Yeni Kayıt
Konudaki Resimler
önceki
|
Hızlı 
Bildirim
HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (285. sayfa)
Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Daha Fazla 
Bu Konudaki Kullanıcılar:
Daha Az 
4 Misafir - 4 Masaüstü
Giriş
Mesaj
-
-
quote:
Orjinalden alıntı: firstknigth
slm, öncelikle şunu belirtmek isterim ki böyle ciddi ve profesyonel bir platformda bulunmak benim için gurur verici,tüm ekip'e böyle bir hizmeti bizlere sundukları için binlerce teşekkürler.
benim problemim pc'de şu isimde "C:\WINDOWS\System32\CKVO1.DLL" bir trojan olması.avast 4.8 home kullanıyorum,trojanı buluyor,ilk tavsiyesi "karantina" tamam diyorum,restart diyor yine tamam diyorum ama bir kaç saat sonra bu trojan tekrar peydah oluyor avastın bu sefer ki tavsiyesi "yoksay" yine tamam diyorum ve bu kısır döngü bir kaç saat sonra olmasa bile bir kaç gün sonra yine devam ediyor ve açılışta pc resmen donuyor bazen restart yapmak zorunda kalıyorum.yardımcı olursanız sevinirim.
Hosgeldiniz.
* HijackThis adlı programı açın.
* Do a system scan only seçeneğine tıklayın.
* Aşağıdaki satırları işaretleyin.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6065\SiteAdv.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
* CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı Adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.
Combofix adli programi indirin.
http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
-
quote:
Orjinalden alıntı: Onr34
Yha Önceden de YoLLamıstım Bnden SOnra çok yollamıslar kaybolmasın die bi daha alıntı yaptım =) Bnmki çok önemli CPU Kullanımı %100 Yazılımlardan felan diyorLar hiç bişey anlamıyorum bu konuda da yardım ederseniz sevinirim..
Merak etmeyin kaybolmaz. Ilk yollanandan sona dogru gidiyorum zaten. Cevabi da yazdim ayriac
quote:
Orjinalden alıntı: _Lee01
MEsajiniza mutlaka birseyler yazin demistim ama sanirim gozunuze carpmadi.
* HijackThis adlı programı açın.
* Do a system scan only seçeneğine tıklayın.
* Aşağıdaki satırları işaretleyin.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BigDogpath326] C:\WINDOWS\VMSnap326.exe PREMIER USB2.0 PC Kamera (VC0326)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - Global Startup: BIGDOGPATH326.lnk = C:\WINDOWS\VMSnap326.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
* CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı Adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.
Combofix adli programi indirin.
http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
-
quote:
Orjinalden alıntı: mavii_yosun
Bilgisayarımda birden kur işlemi başlıyor microsoft professional editor 2003 diye sonra bilgisayar kitleniyor.daha önce newheur_pe virüsü bulmuştuk makinalarda aynı şekilde kur işlemi başlayıp bilgisayar kitleniyordu yine aynı şekilde kur işlemi başlayıp bilgisayar kitleniyor
Bide topicin başında her bilgisayara farklı çözüm bulunur yazmışsın benim cafemde bu virüsün bulaştığını düşündüğüm 10 bilgisayar falan war hepsine ayrı ayrı mı yöntem bulucaz demek bu ?
* HijackThis adlı programı açın.
* Do a system scan only seçeneğine tıklayın.
* Aşağıdaki satırları işaretleyin.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.musonya.com/MusonyaStart.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.22:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .musonya.com
*.musonya.*
*.musonya.com
.youtube.com
*.youtube.com
*.mail.google.com
.mail.google.com
localhost
127.0.0.1
*.googlesyndication.*
.googlesyndication.com
*.googlesyndication.com
.googleadservices.com
*.googleadservices.com
*.gmail.com
.gmail.com
*.google-analytics.*
.google-analytics.com
*.google-analytics.com
sb.google.com
*sb.google.com
*.msn.com
.msn.com
*.live.com
.live.com
*.microsoft.*
*.hotmail.*
*.gameforge.de
.gameforge.de
*.mynet.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O1 - Hosts: 127.1 localhost
O1 - Hosts: 127.1 fffff8888fsgfbghj88.cn
O1 - Hosts: 127.1 61.134.37.12
O1 - Hosts: 127.1 ko.ssa387.cn
O1 - Hosts: 127.1 www.ndxrr.cn
O1 - Hosts: 127.1 12345.ssa387.cn
O1 - Hosts: 127.1 lihai88.com
O1 - Hosts: 127.1 wwwwhf.cn
O1 - Hosts: 127.1 a89369093.sq.u9idc.com
O1 - Hosts: 127.1 www.mmd178.cn
O1 - Hosts: 127.1 www.178mmd.cn
O1 - Hosts: 127.1 www.wenzhuoyyy.cn
O1 - Hosts: 127.1 tw.lovechina.tw.cn
O1 - Hosts: 127.1 222.189.238.151
O1 - Hosts: 127.1 222.179.185.78
O1 - Hosts: 127.1 www.wq9q.cn
O1 - Hosts: 127.1 593ffcey.cn
O1 - Hosts: 127.1 set.yay520.cn
O1 - Hosts: 127.1 tenmoc999.cn
O1 - Hosts: 127.1 lihai88.com
O1 - Hosts: 127.1 121.kcuf-01.com
O1 - Hosts: 127.1 www.ew1q.cn
O1 - Hosts: 127.1 www.b3sk.cn
O1 - Hosts: 127.1 up.bizmd.cn
O1 - Hosts: 127.1 www.ms2a.cn
O1 - Hosts: 127.1 www.wo9188.cn
O1 - Hosts: 127.1 www.fgetchr.cn
O1 - Hosts: 127.1 www.e6zx.cn
O1 - Hosts: 127.1 hai067.com
O1 - Hosts: 127.1 hai088.com
O1 - Hosts: 127.1 778899.jd8j.cn
O1 - Hosts: 127.1 sql.78-11.net
O1 - Hosts: 127.1 www.bbbirdy.com
O1 - Hosts: 127.1 www.s1na1.com.cn
O1 - Hosts: 127.1 www.dianyinjzd.cn
O1 - Hosts: 127.1 www.dj5201314dj.com
O1 - Hosts: 127.1 max-2.cn
O1 - Hosts: 127.1 a.asp-o.cn
O1 - Hosts: 127.1 b.asp-o.cn
O1 - Hosts: 127.1 c.asp-o.cn
O1 - Hosts: 127.1 x.kprobb.cn
O1 - Hosts: 127.1 js.php-k.cn
O1 - Hosts: 127.1 max-1.cn
O1 - Hosts: 127.1 max-3.cn
O1 - Hosts: 127.1 max-4.cn
O1 - Hosts: 127.1 max-5.cn
O1 - Hosts: 127.1 max-6.cn
O1 - Hosts: 127.1 max-7.cn
O1 - Hosts: 127.1 max-8.cn
O1 - Hosts: 127.1 max-9.cn
O1 - Hosts: 127.1 max-10.cn
O1 - Hosts: 127.1 max-11.cn
O1 - Hosts: 127.1 max-12.cn
O1 - Hosts: 127.1 twocannon250.com.cn
O1 - Hosts: 127.1 www.133mm.cn
O1 - Hosts: 127.1 www.51vmm.cn
O1 - Hosts: 127.1 www.7mmoo.cn
O1 - Hosts: 127.1 www.99mmm.org.cn
O1 - Hosts: 127.1 www.hdec.cn
O1 - Hosts: 127.1 www.picc18.com
O1 - Hosts: 127.1 www.kissdh.com
O1 - Hosts: 127.1 www.x7v.cn
O1 - Hosts: 127.1 biqulu.cn
O1 - Hosts: 127.1 2008.qq2006.com.cn
O1 - Hosts: 127.1 giaitrisex.com
O1 - Hosts: 127.1 www.giaitrisex.com
O1 - Hosts: 127.1 www.giaitrituoitre.net
O1 - Hosts: 127.1 mekiep.com
O1 - Hosts: 127.1 www.1sex1day.com
O1 - Hosts: 127.1 a.9ymm.com
O1 - Hosts: 127.1 bobo.7wyt.com
O1 - Hosts: 127.1 www.591caobi.cn
O1 - Hosts: 127.1 www.hrz008.cn
O1 - Hosts: 127.1 asp-15.cn
O1 - Hosts: 127.1 asp-12.cn
O1 - Hosts: 127.1 www.jb88.net
O1 - Hosts: 127.1 6.a88a.com
O1 - Hosts: 127.1 w.b2c3.cn
O1 - Hosts: 127.1 m.c5x8.com
O1 - Hosts: 127.1 www.518sfw.cn
O1 - Hosts: 127.1 www.jjyyzmj.cn
O1 - Hosts: 127.1 u.cnmrx.net
O1 - Hosts: 127.1 duowan.czm.cn
O1 - Hosts: 127.1 xccxcxcxcxcx.cn
O1 - Hosts: 127.1 google-yahoo.org.cn
O1 - Hosts: 127.1 tudou-net.org.cn
O1 - Hosts: 127.1 downloads.zango.com
O1 - Hosts: 127.1 ftp.surfnet.nl
O1 - Hosts: 127.1 bis.180solutions.com
O1 - Hosts: 127.1 installs.hotbar.com
O1 - Hosts: 127.1 www.hbdownloads.com
O1 - Hosts: 127.1 static.zangocash.com
O1 - Hosts: 127.1 www.qq-songli.cn
O1 - Hosts: 127.1 aa.9234.net
O1 - Hosts: 127.1 www.97love.info
O1 - Hosts: 127.1 97love.info
O1 - Hosts: 127.1 www.zyzhuiku.cn
O1 - Hosts: 127.1 zyzhuiku.cn
O1 - Hosts: 127.1 www.lang18.com
O1 - Hosts: 127.1 lang18.com
O1 - Hosts: 127.1 sao6666.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main
O4 - HKLM\..\Run: [HBService32] System.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{43B4E787-4DBB-4E98-BC1D-CC4B802ED4E2}: NameServer = 10.0.0.2,10.0.0.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{43B4E787-4DBB-4E98-BC1D-CC4B802ED4E2}: NameServer = 10.0.0.2,10.0.0.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{43B4E787-4DBB-4E98-BC1D-CC4B802ED4E2}: NameServer = 10.0.0.2,10.0.0.3
O20 - AppInit_DLLs: HBmhly.dll
once bu sorunu cozelim sonra digerlerine de uygulariz orasi sorun degil. Yalniz virus islemlerinden sonra Filtre programini bastan yuklemek gerekebilir.
* CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı Adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.
Combofix adli programi indirin.
http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
-
SerJi Ben altdaki dedigini Görmedim Girdim FixedLedim Sonradan gördüm :( Sonlandırmadan Yaptım Bakim SOrun aynı mı Ya bu konuda bana lütfen yardım edin bilgisayarcılara götürdüm pcyi format atıp yolladılar onu bende yapıyorum ama birşey olmuyor ne bu yha offff 
Sorun Devam Ediyorrrr ne biçim iş bu ne yha Ekran kartı aldım 4,5 Gün Sonra bunu yaptı Değiştirdim 4,5 Gün Sonra yine yaptı Yine değiştirmeyi düşünüyorumm..
< Bu mesaj bu kişi tarafından değiştirildi Onr34 -- 1 Kasım 2008; 12:23:05 >
-
hijackthisi hallettikten sonra combofix logu da burda :)
ComboFix 08-10-31.02 - grkan 2008-11-01 3:14:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1181 [GMT -7:00]
Running from: C:\Documents and Settings\grkan\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2008-10-01 to 2008-11-01 )))))))))))))))))))))))))))))))
.
2008-12-04 23:51 . 2008-12-04 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-12-04 21:22 . 2008-12-04 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-04 21:21 . 2008-12-04 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-04 21:15 . 2008-12-04 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-03 16:40 . 2008-12-04 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-12-03 15:25 . 2008-12-04 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-02 18:18 . 2008-12-02 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 06:57 --------- d-----w C:\Program Files\Trend Micro
2008-12-05 06:51 --------- d-----w C:\Program Files\ESET
2008-12-05 05:19 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-12-05 04:22 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-12-05 04:22 --------- d-----w C:\Documents and Settings\grkan\Application Data\Malwarebytes
2008-12-05 04:15 --------- d-----w C:\Program Files\Lavasoft
2008-12-05 04:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-12-05 04:12 --------- d-----w C:\Program Files\NOS
2008-12-03 23:47 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-12-03 23:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-12-03 23:20 --------- d-----w C:\Program Files\z80sim
2008-12-03 22:29 --------- d-----w C:\Program Files\MSBuild
2008-12-03 22:29 --------- d-----w C:\Program Files\Microsoft Works
2008-12-03 22:28 --------- d-----w C:\Program Files\Microsoft.NET
2008-12-03 22:26 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-12-03 03:28 --------- d-----w C:\Program Files\PoolEmpire
2008-12-03 03:28 --------- d-----w C:\Program Files\Play89
2008-12-03 01:45 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-12-03 01:33 --------- d-----w C:\Program Files\Windows Live
2008-12-03 01:24 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-12-03 01:05 --------- d-----w C:\Program Files\uTorrent
2008-12-03 00:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-12-03 00:57 --------- d-----w C:\Program Files\Realtek AC97
2008-12-03 00:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-12-03 00:44 --------- d-----w C:\Program Files\microsoft frontpage
2008-11-01 07:03 --------- d-----w C:\Documents and Settings\grkan\Application Data\uTorrent
2008-11-01 06:37 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-11-01 00:08 --------- d-----w C:\Program Files\Cucusoft
2008-10-23 00:10 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-23 00:10 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-16 00:14 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-09-16 00:11 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:00 2,180,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 6803456]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2005-06-29 212992]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2005-07-04 69632]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 86016]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-12-02 190024]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"nwiz"="nwiz.exe" [2005-06-15 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 C:\WINDOWS\soundman.exe]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{289d590f-c088-11dd-a002-806d6172696f}]
\Shell\AutoRun\command - F:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{914b9933-c18a-11dd-87f6-0013d39e7f36}]
\Shell\AutoRun\command - G:\xih9.cmd
\Shell\explore\Command - G:\xih9.cmd
\Shell\open\Command - G:\xih9.cmd
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\grkan\Application Data\Mozilla\Firefox\Profiles\qwiefrmj.default\
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2008-11-01 03:17:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-01 3:18:27
ComboFix-quarantined-files.txt 2008-11-01 10:18:25
Pre-Run: 31.498.149.888 bytes free
Post-Run: 31,492,587,520 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
118 --- E O F --- 2008-11-01 10:01:00
-
Bana dediginiz seyleri yaptım sonra combofixi calıstırdım restartt attı ve bir metin belgesi cıktı bu belge:
ComboFix 08-10-30.13 - Gold 2008-10-31 23:50:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1254.1.1055.18.239 [GMT 2:00]
Running from: C:\Documents and Settings\Gold\Belgelerim\Downloads\Programs\ComboFix.exe
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\Gold\Local Settings\Temporary Internet Files\SuggestedSites.dat
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\companion wizard\compwiz.exe
C:\Program Files\internet explorer\iekey.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\system32\fiefuirq.exe
C:\WINDOWS\system32\gfhjRXyb.ini
C:\WINDOWS\system32\gfhjRXyb.ini2
C:\WINDOWS\system32\iayakveq.ini
C:\WINDOWS\system32\kbqovhep.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mxadsusl.dll
C:\WINDOWS\system32\p2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\qevkayai.dll
C:\WINDOWS\system32\RCMlkUtv.ini
C:\WINDOWS\system32\RCMlkUtv.ini2
C:\WINDOWS\system32\riqsdvvv.exe
C:\WINDOWS\system32\s2
C:\WINDOWS\system32\sdjljkcd.ini
C:\WINDOWS\system32\snquomnv.ini
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\utwyinlt.ini
C:\WINDOWS\system32\winnsy32.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\zddceq.dll
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\vmmreg.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 )))))))))))))))))))))))))))))))
.
2008-10-31 20:43 . 2008-10-31 20:44 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-10-31 18:32 . 2008-10-31 18:32 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-31 18:32 . 2008-10-31 18:32 <DIR> d-------- C:\Program Files\Avira
2008-10-31 18:32 . 2008-10-31 18:32 <DIR> d-------- C:\Documents and Settings\Gold\Application Data\SUPERAntiSpyware.com
2008-10-31 18:32 . 2008-10-31 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-31 18:32 . 2008-10-31 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-31 18:31 . 2008-10-31 18:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-31 16:55 . 2008-10-31 16:55 <DIR> d-------- C:\WINDOWS\Sun
2008-10-31 16:32 . 2005-11-25 22:14 <DIR> d-------- C:\Documents and Settings\Administrator\Sık Kullanılanlar
2008-10-31 16:32 . 2005-11-25 22:14 <DIR> d-------- C:\Documents and Settings\Administrator\Belgelerim
2008-10-31 16:32 . 2008-10-31 16:32 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-30 22:42 . 2008-10-30 22:42 <DIR> d-------- C:\Program Files\IObit
2008-10-30 19:13 . 2008-10-30 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-30 17:03 . 2008-10-30 17:03 <DIR> d-------- C:\AventGrup©
2008-10-30 16:59 . 2008-10-30 16:59 <DIR> d-------- C:\Documents and Settings\Gold\Application Data\Smart PC Solutions
2008-10-30 16:58 . 2008-10-30 16:58 <DIR> d-------- C:\Program Files\Smart PC Solutions
2008-10-29 19:22 . 2008-10-29 19:22 <DIR> d-------- C:\Documents and Settings\Gold\Application Data\ESET
2008-10-29 19:15 . 2008-10-29 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-10-29 18:18 . 2008-10-29 18:19 13,942 --a------ C:\WINDOWS\system32\iphone-012.ico
2008-10-29 17:21 . 2008-10-29 17:21 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-10-29 17:18 . 2008-10-29 22:43 <DIR> d--hs---- C:\WINDOWS\eHh4
2008-10-29 17:18 . 2008-10-29 17:18 153,475 --a------ C:\WINDOWS\system32\g28.exe
2008-10-29 17:17 . 2008-10-29 17:18 <DIR> d-------- C:\WINDOWS\system32\muc
2008-10-29 17:17 . 2008-10-29 17:17 <DIR> d-------- C:\WINDOWS\system32\EV02
2008-10-29 17:17 . 2008-10-29 17:18 <DIR> d-------- C:\Temp\xp34
2008-10-29 17:17 . 2008-10-31 23:51 <DIR> d-------- C:\Temp
2008-10-29 17:17 . 2008-10-29 17:17 21,504 --a------ C:\WINDOWS\system32\drivers\sdtr.sys
2008-10-29 17:09 . 2008-10-29 17:22 <DIR> d-------- C:\Documents and Settings\Gold\Application Data\LimeWire
2008-10-29 17:02 . 2008-10-29 17:02 <DIR> d-------- C:\Program Files\Sun
2008-10-29 17:01 . 2008-10-29 17:01 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-29 17:01 . 2008-10-29 17:01 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-29 16:54 . 2008-10-29 16:54 0 --a------ C:\WINDOWS\nsreg.dat
2008-10-29 12:21 . 2008-10-29 12:23 <DIR> d-------- C:\Documents and Settings\Gold\Application Data\cspa
2008-10-29 11:28 . 2008-10-29 11:28 <DIR> d-------- C:\Program Files\VS Revo Group
2008-10-27 14:09 . 2008-10-27 14:09 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-10-27 14:09 . 2008-10-27 14:09 64,281 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-10-27 14:02 . 2008-10-27 14:09 6,112 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-10-27 14:01 . 2008-10-27 14:01 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-10-27 13:36 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\uharc.exe
2008-10-27 13:36 . 2004-09-03 23:43 199 --a------ C:\WINDOWS\system32\paypal.url
2008-10-27 13:36 . 2006-05-26 22:54 83 --a------ C:\WINDOWS\system32\winx.url
2008-10-27 11:30 . 2008-10-27 11:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-27 11:30 . 2008-10-27 11:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-26 23:19 . 2008-10-29 19:23 <DIR> d-------- C:\Program Files\RelevantKnowledge
2008-10-26 23:19 . 2008-10-26 23:19 <DIR> d-------- C:\Program Files\FileSubmit
2008-10-26 22:24 . 2008-10-26 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-10-26 22:10 . 2008-10-26 22:10 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-10-26 21:58 . 2007-04-03 15:50 77,824 -ra------ C:\WINDOWS\VM305Cap.exe
2008-10-26 21:54 . 2008-10-26 21:54 <DIR> d-------- C:\WINDOWS\EffectResources
2008-10-26 21:54 . 2008-10-26 21:54 <DIR> d-------- C:\Program Files\Vimicro
2008-10-26 21:54 . 2006-05-08 10:24 391,688 --a------ C:\WINDOWS\system32\drivers\usbVM305.sys
2008-10-26 21:54 . 2005-08-08 18:22 155,722 --a------ C:\WINDOWS\system32\VM305Prp.Ax
2008-10-26 21:54 . 2005-08-05 18:36 81,920 --a------ C:\WINDOWS\system32\VM305STI.dll
2008-10-26 21:54 . 2007-04-09 16:46 57,344 --a------ C:\WINDOWS\vm305_sti.exe
2008-10-26 18:57 . 2008-10-26 18:57 20 --a------ C:\WINDOWS\AW.INI
2008-10-26 18:55 . 2008-10-26 18:58 <DIR> d-------- C:\Program Files\Rival Chess
2008-10-26 18:55 . 1995-02-28 12:16 211,488 --a------ C:\WINDOWS\system32\bwcc32.dll
2008-10-26 18:55 . 2001-01-05 14:57 69,632 --a------ C:\WINDOWS\system32\GkSui18.EXE
2008-10-26 18:55 . 1994-09-21 01:00 12,800 --a------ C:\WINDOWS\system32\wing32.dll
2008-10-26 18:53 . 2008-10-26 18:53 <DIR> d-------- C:\AW
2008-10-26 16:32 . 2008-10-26 16:32 24 --a------ C:\WINDOWS\AM_D8.PRF
2008-10-26 16:31 . 2008-10-26 17:30 <DIR> d-------- C:\Program Files\Graffiti Studio 2.0
2008-10-26 14:39 . 2008-10-26 14:39 <DIR> d-------- C:\Program Files\Bonjour
2008-10-26 14:15 . 2008-10-26 14:15 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-10-26 01:30 . 2008-10-26 01:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-25 22:56 . 2008-10-25 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-25 22:47 . 2008-10-25 22:47 <DIR> d-------- C:\Program Files\Yahoo!
2008-10-25 22:47 . 2008-10-25 22:47 <DIR> d-------- C:\Program Files\CCleaner
2008-10-25 16:27 . 2008-10-25 16:27 <DIR> d--hs---- C:\Documents and Settings\Gold\PrivacIE
2008-10-25 16:18 . 2008-10-25 16:19 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-10-25 15:41 . 2001-08-17 19:52 18,688 --a------ C:\WINDOWS\system32\drivers\cdaudio.sys
2008-10-25 15:41 . 2001-08-17 19:52 18,688 --a--c--- C:\WINDOWS\system32\dllcache\cdaudio.sys
2008-10-25 15:15 . 2008-10-25 15:15 <DIR> d-------- C:\log
2008-10-25 15:11 . 2008-10-29 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-25 14:05 . 2008-10-25 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-25 13:50 . 2001-06-24 16:32 172,032 --a------ C:\WINDOWS\JAPI2.DLL
2008-10-25 13:50 . 1999-07-26 09:47 109,840 --a------ C:\WINDOWS\VidCap32.exe
2008-10-25 13:50 . 2002-05-28 08:52 106,496 --a------ C:\WINDOWS\JAPI.DLL
2008-10-25 13:50 . 2004-12-03 11:19 102,400 --a------ C:\WINDOWS\MMVEM.EXE
2008-10-25 13:50 . 1999-10-24 09:25 20,992 --a------ C:\WINDOWS\MMVCB.AX
2008-10-25 13:48 . 2008-10-25 13:49 <DIR> d-------- C:\VP-EYE
2008-10-25 12:49 . 2008-10-30 21:13 13,230,080 --a------ C:\CAPTURE.AVI
2008-10-25 12:42 . 2008-10-25 12:42 <DIR> d-------- C:\Program Files\STV
2008-10-25 12:39 . 2006-11-17 19:37 45,056 --a------ C:\WINDOWS\VMInstNT.exe
2008-10-25 12:39 . 2006-09-28 20:33 40,960 --a------ C:\WINDOWS\VM303UninstNT.exe
2008-10-25 12:39 . 2002-02-26 17:47 15,086 --a------ C:\WINDOWS\uninstall.ico
2008-10-25 12:38 . 2008-10-25 13:33 <DIR> d-------- C:\Program Files\A4 Tech Corporation
2008-10-25 12:23 . 2008-10-25 13:01 <DIR> d-------- C:\Program Files\ClearSkin
2008-10-25 10:28 . 2008-10-25 16:20 <DIR> d-------- C:\WINDOWS\system32\tr-TR
2008-10-25 10:28 . 2006-06-29 12:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-10-25 10:25 . 2008-10-25 10:28 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-10-25 10:25 . 2008-10-25 10:25 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-10-25 10:25 . 2008-10-25 10:25 <DIR> d-------- C:\Program Files\MSBuild
2008-10-25 10:24 . 2008-07-06 14:06 1,676,288 --a------ C:\WINDOWS\system32\xpssvcs.dll
2008-10-25 10:24 . 2008-07-06 14:06 1,676,288 -----c--- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-10-25 10:24 . 2008-07-06 12:50 597,504 -----c--- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-10-25 10:24 . 2008-07-06 14:06 575,488 --a------ C:\WINDOWS\system32\xpsshhdr.dll
2008-10-25 10:24 . 2008-07-06 14:06 575,488 -----c--- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-10-25 10:24 . 2008-07-06 14:06 117,760 --a------ C:\WINDOWS\system32\prntvpt.dll
2008-10-25 10:24 . 2008-07-06 14:06 89,088 -----c--- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-10-23 18:06 . 2008-10-31 23:39 <DIR> d-------- C:\Program Files\Google
2008-10-22 20:31 . 2008-10-23 17:04 <DIR> d-------- C:\WINDOWS\Eurobattle.net Installer
2008-10-22 20:00 . 2008-10-22 20:00 <DIR> d-------- C:\Documents and Settings\Gold\Contacts
2008-10-22 19:46 . 2008-10-22 19:46 <DIR> d-------- C:\Documents and Settings\Gold\Application Data\PlayFirst
2008-10-22 19:46 . 2008-10-22 19:46 <DIR> d-------- C:\Documents and Settings\Gold\Application Data\Chessmaster Challenge
2008-10-22 19:32 . 2008-10-22 19:32 <DIR> d-------- C:\Program Files\GameShadow
2008-10-22 19:26 . 2008-10-24 17:49 <DIR> d-------- C:\Program Files\Conquer 2.0
2008-10-22 17:46 . 2008-10-22 19:59 <DIR> d-------- C:\Program Files\Windows Live
2008-10-22 17:46 . 2008-10-22 19:58 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-22 17:45 . 2008-10-22 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-22 17:23 . 2007-07-30 18:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-10-22 17:23 . 2007-07-30 18:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-10-22 17:23 . 2007-07-30 18:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-10-22 17:23 . 2007-07-30 18:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-22 16:53 . 2008-10-24 14:55 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-10-22 16:53 . 2008-10-26 18:53 <DIR> d-------- C:\Documents and Settings\Gold\Application Data\IDM
2008-10-22 16:53 . 2008-10-31 23:58 <DIR> d-------- C:\Documents and Settings\Gold\Application Data\DMCache
2008-10-22 15:58 . 2008-10-22 15:58 <DIR> d-------- C:\Program Files\AirTies
2008-10-22 15:58 . 2008-10-22 15:58 <DIR> d-------- C:\Documents and Settings\Gold\Application Data\InstallShield
2008-10-22 15:58 . 2008-10-22 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AirTies
2008-10-09 21:06 . 2008-10-09 21:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-10-09 20:34 . 2008-10-09 20:34 2,337,865 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-10-09 19:52 . 2008-10-09 19:52 <DIR> d-------- C:\Program Files\Ubisoft
2008-10-09 19:06 . 2008-10-09 19:06 <DIR> d-------- C:\Program Files\Rockstar Games
2008-10-05 19:17 . 2008-10-09 21:05 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 21:17 --------- d-----w C:\Program Files\Mount&Blade
2008-10-31 19:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-31 17:52 --------- d-----w C:\Program Files\Warcraft III
2008-10-30 20:05 --------- d-----w C:\Program Files\Trainer Maker Kit
2008-10-30 19:14 --------- d-----w C:\Program Files\DAEMON Tools
2008-10-29 20:46 --------- d-----w C:\Program Files\Puzzle Hero
2008-10-29 15:01 --------- d-----w C:\Program Files\Java
2008-10-27 12:09 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-10-26 12:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-25 19:07 --------- d-----w C:\Program Files\Day Watch
2008-10-25 07:00 --------- d-----w C:\Program Files\Electronic Arts
2008-10-25 06:08 16,262 -c--a-w C:\WINDOWS\system32\ealregsnapshot1.reg
2008-10-22 17:59 --------- d-----w C:\Program Files\MSN Messenger
2008-10-05 12:06 --------- d-----w C:\Program Files\THQ
2008-09-04 21:15 --------- d-----w C:\Documents and Settings\Gold\Application Data\Image Zone Express
2008-08-29 18:03 --------- d-----w C:\Documents and Settings\Gold\Application Data\Apple Computer
2008-08-29 14:15 --------- d-----w C:\Program Files\Trainer Creation Kit
2008-08-29 14:15 --------- d-----w C:\Program Files\tck.dmp
2008-08-29 14:15 --------- d-----w C:\Program Files\EF Process Manager
2008-08-29 14:15 --------- d-----w C:\Program Files\ACDSee32
2008-08-29 14:15 --------- d-----w C:\Documents and Settings\Gold\Application Data\XnView
2008-08-29 14:15 --------- d-----w C:\Documents and Settings\Gold\Application Data\My Battle for Middle-earth Files
2008-08-29 14:15 --------- d-----w C:\Documents and Settings\Gold\Application Data\HP
2008-08-29 14:03 --------- d-----w C:\Program Files\EA SPORTS
2008-08-29 13:38 --------- d-----w C:\Documents and Settings\Gold\Application Data\MxBoost
2008-08-29 13:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-29 13:03 --------- d-----w C:\Documents and Settings\Gold\Application Data\EFSoftware
2008-08-29 09:28 --------- d-----w C:\Documents and Settings\Gold\Application Data\UFOAI
2008-08-28 14:10 --------- d-----w C:\Program Files\Blender Foundation
2008-08-28 14:10 --------- d-----w C:\Documents and Settings\Gold\Application Data\Blender Foundation
2008-08-28 13:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-08-28 13:00 --------- d-----w C:\Program Files\TmNationsForever
2008-08-22 00:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 00:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-22 00:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
2008-08-22 00:06 72,704 ----a-w C:\WINDOWS\system32\admparse.dll
2008-08-22 00:06 71,680 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-08-22 00:06 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-08-22 00:05 48,640 ----a-w C:\WINDOWS\system32\PrivacIE.dll
2008-08-22 00:05 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-08-22 00:05 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-08-22 00:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-21 23:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-05 14:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-29 18:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll
2008-07-29 18:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll
2008-07-29 18:10 26,112 ----a-w C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 17:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 16:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 16:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 16:59 161,296 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2008-07-29 16:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 16:24 97,800 ----a-w C:\WINDOWS\system32\infocardapi.dll
2008-07-29 16:24 622,080 ----a-w C:\WINDOWS\system32\icardagt.exe
2008-07-29 16:24 11,264 ----a-w C:\WINDOWS\system32\icardres.dll
2008-07-25 08:16 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2008-07-25 08:16 83,968 ----a-w C:\WINDOWS\system32\mscories.dll
2008-07-25 08:16 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2008-07-25 08:16 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-05-16 17:55 8,224 -c--a-w C:\Documents and Settings\Gold\Application Data\GDIPFONTCACHEV1.DAT
2005-11-03 23:29 72,832 -c--a-r C:\WINDOWS\inf\CamAvb.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-09-12 2606512]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-10-23 171448]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-12 69632]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-18 155648]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"w3dr.exe"="C:\Program Files\Warcraft III\w3dr.exe" [2008-08-03 61440]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-17 C:\WINDOWS\SkyTel.exe]
C:\Documents and Settings\Gold\Start Menu\Programlar\BaŸlang�‡\
Webshots.lnk - C:\Documents and Settings\Gold\Desktop\Win-Traveller\!Freeware\Management\Photos\Webshots!\Launcher.exe [2008-08-06 157008]
C:\Documents and Settings\All Users\Start Menu\Programlar\BaŸlang�‡\
Adsl Hizmet Program�.lnk - C:\Program Files\AirTies\Adsl Hizmet Program�\AdslUtility.exe [2008-10-22 4450304]
Microsoft Office K�sayol €ubu§u.lnk - C:\WINDOWS\Installer\{9028041F-6000-11D3-8CFE-0050048383C9}\misc.exe [2005-11-25 34304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=zrzkpf.dll vvklti.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"vidc.SEDG"= mcs_vfw.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Gold^Start Menu^Programlar^Başlangıç^Webshots.lnk]
path=C:\Documents and Settings\Gold\Start Menu\Programlar\Başlangıç\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a--c--- 2005-08-05 21:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
-ra------ 2003-01-21 09:19 40960 C:\WINDOWS\VM_STI.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 23:45 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-12-20 20:54 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
--a------ 2004-08-13 17:41 86016 C:\Program Files\MSN Apps\Updater\01.02.3000.1001\tr-tr\msnappau.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-03-18 22:49 155648 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-02-22 19:58 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a--c--- 2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R1 SSHDRV65;SSHDRV65;C:\WINDOWS\system32\drivers\SSHDRV65.sys [2008-07-31 120320]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-05-31 55520]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-05-31 42048]
R2 BT848;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2000-11-12 288604]
R2 BTTUNER;BtTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2000-11-12 21992]
R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [2000-11-12 12632]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-29 152984]
R3 ZSMC0305;A4 TECH PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-05-08 391688]
S1 sdtr;sdtr;C:\WINDOWS\system32\drivers\sdtr.sys [2008-10-29 21504]
S3 AVPsys;AVPsys;C:\WINDOWS\system32\drivers\cdaudio.sys [2001-08-17 18688]
S3 dump_wmimmc;dump_wmimmc;C:\WINDOWS\system32\drivers\dump_wmimmc.sys [ ]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 12672]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d9f8fde-d7bf-11db-8423-001320999314}]
\Shell\AutoRun\command - G:\b3b9u.com
\Shell\explore\Command - G:\b3b9u.com
\Shell\open\Command - G:\b3b9u.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79ec9892-7cc2-11dd-866b-001320999314}]
\Shell\Autoplay\Command - G:\xmss.exe
\Shell\AutoRun\command - G:\xmss.exe
\Shell\Explore\Command - G:\xmss.exe
\Shell\Open\Command - G:\xmss.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95674d80-ea9a-11db-8463-001320999314}]
\Shell\AutoRun\command - G:\xmss.exe
\Shell\Open\Command - G:\xmss.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8a0488a-72a7-11dd-863a-001320999314}]
\Shell\Autoplay\Command - G:\xmss.exe
\Shell\AutoRun\command - G:\xmss.exe
\Shell\Explore\Command - G:\xmss.exe
\Shell\Open\Command - G:\xmss.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd3d0d92-946b-11dd-8686-001320999314}]
\Shell\AutoRun\command - tcvbrwcn.exe
\Shell\explore\Command - tcvbrwcn.exe
\Shell\open\Command - tcvbrwcn.exe
.
Contents of the 'Scheduled Tasks' folder
2008-10-31 C:\WINDOWS\Tasks\Download-Emails_13052006221914.job
- C:\Program Files\Workspace Macro 4.5\Workspace Macro.exe []
2008-10-31 C:\WINDOWS\Tasks\User_Feed_Synchronization-{94470F20-30CB-44D0-A02B-F8BD2FCE4FA5}.job
- C:\WINDOWS\system32\msfeedssync.exe [2008-08-22 02:05]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-CaAvTray - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
MSConfigStartUp-CAVRID - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
MSConfigStartUp-DAEMON Tools-1033 - C:\Program Files\D-Tools\daemon.exe
MSConfigStartUp-New - C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL
MSConfigStartUp-phps - C:\WINDOWS\system32\server.exe
MSConfigStartUp-STLauncher - C:\Documents and Settings\Gold\Desktop\KingMuOnlineServer\Launcher.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Gold\Application Data\Mozilla\Firefox\Profiles\zhrb124c.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -www.google.com
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2008-10-31 23:59:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AirTies\Adsl Hizmet ProgramC:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Gold\Desktop\Win-Traveller\!Freeware\Management\Photos\Webshots!\Webshots.scr
.
**************************************************************************
.
Completion time: 2008-11-01 0:07:00 - machine was rebooted [Gold]
ComboFix-quarantined-files.txt 2008-10-31 22:06:53
Pre-Run: 1,416,052,736 bayt boş
Post-Run: 1,322,213,376 bayt boş
418
Sanırım Gormemissin ustlerde kalmıs assagıya indirdim
-
1- Avira AntiVir Premium, otomatik olarak güncelleme yapmıyor.
2- Avira AntiVir Premium;
* C:\Documents and Settings\All Users\Application Data\Microsoft\update.exe
* C:\System Volume Information\_restore{C262D2C8-B360-48C1-983F-DACF369CA37B}\RP15\A0001858.exe.
Bu bölümlerde TR/Crypt.XPACK.Gen [trojan] böyle bir trojan buluyor.
3- Opera Web Tarayıcısı aracılığıyla internette dolaşırken Opera aniden donuyor ve yanıt vermiyor.
edit: Şimdi de Internet Explorer benzer bir hata vermeye başladı. Internet Explorer e girip adres çubuğuna kopyaladığım bir internet adresini yapıştırmaya çalışınca(adres çubuğuna sağ tıklayıp yapıştır diyince veya CTRL+V yapınca) Internet explorer hata verip kapanıyor.
Log, aşağıdadır.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44:48, on 01.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Yakınlaştırma Yardımcı Programı\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxext.exe
C:\Documents and Settings\All Users\Application Data\microsoft\ctfmon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Avira\Avira Premium Security Suite\update.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Documents and Settings\Ahmet Bakır\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang TR
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Yakınlaştırma Yardımcı Programı\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ctfmon] C:\Documents and Settings\All Users\Application Data\microsoft\ctfmon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
--
End of file - 8007 bytes
< Bu mesaj bu kişi tarafından değiştirildi Sirkadyen -- 1 Kasım 2008; 14:50:29 >
-
quote:
Orjinalden alıntı: manve_13
hijackthisi hallettikten sonra combofix logu da burda :)
Perlovga Removal Tool adlı programı masaüstünüze indirin.
http://www.guvenlikuzmanim.com/dosyalar/perlovga.exe
Programı çalıştırıp Start tıklayın. Daha sonra bilgisayarınızı zaman kaybetmeden yeniden başlatın.
Malwarebytes Antimalware adlı programı indirin.
http://www.guvenlikuzmanim.com/dosyalar/mbam-setup.exe
* Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
* Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
* Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
* Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
* Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
* Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
* Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
* Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
* Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.
NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.
-
quote:
Orjinalden alıntı: burakarca
Bana dediginiz seyleri yaptım sonra combofixi calıstırdım restartt attı ve bir metin belgesi cıktı bu belge:
Sanırım Gormemissin ustlerde kalmıs assagıya indirdim
Perlovga Removal Tool adlı programı masaüstünüze indirin.
http://www.guvenlikuzmanim.com/dosyalar/perlovga.exe
Programı çalıştırıp Start tıklayın. Daha sonra bilgisayarınızı zaman kaybetmeden yeniden başlatın.
The Avenger adlı programı masaüstünüze indirin.
http://www.guvenlikuzmanim.com/dosyalar/avenger.exe
1. Aşağıda yazılmış olan yazıların tamamını seçip CTRL+C basın ve kopyalayın.
Files to delete:
C:\Windows\zrzkpf.dll
C:\Windows\system32\zrzkpf.dll
C:\Windows\vvklti.dll
C:\Windows\system32\vvklti.dll
C:\WINDOWS\Installer\{9028041F-6000-11D3-8CFE-0050048383C9}\misc.exe
2. Program ikonunun üzerine çift tıklayarak programı çalıştırın.
* Load Script altında Paste from Clipboard seçin.
* Execute butonuna basın.
* Program soru sorarsa Evet tıklayın.
3. bilgisayarınız yeniden başlayacak. (2 kez yeniden başlayabilir) Daha sonra bir takım işlemler yapılacaktır.
4. Tarama işlemi bittikten sonra C:\avenger.txt olarak bir log dosyası yaratılacaktır. (Yedekleriniz C:\avenger\backup.zip dizininde olacaktır.)
5. C:\avenger.txt dosyasını mesajınıza ekleyerek bize gönderin
-
quote:
Orjinalden alıntı: WizzY_WizarD
1- Avira AntiVir Premium, otomatik olarak güncelleme yapmıyor.
2- Avira AntiVir Premium;
* C:\Documents and Settings\All Users\Application Data\Microsoft\update.exe
* C:\System Volume Information\_restore{C262D2C8-B360-48C1-983F-DACF369CA37B}\RP15\A0001858.exe.
Bu bölümlerde TR/Crypt.XPACK.Gen [trojan] böyle bir trojan buluyor.
3- Opera Web Tarayıcısı aracılığıyla internette dolaşırken Opera aniden donuyor ve yanıt vermiyor.
edit: Şimdi de Internet Explorer benzer bir hata vermeye başladı. Internet Explorer e girip adres çubuğuna kopyaladığım bir internet adresini yapıştırmaya çalışınca(adres çubuğuna sağ tıklayıp yapıştır diyince veya CTRL+V yapınca) Internet explorer hata verip kapanıyor.
Log, aşağıdadır.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ctfmon] C:\Documents and Settings\All Users\Application Data\microsoft\ctfmon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Malwarebytes Antimalware adlı programı indirin.
http://www.guvenlikuzmanim.com/dosyalar/mbam-setup.exe
* Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
* Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
* Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
* Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
* Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
* Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
* Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
* Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
* Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.
NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:22, on 01.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\pc\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P1.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [LimeWire Acceleration Patch] "C:\Program Files\LimeWire Acceleration Patch\LimeWire Acceleration Patch.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: LimeWire Acceleration Patch.lnk = C:\Program Files\LimeWire Acceleration Patch\LimeWire Acceleration Patch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) -http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 6371 bytes
bilgisayar yawas calısıo bişi warmı meraq ediorm..
-
Avenger Dosyasının .txt dosyası bu bole gidicek mi
birde size birsey sormak istiorum 1 ay once internet baglattım baglatmadan once bilgisayarımda hosgeldiniz dediginden 4 sn sonra hmn acılır ve islem yapabilirdi simdi internetten sonra virus ve spyware programım bir suru virus buldu ve temizledi adı da vardus tu masaustundeki simgeleri ve baslat menusunu surekli yokediodu neyse o sorundan kurtuldum ama ben bilgisayarımı yine eski hızına getirmek istiorum cclenar superantispyware avira vsvs bi suru prgram kullanıorum
bilgisayarım ortalama 3-4 dk da acılıor eskiden 1dk da acılırdı xpsppeder fayda etmedi ne yapmalıyım ? -
BU AVANGER .TXT DEN CIKAN SEYLER..
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "C:\Windows\zrzkpf.dll" not found!
Deletion of file "C:\Windows\zrzkpf.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Windows\system32\zrzkpf.dll" not found!
Deletion of file "C:\Windows\system32\zrzkpf.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Windows\vvklti.dll" not found!
Deletion of file "C:\Windows\vvklti.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Windows\system32\vvklti.dll" not found!
Deletion of file "C:\Windows\system32\vvklti.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\WINDOWS\Installer\{9028041F-6000-11D3-8CFE-0050048383C9}\misc.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
< Bu mesaj bu kişi tarafından değiştirildi burakarca -- 1 Kasım 2008; 22:09:17 >
-
işte malware logu
Malwarebytes' Anti-Malware 1.30
Database version: 1352
Windows 5.1.2600 Service Pack 2
01.11.2008 23:08:39
mbam-log-2008-11-01 (23-08-39).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 116037
Time elapsed: 43 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{3A4B1D99-6002-4539-8349-102BC67E7566}\RP13\A0001080.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
-
quote:
Orjinalden alıntı: VasDeferans
bilgisayar yawas calısıo bişi warmı meraq ediorm..
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: P2P ****olbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: P2P ****olbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: P2P ****olbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P1.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [LimeWire Acceleration Patch] "C:\Program Files\LimeWire Acceleration Patch\LimeWire Acceleration Patch.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: LimeWire Acceleration Patch.lnk = C:\Program Files\LimeWire Acceleration Patch\LimeWire Acceleration Patch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
-
quote:
Orjinalden alıntı: burakarca
Avenger Dosyasının .txt dosyası bu bole gidicek mi
birde size birsey sormak istiorum 1 ay once internet baglattım baglatmadan once bilgisayarımda hosgeldiniz dediginden 4 sn sonra hmn acılır ve islem yapabilirdi simdi internetten sonra virus ve spyware programım bir suru virus buldu ve temizledi adı da vardus tu masaustundeki simgeleri ve baslat menusunu surekli yokediodu neyse o sorundan kurtuldum ama ben bilgisayarımı yine eski hızına getirmek istiorum cclenar superantispyware avira vsvs bi suru prgram kullanıorum
bilgisayarım ortalama 3-4 dk da acılıor eskiden 1dk da acılırdı xpsppeder fayda etmedi ne yapmalıyım ?
once su virus sorunlarini cozelim de sonra onlara bakariz. Simdi bir HJ logu daha gonderir misin?
quote:
Orjinalden alıntı: manve_13
işte malware logu
Son bi HJT logu daha alayim sorunlar cozulmus gibi gozukuyor:
-
hmm bi bakalım burda :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:48:02, on 02.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\AirTies\Adsl Hizmet Programı\AdslUtility.exe
C:\Documents and Settings\Gold\Desktop\Win-Traveller\!Freeware\Management\Photos\Webshots!\Webshots.scr
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Gold\Desktop\oodcnt.exe
C:\Documents and Settings\Gold\Desktop\AppData\40000010900002i\oodag.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gold\Belgelerim\Downloads\Programs\HiJackThis_2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Startup Manager] "C:\Program Files\Advanced System Optimizer\startUp manager.exe"
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -http://messenger.zone.msn.com/TR-TR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224685557892
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: zrzkpf.dll vvklti.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 6679 bytes
-
quote:
Orjinalden alıntı: burakarca
hmm bi bakalım burda :
guvenli modda fixle asagidakini:
O20 - AppInit_DLLs: zrzkpf.dll vvklti.dll -
işte
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:06:28, on 02.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 3724 bytes
Ip işlemleri
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
