [hfxp] C:\Program Files\HFXP2\hfxp.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] E:\Programs\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [PcSync] E:\Programs\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165484325472
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe

    --
    End of file - 5415 bytes



    < Bu mesaj bu kişi tarafından değiştirildi aoitsukinosuke -- 17 Ekim 2008; 0:45:39 >




  • Orjinalden alıntı: Golday

    Görünürde virüs yok system32 hatası arada bir çıkıyordu şu an gözükmüyor inş. gözükmezde
    son olması dileggiyle rapor

    Buuyk cogunlugunu temizlemisiz fakat bir tanesi kalmis.

    Combofix adli programi indirin.

    http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe

    1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
    2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
    3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
    4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
    5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
    6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
    7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
    8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
    9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.

    İşte rapor ayrıca ne virüsü bulaşmış bilgisayarıma bilginiz varmı.
    ComboFix 08-10-16.08 - AOPEN 2008-10-17 6:39:59.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1254.1.1055.18.1602 [GMT 2:00]
    Running from: D:\Download\ComboFix.exe
    * Created a new restore point

    [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\68.exe
    C:\autorun.inf
    C:\bo1dhu.bat
    C:\ev60a2.cmd
    C:\WINDOWS\system32\ckvo.exe
    C:\WINDOWS\system32\ckvo0.dll
    C:\WINDOWS\system32\ckvo1.dll
    D:\Autorun.inf
    D:\bo1dhu.bat
    D:\ev60a2.cmd
    E:\Autorun.inf
    E:\bo1dhu.bat
    E:\ev60a2.cmd

    .
    ((((((((((((((((((((((((( Files Created from 2008-09-17 to 2008-10-17 )))))))))))))))))))))))))))))))
    .

    2008-10-11 18:36 . 2008-10-11 18:36 <DIR> d-------- C:\Documents and Settings\AOPEN\Application Data\Sony Corporation
    2008-10-11 18:29 . 2008-10-11 18:29 <DIR> d-------- C:\Program Files\Sony
    2008-10-11 18:28 . 2008-10-11 18:28 <DIR> d-------- C:\Documents and Settings\AOPEN\Application Data\InstallShield
    2008-10-10 20:58 . 2008-10-10 20:58 <DIR> d-------- C:\ERDNT
    2008-10-09 20:57 . 2008-10-10 17:39 101,500 -r-hs---- C:\08dgu.com
    2008-10-07 15:40 . 2008-10-07 15:40 64 --a------ C:\WINDOWS\system32\aiks.ldb
    2008-10-06 20:08 . 2008-10-06 20:08 <DIR> d-------- C:\downloads
    2008-10-05 14:20 . 2008-10-05 14:20 <DIR> d-------- C:\Documents and Settings\AOPEN\Application Data\GrabPro
    2008-10-05 13:59 . 2008-10-05 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
    2008-10-05 13:55 . 2008-10-05 13:55 <DIR> d-------- C:\Program Files\CCleaner
    2008-10-03 18:39 . 2008-10-03 18:39 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
    2008-10-03 15:50 . 2008-10-03 15:50 <DIR> d-------- C:\Program Files\DVDVIDEOSOFT
    2008-10-03 15:50 . 2008-10-03 15:50 <DIR> d-------- C:\Program Files\Common Files\DVDVIDEOSOFT
    2008-10-01 12:43 . 2008-10-01 12:43 <DIR> d-------- C:\Documents and Settings\AOPEN\Application Data\Nokia Multimedia Player
    2008-10-01 12:40 . 2008-10-01 12:40 <DIR> d-------- C:\Documents and Settings\AOPEN\Phone Browser
    2008-10-01 12:25 . 2008-10-01 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
    2008-10-01 12:24 . 2008-10-01 12:24 <DIR> d-------- C:\Program Files\Common Files\PCSuite
    2008-10-01 12:24 . 2008-10-01 12:24 <DIR> d-------- C:\Program Files\Common Files\Nokia
    2008-10-01 12:24 . 2008-10-01 12:38 <DIR> d-------- C:\Documents and Settings\AOPEN\Application Data\Nokia
    2008-10-01 12:23 . 2008-10-01 12:23 <DIR> d-------- C:\Program Files\PC Connectivity Solution
    2008-10-01 12:23 . 2008-10-01 12:24 <DIR> d-------- C:\Program Files\Nokia
    2008-10-01 12:23 . 2008-10-01 12:23 <DIR> d-------- C:\Program Files\DIFX
    2008-10-01 12:23 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
    2008-10-01 12:23 . 2007-02-22 11:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
    2008-10-01 12:23 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
    2008-10-01 12:23 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
    2008-10-01 12:23 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
    2008-10-01 10:44 . 2008-10-01 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
    2008-10-01 02:45 . 2008-10-01 02:46 18 --a------ C:\WINDOWS\system32\pingtime.ini
    2008-09-23 04:04 . 2008-09-23 04:04 <DIR> d-------- C:\Program Files\Konuşan Sözlük
    2008-09-17 22:03 . 2008-10-12 12:26 <DIR> d-------- C:\Program Files\Incomplete

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-16 17:23 --------- d-----w C:\Program Files\AIMP2
    2008-10-16 15:48 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\Orbit
    2008-10-14 23:15 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\OpenOffice.org2
    2008-10-12 10:29 --------- d-----w C:\Program Files\LimeWire
    2008-10-12 10:26 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\LimeWire
    2008-10-11 16:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-08 14:31 --------- d-----w C:\Program Files\Google
    2008-10-07 08:23 --------- d-----w C:\Program Files\Orbitdownloader
    2008-10-05 12:28 --------- d-----w C:\Program Files\Total Video Converter
    2008-10-05 12:20 --------- d-----w C:\Program Files\ESET
    2008-10-04 18:00 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\Skype
    2008-10-03 04:17 --------- d-----w C:\Program Files\FlashGet
    2008-10-03 04:17 --------- d-----w C:\Program Files\ErtemSoft Videocapture
    2008-10-01 10:40 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\PC Suite
    2008-09-23 02:09 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\Hamachi
    2008-09-15 15:39 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-09-11 13:01 --------- d--ha-w C:\Program Files\SETUP
    2008-09-06 10:56 --------- d-----w C:\Program Files\Picasa2
    2008-09-01 09:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-09-01 09:15 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-08-30 09:55 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\IObit
    2008-08-30 09:50 --------- d-----w C:\Program Files\IObit
    2008-08-29 12:53 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
    2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-08-26 11:28 --------- d-----w C:\Program Files\microsoft frontpage
    2008-08-26 09:35 --------- d-----w C:\Program Files\MSN Messenger
    2008-08-23 13:57 --------- d-----w C:\Program Files\Ashampoo
    2008-08-23 13:57 --------- d-----w C:\Documents and Settings\AOPEN\Application Data\Ashampoo
    2008-08-23 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
    2008-08-20 14:30 22,328 ----a-w C:\Documents and Settings\AOPEN\Application Data\PnkBstrK.sys
    2008-08-20 14:29 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
    2008-08-20 14:20 --------- d-----w C:\Program Files\Electronic Arts
    2008-08-20 05:37 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-08-18 00:25 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
    2008-08-18 00:25 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
    2008-08-18 00:25 --------- d-----w C:\Program Files\Common Files\xing shared
    2008-08-18 00:25 --------- d-----w C:\Program Files\Common Files\Real
    2008-08-14 13:44 2,138,112 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 13:44 2,017,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-08-05 16:58 44,544 ----a-w C:\WINDOWS\system32\msxml4a.dll
    2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
    2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
    2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
    2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll
    2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-02-08 07:43 8 ------w C:\Documents and Settings\All Users\Application Data\SDGLYBMPWPP.SYS
    2007-12-29 18:18 32 ------w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2005-06-22 05:37 45,568 --sh--r C:\WINDOWS\system32\cygz.dll
    .

    ------- Sigcheck -------

    2004-08-04 00:45 14336 1d651165a36d10f6b0fc69a914e52947 C:\WINDOWS\system32\svchost.exe
    2004-08-04 00:45 14336 1d651165a36d10f6b0fc69a914e52947 C:\WINDOWS\system32\dllcache\svchost.exe

    2005-03-02 20:20 577536 5eaa22b4862d42dd073d2e437fe07272 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
    2007-03-08 17:50 578560 955907521336ffd22f77bf3ded8186ba C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
    2004-08-04 00:45 577536 bf3789c2c424d7a44dd485a28c1224e9 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
    2005-03-02 20:10 577536 63ac04e172b3171f82aba15732b43dd7 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
    2007-03-08 17:37 578048 660e675422f77ca1f536c104770df16a C:\WINDOWS\system32\user32.dll
    2007-03-08 17:37 578048 660e675422f77ca1f536c104770df16a C:\WINDOWS\system32\dllcache\user32.dll

    2004-08-04 00:45 82944 c0a38170c28c13bdbe7857b04999fa18 C:\WINDOWS\system32\ws2_32.dll
    2004-08-04 00:45 82944 c0a38170c28c13bdbe7857b04999fa18 C:\WINDOWS\system32\dllcache\ws2_32.dll

    2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
    2006-04-20 13:51 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
    2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
    2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\drivers\tcpip.sys

    2004-08-04 00:45 502272 370ac794b77d3284c807b401d0979c49 C:\WINDOWS\system32\winlogon.exe
    2004-08-04 00:45 502272 370ac794b77d3284c807b401d0979c49 C:\WINDOWS\system32\dllcache\winlogon.exe

    2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
    2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

    2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
    2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

    2007-06-13 15:22 1033216 16c9974928b0159bb2c4c4041426a49b C:\WINDOWS\explorer.exe
    2007-06-13 15:10 1033216 8c82776ff0d43e2526ec2e259567b464 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2004-08-04 00:45 1032192 0d82ee7c6edee0e8e36305e63ac20aaf C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
    2007-06-13 15:22 1033216 16c9974928b0159bb2c4c4041426a49b C:\WINDOWS\system32\dllcache\explorer.exe

    2004-08-04 00:45 108544 c71da9498b37280c61c75983789be279 C:\WINDOWS\system32\services.exe
    2004-08-04 00:45 108544 c71da9498b37280c61c75983789be279 C:\WINDOWS\system32\dllcache\services.exe

    2004-08-04 00:45 13312 2380b134a9fea8b7683be78a4c8d92b8 C:\WINDOWS\system32\lsass.exe
    2004-08-04 00:45 13312 2380b134a9fea8b7683be78a4c8d92b8 C:\WINDOWS\system32\dllcache\lsass.exe

    2004-08-04 00:45 15360 9d83d8f381868e8347263dc62a8a2152 C:\WINDOWS\system32\ctfmon.exe
    2004-08-04 00:45 15360 9d83d8f381868e8347263dc62a8a2152 C:\WINDOWS\system32\dllcache\ctfmon.exe

    2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    2004-08-04 00:45 57856 eded8ea387a59c4b6ea154f29e562aae C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
    2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
    2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\dllcache\spoolsv.exe

    2004-08-04 00:45 24576 b0b1983041c5c1bee93e24907bc83722 C:\WINDOWS\system32\userinit.exe
    2004-08-04 00:45 24576 b0b1983041c5c1bee93e24907bc83722 C:\WINDOWS\system32\dllcache\userinit.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2008-10-10_21.00.34,75 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-08-27 11:44:56 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2008-10-11 16:32:30 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    - 2008-08-27 11:44:56 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    + 2008-10-11 16:32:30 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    - 2008-08-27 11:44:56 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2008-10-11 16:32:30 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    - 2008-08-27 11:44:53 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-10-11 16:32:26 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2008-08-27 11:44:53 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-10-11 16:32:28 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2008-08-27 11:44:53 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-10-11 16:32:28 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2008-08-27 11:44:54 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-10-11 16:32:28 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2008-08-27 11:44:54 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-10-11 16:32:28 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2008-08-27 11:44:54 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-10-11 16:32:29 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2008-08-27 11:44:55 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-10-11 16:32:29 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2008-08-27 11:44:55 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-10-11 16:32:29 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2008-08-27 11:44:55 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-10-11 16:32:30 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2008-08-27 11:44:56 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-10-11 16:32:31 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2008-08-27 11:44:56 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    + 2008-10-11 16:32:32 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    - 2008-08-27 11:44:56 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    + 2008-10-11 16:32:32 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    - 2008-08-27 11:44:57 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    + 2008-10-11 16:32:32 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    - 2008-08-27 11:44:57 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    + 2008-10-11 16:32:33 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    - 2008-08-27 11:44:55 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    + 2008-10-11 16:32:30 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    - 2007-02-28 16:01:30 2,138,112 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
    + 2008-08-14 13:44:37 2,138,112 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
    - 2007-02-28 16:01:43 2,059,520 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
    + 2008-08-14 13:44:43 2,059,648 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
    - 2007-02-28 16:01:26 2,017,792 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
    + 2008-08-14 13:44:35 2,017,792 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
    - 2007-02-28 16:01:35 2,182,272 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
    + 2008-08-14 13:44:40 2,182,272 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
    - 2008-06-23 15:39:37 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
    + 2008-08-20 05:37:22 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
    - 2008-06-23 15:39:37 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
    + 2008-08-20 05:37:15 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
    - 2008-06-23 15:39:38 1,054,720 ----a-w C:\WINDOWS\system32\danim.dll
    + 2008-08-20 05:37:16 1,054,720 ----a-w C:\WINDOWS\system32\danim.dll
    - 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
    + 2008-08-14 09:51:43 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
    - 2008-06-23 15:39:37 1,023,488 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
    + 2008-08-20 05:37:22 1,023,488 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
    - 2008-06-23 15:39:37 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
    + 2008-08-20 05:37:15 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
    - 2008-06-23 15:39:38 1,054,720 -c----w C:\WINDOWS\system32\dllcache\danim.dll
    + 2008-08-20 05:37:16 1,054,720 -c----w C:\WINDOWS\system32\dllcache\danim.dll
    - 2008-06-23 15:39:38 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    + 2008-08-20 05:37:16 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    - 2008-06-23 15:39:38 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
    + 2008-08-20 05:37:17 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
    - 2008-06-23 15:39:38 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2008-08-20 05:37:17 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
    - 2008-06-23 09:49:29 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
    + 2008-08-19 09:30:39 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
    - 2008-06-23 15:39:38 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
    + 2008-08-20 05:37:17 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
    - 2008-06-23 15:39:38 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
    + 2008-08-20 05:37:17 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
    - 2008-06-23 15:39:38 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2008-08-20 05:37:20 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
    - 2008-06-23 15:39:41 3,080,704 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
    + 2008-08-20 05:37:28 3,081,216 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
    - 2008-06-23 15:39:41 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2008-08-20 05:37:20 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
    - 2008-06-23 15:39:41 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
    + 2008-08-20 05:37:17 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
    - 2008-06-23 15:39:41 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2008-08-20 05:37:17 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
    - 2007-02-28 16:01:30 2,138,112 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    + 2008-08-14 13:44:37 2,138,112 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    - 2007-02-28 16:01:26 2,017,792 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    + 2008-08-14 13:44:43 2,059,648 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    - 2007-02-28 16:01:26 2,017,792 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    + 2008-08-14 13:44:35 2,017,792 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    - 2007-02-28 16:01:30 2,138,112 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    + 2008-08-14 13:44:40 2,182,272 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    - 2008-06-23 15:39:41 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2008-08-20 05:37:17 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
    - 2008-06-23 15:39:42 1,494,528 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
    + 2008-08-20 05:37:19 1,494,528 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
    - 2008-06-23 15:39:43 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
    + 2008-08-20 05:37:21 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
    - 2006-08-14 10:34:41 332,928 -c----w C:\WINDOWS\system32\dllcache\srv.sys
    + 2008-08-28 10:04:17 333,056 -c----w C:\WINDOWS\system32\dllcache\srv.sys
    - 2008-06-23 15:39:43 616,448 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
    + 2008-08-20 05:37:24 616,448 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
    - 2008-03-20 08:07:06 1,845,248 -c----w C:\WINDOWS\system32\dllcache\win32k.sys
    + 2008-09-15 15:39:01 1,846,016 -c----w C:\WINDOWS\system32\dllcache\win32k.sys
    - 2008-06-23 15:39:43 658,944 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2008-08-20 05:37:20 658,944 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
    - 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    + 2008-08-14 09:51:43 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    - 2008-06-23 15:39:38 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    + 2008-08-20 05:37:16 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    - 2008-06-23 15:39:38 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
    + 2008-08-20 05:37:17 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
    - 2008-06-23 15:39:38 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
    + 2008-08-20 05:37:17 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
    - 2008-09-11 15:23:29 196,960 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2008-10-16 08:24:42 196,960 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    - 2008-06-23 15:39:38 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
    + 2008-08-20 05:37:17 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
    - 2008-06-23 15:39:38 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
    + 2008-08-20 05:37:17 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
    - 2008-06-23 15:39:38 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
    + 2008-08-20 05:37:20 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
    - 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe
    + 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe
    - 2008-06-23 15:39:41 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
    + 2008-08-20 05:37:28 3,081,216 ----a-w C:\WINDOWS\system32\mshtml.dll
    - 2008-06-23 15:39:41 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
    + 2008-08-20 05:37:20 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
    - 2008-06-23 15:39:41 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
    + 2008-08-20 05:37:17 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
    - 2008-06-23 15:39:41 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
    + 2008-08-20 05:37:17 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
    - 2008-06-23 15:39:41 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
    + 2008-08-20 05:37:17 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
    - 2005-03-11 22:48:14 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
    + 2006-10-18 17:43:36 115,960 ----a-w C:\WINDOWS\system32\PxCpyI64.exe
    - 2005-03-11 22:48:14 109,568 ------w C:\WINDOWS\system32\pxinsi64.exe
    + 2006-11-02 14:57:04 118,520 ----a-w C:\WINDOWS\system32\PxInsI64.exe
    - 2008-06-23 15:39:42 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
    + 2008-08-20 05:37:19 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
    - 2008-06-23 15:39:43 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
    + 2008-08-20 05:37:21 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
    - 2007-11-30 12:41:01 17,272 ------w C:\WINDOWS\system32\spmsg.dll
    + 2007-11-30 11:21:50 17,272 ------w C:\WINDOWS\system32\spmsg.dll
    - 2008-06-23 15:39:43 616,448 ----a-w C:\WINDOWS\system32\urlmon.dll
    + 2008-08-20 05:37:24 616,448 ----a-w C:\WINDOWS\system32\urlmon.dll
    - 2008-07-03 09:42:55 353,280 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    + 2008-08-19 09:52:01 353,280 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-18 185896]
    "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveSearch"= 1 (0x1)

    [HKLM\~\startupfolder\C:^Documents and Settings^AOPEN^Start Menu^Programlar^Başlangıç^Picture Motion Browser Media Check Tool.lnk]
    path=C:\Documents and Settings\AOPEN\Start Menu\Programlar\Başlangıç\Picture Motion Browser Media Check Tool.lnk
    backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    --a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -r------- 2008-02-01 17:22 21898024 C:\Documents and Settings\AOPEN\desktop\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-08-18 02:25 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "W32Time"=2 (0x2)
    "LmHosts"=2 (0x2)
    "lanmanserver"=2 (0x2)
    "mnmsrvc"=3 (0x3)
    "WZCSVC"=2 (0x2)
    "ERSvc"=2 (0x2)
    "CiSvc"=3 (0x3)
    "Browser"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "VMSnap3"=C:\WINDOWS\VMSnap3.EXE
    "NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    "Alcmtr"=ALCMTR.EXE
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    "SkyTel"=SkyTel.EXE
    "Domino"=C:\WINDOWS\Domino.EXE
    "RTHDCPL"=RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
    "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
    "C:\\Documents and Settings\\AOPEN\\Desktop\\Skype.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

    R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
    R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2008-07-14 2560]
    R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-07-03 39424]
    R3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 428160]
    S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-06-20 13352]
    S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
    S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
    S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
    S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
    S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 98696]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b5883d5-20f3-11dd-8e2a-001d60ca5b51}]
    \Shell\AutoRun\command - G:\e6.com
    \Shell\explore\Command - G:\e6.com
    \Shell\open\Command - G:\e6.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4466fd2c-8c83-11dd-8529-001d60ca5b51}]
    \Shell\Auto\command - activexdebugger32.exe f
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
    \Shell\explore\Command - activexdebugger32.exe f
    \Shell\open\Command - activexdebugger32.exe f

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{681442de-3ec2-11dd-9b14-001d60ca5b51}]
    \Shell\AutoRun\command - G:\e.exe
    \Shell\explore\Command - G:\e.exe
    \Shell\open\Command - G:\e.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0130550-acac-11dc-b9d8-001d60ca5b51}]
    \Shell\AutoRun\command - G:\sasyg1y8.com
    \Shell\explore\Command - G:\sasyg1y8.com
    \Shell\open\Command - G:\sasyg1y8.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8248ffd-d16d-11dc-8bfd-001d60ca5b51}]
    \Shell\AutoRun\command - G:\sasyg1y8.com
    \Shell\explore\Command - G:\sasyg1y8.com
    \Shell\open\Command - G:\sasyg1y8.com
    .
    Contents of the 'Scheduled Tasks' folder

    2008-10-17 C:\WINDOWS\Tasks\CryptLoad.job
    - C:\Documents and Settings\AOPEN\Desktop\CrytLoad\CryptLoad.exe []
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
    HKLM-Run-BigDog303 - C:\WINDOWS\VM303_STI.EXE
    ShellExecuteHooks-{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09} - (no file)


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\AOPEN\Application Data\Mozilla\Firefox\Profiles\2o2ztk0z.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE -
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
    FF -: plugin - C:\Program Files\Picasa2\npPicasa2.dll
    FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
    FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
    Rootkit scan 2008-10-17 06:40:47
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@?9????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-10-17 6:41:17
    ComboFix-quarantined-files.txt 2008-10-17 04:41:13
    ComboFix2.txt 2008-10-10 19:00:46

    Pre-Run: 6.864.539.648 bayt boş
    Post-Run: 6,851,936,256 bayt boş

    435 --- E O F --- 2008-10-16 04:33:50



    < Bu mesaj bu kişi tarafından değiştirildi fuhrergandhi -- 17 Ekim 2008; 6:48:50 >




  • ComboFix 08-10-16.08 - Administrator 2008-10-17 8:39:40.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1254.1.1055.18.674 [GMT 3:00]
    Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    * Created a new restore point

    [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\resycled
    C:\resycled\boot.com
    C:\WINDOWS\system32\bdviucnn.exe
    C:\WINDOWS\system32\cbXPGaXN.dll
    C:\WINDOWS\system32\closhcyq.dll
    C:\WINDOWS\system32\necddk.dll
    C:\WINDOWS\system32\NXaGPXbc.ini
    C:\WINDOWS\system32\NXaGPXbc.ini2
    C:\WINDOWS\system32\opoetxad.dll
    C:\WINDOWS\system32\ortwekdi.dll
    C:\WINDOWS\system32\pjrtlj.dll
    C:\WINDOWS\system32\PXIRCcdd.ini
    C:\WINDOWS\system32\PXIRCcdd.ini2
    C:\WINDOWS\system32\qychsolc.ini
    C:\WINDOWS\system32\svhsgwbt.dll
    C:\WINDOWS\system32\tbwgshvs.ini
    C:\WINDOWS\system32\tlsnvydx.ini
    C:\WINDOWS\system32\wbsfhsqe.dll
    C:\WINDOWS\system32\wniobe.dll
    C:\WINDOWS\system32\xdyvnslt.dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2008-09-17 to 2008-10-17 )))))))))))))))))))))))))))))))
    .

    2008-10-16 02:36 . 2008-10-16 02:36 <DIR> d-------- C:\Program Files\Trend Micro
    2008-10-16 02:18 . 2008-10-16 02:18 34,816 --a------ C:\WINDOWS\system32\khfdCvtU.dll
    2008-10-16 02:18 . 2008-10-16 02:18 34,816 --a------ C:\WINDOWS\system32\fccdaYrS.dll
    2008-10-14 16:37 . 2008-10-15 21:53 <DIR> d-------- C:\Documents and Settings\Administrator\dwhelper
    2008-10-14 16:33 . 2008-10-14 16:33 <DIR> d-------- C:\Program Files\Sun
    2008-10-14 16:32 . 2008-10-14 16:32 <DIR> d-------- C:\Program Files\Java
    2008-10-14 16:32 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-10-14 16:29 . 2008-10-14 16:29 <DIR> d-------- C:\Program Files\Common Files\Java
    2008-10-14 00:09 . 2008-10-14 01:37 <DIR> d-------- C:\Program Files\The KMPlayer
    2008-10-11 16:21 . 2008-10-11 16:21 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
    2008-10-09 22:22 . 2008-10-09 22:22 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-10-09 22:22 . 2008-10-13 13:21 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
    2008-10-09 22:21 . 2008-10-09 22:21 <DIR> d-------- C:\Program Files\MSN Messenger
    2008-10-09 21:43 . 2005-12-12 00:35 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
    2008-10-09 21:43 . 2008-10-09 21:43 396 --a------ C:\WINDOWS\ODBC.INI
    2008-10-09 21:42 . 2008-10-09 21:42 <DIR> d-------- C:\WINDOWS\SHELLNEW
    2008-10-09 21:42 . 2008-10-09 21:42 <DIR> d-------- C:\Program Files\Microsoft.NET
    2008-10-09 21:27 . 2008-10-09 21:27 <DIR> d-------- C:\Program Files\Alwil Software
    2008-10-09 09:38 . 2008-10-09 20:16 <DIR> d-------- C:\Yeni Klasör
    2008-10-09 07:48 . 2008-10-09 07:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
    2008-10-09 07:47 . 2007-09-04 19:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
    2008-10-09 07:47 . 2008-07-30 22:09 38 --a------ C:\WINDOWS\avisplitter.ini
    2008-10-09 07:46 . 2008-10-12 05:59 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
    2008-10-09 07:15 . 2008-10-16 23:41 <DIR> d-------- C:\Program Files\AIMP2
    2008-10-09 06:22 . 2008-10-09 06:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
    2008-10-09 06:21 . 2008-10-09 06:21 <DIR> d-------- C:\Program Files\GRETECH
    2008-10-09 06:21 . 2008-10-09 06:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GRETECH

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-08 07:01 --------- d-----w C:\Program Files\HD Tune
    2008-10-07 23:11 --------- d-----w C:\Program Files\Google
    2008-10-07 23:01 --------- d-----w C:\Program Files\Ontrack
    2008-10-07 22:12 --------- d-----w C:\Program Files\Intel
    2008-10-07 22:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-07 22:11 --------- d-----w C:\Program Files\Realtek
    2008-10-07 21:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-10-07 21:53 --------- d-----w C:\Program Files\ASUSTeK
    2008-10-07 21:51 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-10-07 21:47 --------- d-----w C:\Program Files\AirTies
    2008-10-07 21:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
    2008-10-07 21:44 --------- d-----w C:\Program Files\Analog Devices
    2008-10-07 21:36 --------- d-----w C:\Program Files\microsoft frontpage
    2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll
    2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD72687B-CF83-4463-8E95-2CB3198CA5F6}]
    2008-10-16 02:18 34816 --a------ C:\WINDOWS\system32\fccdaYrS.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 7557120]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-02-13 86016]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe]
    "nwiz"="nwiz.exe" [2006-02-13 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 44544]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoDesktopCleanupWizard"= 1 (0x1)
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "NoSMMyDocs"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "NoSMMyDocs"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{AD72687B-CF83-4463-8E95-2CB3198CA5F6}"= "C:\WINDOWS\system32\fccdaYrS.dll" [2008-10-16 34816]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdaYrS]
    2008-10-16 02:18 34816 C:\WINDOWS\system32\fccdaYrS.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wniobe.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= msaud32_divx.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);C:\WINDOWS\system32\DRIVERS\tusb1150.sys [2007-03-16 450944]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d9d1f15-94be-11dd-bbac-001ca80140ea}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:
    \Shell\Open\command - F:\resycled\boot.com f:
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{41FA34C0-51A1-4F39-8FA5-D2B6A3A340E2} - C:\WINDOWS\system32\ddcCRIXP.dll
    BHO-{5A746D3F-A3E3-406A-98A5-FB3319FA93BB} - C:\WINDOWS\system32\cbXPGaXN.dll
    BHO-{a928013a-0c61-444f-947e-a3b413301efd} - C:\WINDOWS\system32\wniobe.dll
    HKLM-Run-AirTiesWUS-300 - C:\Program Files\AirTies\AirTiesWUS-300\WUS300.exe
    HKLM-Run-38465945 - C:\WINDOWS\system32\svhsgwbt.dll


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yuk9nuza.default\
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
    Rootkit scan 2008-10-17 08:45:48
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2008-10-17 8:47:07 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-17 05:47:01

    Pre-Run: 108.783.067.136 bayt boş
    Post-Run: 108,748,402,688 bayt boş

    169




  • quote:

    Orjinalden alıntı: serji


    quote:

    Orjinalden alıntı: EliNTeR

    Malwarebytes Antimalware adlı programı indirin.

    http://www.guvenlikuzmanim.com/dosyalar/mbam-setup.exe

    * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
    * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
    * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
    * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
    * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
    * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
    * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
    * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
    * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

    NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.


    serji ben elinterin arkadaşı, banlanmış o yüzden ben veriyorum malwarebytes log'unu. bu arada pc hala yavaşmış

    işte log:


    Norman Malware Cleaner
    Copyright © 1990 - 2008, Norman ASA. Built 2008/10/14 01:27:52

    Norman Scanner Engine Version: 5.93.01
    Nvcbin.def Version: 5.93.00, Date: 2008/10/14 01:27:52, Variants: 2126541

    Running pre-scan cleanup routine:
    Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 3
    Logged on user: SENSEITSUBASA\EliNTeR

    Set registry value: HKCR\scrfile\shell\open\command\ = ""%1" %*" -> ""%1" /S"
    Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
    Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
    Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = 0x00000000
    Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoFolderOptions = 0x00000000
    Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoFolderOptions = 0x00000000
    Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
    Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

    Scan started: 17/10/2008 02:39:57


    Scanning running processes and process memory...

    Number of processes/threads found: 2404
    Number of processes/threads scanned: 2404
    Number of processes/threads not scanned: 0
    Number of infected processes/threads terminated: 0
    Total scanning time: 8m 9s


    Scanning file system...

    Scanning: C:\*.*

    C:\Documents and Settings\EliNTeR\Belgelerim\Downloads\999.Kitap.öZeTi.LeechTuRK.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

    C:\Documents and Settings\EliNTeR\Belgelerim\Downloads\999.Kitap.öZeTi.LeechTuRK.rar/RR (Error whilst scanning file: I/O Error (0x00220000))

    Scanning: G:\*.*

    Scanning: F:\*.*


    Running post-scan cleanup routine:

    Number of files found: 34681
    Number of archives unpacked: 309
    Number of files scanned: 34541
    Number of files not scanned: 140
    Number of files skipped due to exclude list: 0
    Number of infected files found: 0
    Number of infected files repaired/deleted: 0
    Number of infections removed: 0
    Total scanning time: 23m 58s




  • bitdefender raporu:



    file:///D:/bitdefender.html
  • Tamam yüklemeye çalışırım.


    edit: ya ne bu böyle be! 303 mb.lik şeyi nası indiriyim ben otomatik güncelleştirmeden yüklemiştim daha önce ne güzel şimdi oda çalışmıyor of ya

    bilgisayarı atıcan pencereden hiçbir sorun kalmayacak yada kısa yoldan üstünde zıplaya zıplaya kırcan

    bu bilgisayar sinir küpü yaptı beni ya



    Al işte şimdi de mozilla kafayı yedi



    < Bu mesaj bu kişi tarafından değiştirildi Sirkadyen -- 17 Ekim 2008; 17:09:49 >




  • quote:

    bitdefender raporu:

    file:///D:/bitdefender.html


    Format şart
    • 
Sayfa: önceki 267268269270271
Sayfaya Git
Git
sonraki
- x
Bildirim
mesajınız kopyalandı (ctrl+v) yapıştırmak istediğiniz yere yapıştırabilirsiniz.
Hizmet kalitesi için çerezleri kullanabiliriz. DH’ye girerek kullanım izni vermiş sayılırsınız.
Anladım Veri Politikamız