Yeni Kayıt
Konudaki Resimler
önceki
|
Hızlı 
Bildirim
HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (439. sayfa)
Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Daha Fazla 
Bu Konudaki Kullanıcılar:
Daha Az 
3 Misafir - 3 Masaüstü
Giriş
Mesaj
-
-
quote:
Orijinalden alıntı: prest
benim proplemim explorer da ve opera ile gezinirken bir süre sonra kullandığım sitelere giremiyorum ve başka sitelere yönlendiriliyorum
pcyi resetledikten sonra problem kalkıyor ve sorun bir müddet sonra yine tekrarlamaya başlıyor
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll (file missing)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\system32\msdxm.ocx
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
ComboFix adlı programı masaüstünüze indirin.
http://www.buraksonmez.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
-
quote:
Orijinalden alıntı: ozzyouz
FAcebookta biri benim adıma duvarıma :
made $190 today working online! u guys have to check out YourBizStart.com to get started too! lnh
yazmışş araştırdıgım kadarıyla virüsmüş nasıl silebilrim ?
HijackThis.
quote:
Orijinalden alıntı: BabyIcey
Merhabalar Serji Bey, Nasılsınız ?
Mümkünse Kontrol edebilirmisiniz..
Teşekkürler.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
ComboFix adlı programı masaüstünüze indirin.
http://www.buraksonmez.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
-
quote:
Orijinalden alıntı: f_v
İyi akşamlar Serji benm sorunumda win32.sillyfdc
buna da bakabilirmisiniz acaba?
teşekkr ederim..
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
ComboFix adlı programı masaüstünüze indirin.
http://www.buraksonmez.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
-
combofixi kuramıyorum nircmdb.exe microsofft tarafında bulunamıor diyor -
Orijinalden alıntı: serji
Orijinalden alıntı: ozzyouz
FAcebookta biri benim adıma duvarıma :
made $190 today working online! u guys have to check out YourBizStart.com to get started too! lnh
yazmışş araştırdıgım kadarıyla virüsmüş nasıl silebilrim ?
HijackThis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:28:19, on 15.10.2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Local Service')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Local Service')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B62CEEDC-D05A-44EF-BEEF-875F75AA34C3}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SSL VPN-Plus Service - NeoAccel, Inc. - C:\Windows\System32\NeoSrv.exe
--
End of file - 8052 bytes
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:30, on 16.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
E:\NRPG RatioMaster.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\YENİ İNDİRİLENLER\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S60.tmp" /EF "HKLM"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Banner Ad Blocker’a ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Web trafiği koruması istatistikleri - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) -https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) -http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) -http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} (JaguarEditControl-ISBANK) -https://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv27.CAB
O20 - AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 7381 bytes
arkadaşaım dosyalar arsında gezinirken explorer.exe hatası alıorum yardım edrsen sevinirm şimdiden teşkler
-
Serji Bey BitDefender Antivirus programını daha önce ki zamanlarda kaldırmama rağmen ve şu anda da antivirus programı olmamasına rağmen BitDefender programı ile çakıştı sanırım..
ComboFix Sonuçları :
ComboFix 09-10-15.04 - Gorkemay 16.10.2009 18:30:45.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.2046.1575 [GMT 3:00]
Running from: C:\Documents and Settings\Gorkemay\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Installer\1c18034.msp
C:\WINDOWS\Installer\2306a4.msp
C:\WINDOWS\Installer\300c62.msp
C:\WINDOWS\system32\logs
C:\WINDOWS\system32\scrrntr.dll
.
((((((((((((((((((((((((( Files Created from 2009-09-16 to 2009-10-16 )))))))))))))))))))))))))))))))
.
2009-10-15 16:28:35 . 2009-10-15 16:28:35 0 d-----w- C:\Program Files\MSECache
2009-10-15 16:26:54 . 2009-10-15 16:27:36 0 d-----w- C:\WINDOWS\SHELLNEW
2009-10-15 16:26:50 . 2009-10-15 16:26:50 0 d-----w- C:\Program Files\Microsoft.NET
2009-10-15 16:25:37 . 2009-10-15 16:25:37 0 d-----r- C:\MSOCache
2009-10-13 19:22:48 . 2009-10-13 19:22:48 0 d-----w- C:\Documents and Settings\Gorkemay\Local Settings\Application Data\O&O
2009-10-12 15:59:12 . 2009-10-13 16:14:29 0 d-----w- C:\Program Files\Ontrack
2009-10-10 18:38:31 . 2009-10-10 18:38:31 0 d-----w- C:\Program Files\Uniblue
2009-10-08 17:30:13 . 2009-10-08 17:30:43 0 d---a-w- C:\Program Files\JDownloader 0.8
2009-10-07 20:10:06 . 2009-10-07 20:40:15 0 d-----w- C:\Program Files\Rainmeter
2009-10-07 19:55:50 . 2009-10-07 19:55:50 0 d-----w- C:\Documents and Settings\Gorkemay\Local Settings\Application Data\Stardock
2009-10-07 19:54:15 . 2009-10-07 19:54:15 0 d-----w- C:\Program Files\Common Files\Stardock
2009-10-06 21:12:34 . 2005-01-22 16:05:48 20480 ----a-w- C:\WINDOWS\system32\wbload.dll
2009-10-06 21:12:33 . 2009-10-07 19:54:14 0 d-----w- C:\Program Files\Stardock
2009-10-06 21:07:08 . 2009-10-06 21:07:08 0 d-----w- C:\Program Files\P2PFilter
2009-10-06 20:57:34 . 2009-10-06 20:57:34 0 d-----w- C:\Documents and Settings\Gorkemay\Local Settings\Application Data\Readon_Technology
2009-10-06 20:54:03 . 2009-10-06 20:54:03 0 d-----w- C:\Documents and Settings\Gorkemay\Local Settings\Application Data\TVU Networks
2009-10-06 20:54:03 . 2009-10-06 20:54:03 0 d-----w- C:\Documents and Settings\All Users\Application Data\TVU Networks
2009-10-06 20:52:34 . 2009-10-06 20:52:34 0 d-----w- C:\Documents and Settings\Gorkemay\LocalLow
2009-10-03 11:22:05 . 2009-10-03 11:22:05 0 d-----w- C:\Documents and Settings\Gorkemay\Application Data\Office Genuine Advantage
2009-10-03 11:00:37 . 2009-10-03 11:01:11 0 d-----w- C:\Documents and Settings\Gorkemay\Local Settings\Application Data\RcIncidents
2009-10-03 10:50:10 . 2009-10-03 10:50:10 0 d-----w- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-10-02 20:13:45 . 2009-10-02 20:13:45 0 d-----w- C:\Program Files\Microsoft Silverlight
2009-10-02 20:12:42 . 2009-10-02 20:12:42 0 d-----w- C:\Program Files\Microsoft
2009-10-01 19:18:32 . 2009-10-01 19:18:46 0 dc-h--w- C:\WINDOWS\ie8
2009-09-29 21:22:12 . 2001-08-17 17:57:38 16128 -c--a-w- C:\WINDOWS\system32\dllcache\modemcsa.sys
2009-09-29 21:22:12 . 2001-08-17 17:57:38 16128 ----a-w- C:\WINDOWS\system32\drivers\MODEMCSA.sys
2009-09-29 21:19:32 . 2009-09-29 21:19:32 364544 ----a-w- C:\WINDOWS\system32\sm56co81.dll
2009-09-29 21:17:55 . 2009-09-29 21:17:55 9728 ----a-w- C:\WINDOWS\system32\RtNicProp32.dll
2009-09-29 19:45:11 . 2009-10-10 18:34:59 0 d-----w- C:\Program Files\Driver Checker
2009-09-29 19:32:27 . 2009-09-29 19:32:27 0 d-----w- C:\Documents and Settings\Gorkemay\Local Settings\Application Data\Thinstall
2009-09-29 19:32:27 . 2009-09-29 19:32:27 0 d-----w- C:\Documents and Settings\Gorkemay\Application Data\Thinstall
2009-09-26 23:15:12 . 2009-09-27 16:57:38 0 d-----w- C:\Documents and Settings\Gorkemay\Application Data\Ventrilo
2009-09-26 23:15:04 . 2009-09-26 23:15:05 0 d-----w- C:\Program Files\Ventrilo
2009-09-26 23:14:42 . 2009-09-26 23:14:42 0 d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-09-26 22:54:27 . 2009-09-26 22:54:27 0 d-----w- C:\Program Files\Softnyx
2009-09-26 13:34:23 . 2009-10-10 20:29:27 0 d-----w- C:\Program Files\Opera
2009-09-26 13:13:06 . 2009-09-26 13:13:59 0 d-----w- C:\Documents and Settings\Gorkemay\Local Settings\Application Data\WMTools Downloaded Files
2009-09-26 12:26:49 . 2009-08-03 10:36:28 38160 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-09-26 12:26:47 . 2009-09-26 12:26:52 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-26 12:26:47 . 2009-08-03 10:36:06 19096 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-09-24 15:33:19 . 2009-09-29 21:06:29 0 d-----w- C:\Documents and Settings\Gorkemay\Local Settings\Application Data\ApplicationHistory
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-16 15:35:30 . 2008-06-22 19:51:01 0 d-----w- C:\Documents and Settings\Gorkemay\Application Data\DMCache
2009-10-16 15:23:39 . 2008-06-22 20:58:45 0 d-----w- C:\Program Files\FlashGet
2009-10-16 15:23:29 . 2008-06-22 19:51:01 0 d-----w- C:\Documents and Settings\Gorkemay\Application Data\IDM
2009-10-16 15:19:39 . 2009-07-19 16:23:54 0 d-----w- C:\Program Files\Common Files\Softwin
2009-10-15 17:04:56 . 2008-06-21 17:07:36 48200 ----a-w- C:\Documents and Settings\Gorkemay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 16:14:10 . 2008-06-21 17:36:17 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-10-10 18:43:37 . 2009-07-04 18:03:40 0 d-----w- C:\Documents and Settings\Gorkemay\Application Data\Uniblue
2009-10-10 18:43:37 . 2009-07-04 18:03:40 0 d-----w- C:\Documents and Settings\All Users\Application Data\DriverScanner
2009-10-09 20:47:16 . 2008-04-15 09:30:00 82184 ----a-w- C:\WINDOWS\system32\perfc01F.dat
2009-10-09 20:47:16 . 2008-04-15 09:30:00 430412 ----a-w- C:\WINDOWS\system32\perfh01F.dat
2009-10-04 17:23:15 . 2009-07-05 16:12:25 0 d-----w- C:\Program Files\Messenger Plus! Live
2009-09-29 21:19:32 . 2008-06-21 17:49:27 1090304 ----a-w- C:\WINDOWS\system32\drivers\smserial.sys
2009-09-29 21:18:39 . 2006-05-12 10:13:46 156816 ----a-w- C:\WINDOWS\system32\drivers\btwdndis.sys
2009-09-29 21:18:36 . 2008-06-22 21:12:29 4202496 ----a-w- C:\WINDOWS\system32\drivers\NETw5x32.sys
2009-09-29 21:17:55 . 2008-06-21 17:36:18 117888 ----a-w- C:\WINDOWS\system32\drivers\Rtenicxp.sys
2009-09-29 21:17:51 . 2006-05-12 10:21:22 534568 ----a-w- C:\WINDOWS\system32\drivers\btaudio.sys
2009-09-29 21:17:49 . 2008-06-21 17:44:27 77824 ----a-w- C:\WINDOWS\SOUNDMAN.EXE
2009-09-29 21:17:49 . 2008-06-21 17:44:06 1206816 ----a-w- C:\WINDOWS\RtlUpd.exe
2009-09-29 21:17:48 . 2008-06-21 17:44:27 9715200 ----a-w- C:\WINDOWS\RTLCPL.EXE
2009-09-29 21:17:48 . 2008-06-21 17:44:05 5029376 ----a-w- C:\WINDOWS\system32\drivers\RtkHDAud.sys
2009-09-29 21:17:47 . 2008-06-21 17:44:04 17508864 ----a-w- C:\WINDOWS\RTHDCPL.EXE
2009-09-29 21:17:46 . 2009-07-11 23:01:14 57344 ----a-w- C:\WINDOWS\ALCMTR.EXE
2009-09-29 21:17:46 . 2008-06-21 17:44:28 2808832 ----a-w- C:\WINDOWS\ALCWZRD.EXE
2009-09-29 21:17:46 . 2008-06-21 17:44:04 2168320 ----a-w- C:\WINDOWS\MicCal.exe
2009-09-29 21:14:17 . 2006-05-12 10:17:18 37160 ----a-w- C:\WINDOWS\system32\drivers\btport.sys
2009-09-29 19:47:27 . 2008-06-22 19:59:09 0 d-----w- C:\Documents and Settings\All Users\Application Data\ESET
2009-09-18 21:40:41 . 2009-07-04 18:13:41 0 d-----w- C:\Program Files\AGEIA Technologies
2009-09-15 20:34:16 . 2009-09-15 20:34:16 131 ----a-w- C:\Documents and Settings\Gorkemay\Local Settings\Application Data\fusioncache.dat
2009-09-15 16:23:14 . 2008-06-22 20:59:49 5 -c--a-w- C:\WINDOWS\system32\SySMP3CutJoin.dat
2009-09-12 22:34:55 . 2009-09-12 22:34:55 0 d-----w- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-09-12 22:29:42 . 2009-09-12 22:15:58 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-12 21:10:03 . 2009-09-12 21:10:03 0 d-----w- C:\Program Files\ImTOO
2009-08-25 20:19:04 . 2009-08-25 20:19:04 117008 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-20 17:36:01 . 2009-08-20 17:35:52 0 d-----w- C:\Program Files\VDOWNLOADER
2009-08-05 09:00:10 . 2008-04-15 09:30:00 204800 ----a-w- C:\WINDOWS\system32\mswebdvd.dll
2009-08-03 12:07:42 . 2009-08-03 12:07:42 403816 ----a-w- C:\WINDOWS\system32\OGACheckControl.dll
2009-08-03 12:07:42 . 2009-08-03 12:07:42 322928 ----a-w- C:\WINDOWS\system32\OGAAddin.dll
2009-08-03 12:07:42 . 2009-08-03 12:07:42 230768 ----a-w- C:\WINDOWS\system32\OGAEXEC.exe
2009-07-26 13:44:56 . 2009-07-26 13:44:56 48448 ----a-w- C:\WINDOWS\system32\sirenacm.dll
2009-07-25 02:23:00 . 2008-06-22 19:31:18 411368 -c--a-w- C:\WINDOWS\system32\deploytk.dll
2009-07-21 16:46:06 . 2009-07-19 16:43:41 81984 ----a-w- C:\WINDOWS\system32\bdod.bin
2009-07-20 06:34:54 . 2009-07-20 06:34:54 70936 ----a-w- C:\WINDOWS\system32\PhysXLoader.dll
-
quote:
Orijinalden alıntı: dezz
arkadaşaım dosyalar arsında gezinirken explorer.exe hatası alıorum yardım edrsen sevinirm şimdiden teşkler
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
ComboFix adlı programı masaüstünüze indirin.
http://www.buraksonmez.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
-
quote:
Orijinalden alıntı: BabyIcey
Serji Bey BitDefender Antivirus programını daha önce ki zamanlarda kaldırmama rağmen ve şu anda da antivirus programı olmamasına rağmen BitDefender programı ile çakıştı sanırım..
ComboFix Sonuçları :
Evet Log yarım çıkmış gibi gözüküyor. Peki nasıl bir hata verdi ya da hata verdi mi daha doğrusu? -
ComboFix Dosyasına tıkladıktan Sonra Verdiği İlk uyarılar bunlar..
Edit : Resim Düzeltme.
< Bu mesaj bu kişi tarafından değiştirildi GGGA -- 16 Ekim 2009; 21:58:10 >
-
sistemim biraz eski ama son günlerde açılışı iyice yavaşladı ilgilenirseniz sevinirim
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:41, on 16.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKLM\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ?
O8 - Extra context menu item: &FlashGet ile indir - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Tümünü FlashGet ile indir - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobil Sık Kullanılanı Oluştur... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\DrmRemoval\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\DrmRemoval\YouTubeRipper.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237894515531
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD496969-9A2F-40C6-AA46-D95F7BE2A71D}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: crypt - C:\WINDOWS\
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\@\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SMServer - SMServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9843 bytes
-
Orijinalden alıntı: ozzyouz
Orijinalden alıntı: serji
Orijinalden alıntı: ozzyouz
FAcebookta biri benim adıma duvarıma :
made $190 today working online! u guys have to check out YourBizStart.com to get started too! lnh
yazmışş araştırdıgım kadarıyla virüsmüş nasıl silebilrim ?
HijackThis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:28:19, on 15.10.2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Local Service')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Local Service')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B62CEEDC-D05A-44EF-BEEF-875F75AA34C3}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SSL VPN-Plus Service - NeoAccel, Inc. - C:\Windows\System32\NeoSrv.exe
--
End of file - 8052 bytes
serji bey bana yardımcı olur musunuz ?
-
quote:
Orijinalden alıntı: BabyIcey
ComboFix Dosyasına tıkladıktan Sonra Verdiği İlk uyarılar bunlar..
Edit : Resim Düzeltme.
http://www.bitdefender.com/files/KnowledgeBase/file/BitDefender_Uninstall_Tool.exe
bu program ile kaldirmayi deneyin bakalim.
-
quote:
Orijinalden alıntı: baba_muhtar
sistemim biraz eski ama son günlerde açılışı iyice yavaşladı ilgilenirseniz sevinirim
* HijackThis adlı programı açın.
* Do a system scan only seçeneğine tıklayın.
* Aşağıdaki satırları işaretleyin.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKLM\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O20 - Winlogon Notify: crypt - C:\WINDOWS\
* CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. (Yalnızca kullanıcı adınızın karşısındaki işlemleri sonlandırın. Local Service, network, system olanlara dokunmayın). HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.
ComboFix adlı programı masaüstünüze indirin.
http://www.buraksonmez.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
quote:
Orijinalden alıntı: ozzyouz
serji bey bana yardımcı olur musunuz ?
ComboFix adlı programı masaüstünüze indirin.
http://www.buraksonmez.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
-
quote:
Orijinalden alıntı: serji
quote:
Orijinalden alıntı: dezz
arkadaşaım dosyalar arsında gezinirken explorer.exe hatası alıorum yardım edrsen sevinirm şimdiden teşkler
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
ComboFix adlı programı masaüstünüze indirin.
http://www.buraksonmez.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
ComboFix 09-10-11.03 - coşkun 17.10.2009 12:41.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.3327.2866 [GMT 3:00]
Running from: e:\yenİ İndİrİlenler\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\scrrntr.dll
.
((((((((((((((((((((((((( Files Created from 2009-09-17 to 2009-10-17 )))))))))))))))))))))))))))))))
.
2009-10-17 09:28 . 2009-10-17 09:28 -------- d-----w- c:\program files\Ashampoo
2009-10-09 13:14 . 2009-10-09 13:14 -------- d-----w- c:\documents and settings\coskun\Saved Games
2009-10-07 20:30 . 2009-10-07 20:30 -------- d-----w- c:\documents and settings\COSKUN\Application Data\EPSON
2009-10-06 08:16 . 2009-10-06 08:16 -------- d-----w- c:\program files\Xvid
2009-10-06 08:16 . 2009-10-06 08:16 -------- d-----w- c:\program files\FDRLab
2009-09-25 22:20 . 2009-09-25 22:20 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-17 09:44 . 2009-08-08 15:52 -------- d-----w- c:\documents and settings\COSKUN\Application Data\DMCache
2009-10-17 09:43 . 2009-06-24 11:01 4548 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-17 09:43 . 2009-06-24 11:01 401440 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-17 09:43 . 2009-06-24 11:01 1885216 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-17 09:43 . 2009-06-24 11:01 17904 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-17 09:27 . 2009-06-24 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-16 19:03 . 2009-09-13 10:02 195192 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-16 19:02 . 2009-08-04 18:26 -------- d-----w- c:\documents and settings\COSKUN\Application Data\uTorrent
2009-10-16 12:41 . 2001-11-22 12:00 76790 ----a-w- c:\windows\system32\perfc01F.dat
2009-10-16 12:41 . 2001-11-22 12:00 419902 ----a-w- c:\windows\system32\perfh01F.dat
2009-10-14 14:41 . 2009-06-24 11:02 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-14 14:41 . 2009-06-24 11:02 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-08 16:06 . 2009-06-24 10:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-08 15:40 . 2009-07-12 08:00 -------- d-----w- c:\program files\EPSON
2009-10-07 20:20 . 2009-07-12 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL
2009-10-04 15:43 . 2009-06-24 13:42 -------- d-----w- c:\documents and settings\COSKUN\Application Data\Xfire
2009-09-24 14:49 . 2009-06-24 10:56 -------- d-----w- c:\documents and settings\COSKUN\Application Data\BSplayer Pro
2009-09-17 09:35 . 2009-06-24 16:39 13104 ----a-w- c:\documents and settings\COSKUN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-16 10:00 . 2009-06-24 16:51 -------- d-----w- c:\program files\Ahead
2009-09-16 10:00 . 2009-08-28 15:28 -------- d-----w- c:\program files\Common Files\Ahead
2009-09-15 13:53 . 2009-09-15 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2009-09-11 14:18 . 2004-08-03 22:45 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 12:50 . 2009-06-25 11:49 137928 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-11 12:50 . 2009-06-25 11:49 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-07 17:23 . 2009-09-07 17:23 -------- d-----w- c:\program files\Google
2009-09-04 21:04 . 2004-08-03 22:45 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 10:31 . 2009-08-31 10:31 -------- d-----w- c:\documents and settings\COSKUN\Application Data\Leadertech
2009-08-30 11:15 . 2009-08-30 11:01 -------- d-----w- c:\documents and settings\COSKUN\Application Data\eMule
2009-08-29 07:56 . 2004-08-03 22:45 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 15:28 . 2009-08-28 15:28 -------- d-----w- c:\program files\Nero
2009-08-27 13:14 . 2009-08-27 13:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-27 13:14 . 2009-08-27 13:14 -------- d-----w- c:\program files\Java
2009-08-26 08:01 . 2004-08-03 22:45 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 09:54 . 2009-08-22 18:10 10 ----a-w- c:\windows\popcinfo.dat
2009-08-21 14:49 . 2009-08-08 15:52 -------- d-----w- c:\documents and settings\COSKUN\Application Data\IDM
2009-08-20 18:07 . 2009-08-20 17:52 -------- d-----w- c:\program files\SopCast
2009-08-16 11:11 . 2009-06-25 11:49 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-09 18:43 . 2009-08-09 18:43 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-08-09 18:43 . 2009-08-09 18:43 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-08-08 18:39 . 2009-08-08 18:39 0 ----a-w- c:\windows\nsreg.dat
2009-08-05 09:00 . 2004-08-03 22:45 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:27 . 2004-08-03 22:40 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:27 . 2004-08-04 00:40 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-22 09:28 . 2009-07-17 12:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-10-11 802816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-10-07 33538048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-03 13684736]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Ashampoo Core Tuner"="c:\program files\Ashampoo\Ashampoo Core Tuner\ct.exe" [2009-01-23 3302232]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-03 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\µtorrent\\µtorrent 1.7.7 Leecher Pack\\utorrent 1.7.7_mult100_leecher.exe"=
"c:\\Program Files\\µtorrent\\µtorrent 1.7.7 Leecher Pack\\utorrent 1.7.7_mult100_seeder.exe"=
"c:\\Program Files\\µtorrent\\µtorrent 1.7.7 Leecher Pack\\utorrent 1.7.7_fake2x_leecher.exe"=
"c:\\Program Files\\µtorrent\\µtorrent 1.7.7 Leecher Pack\\utorrent 1.7.7_noreport.exe"=
"c:\\Program Files\\µtorrent\\µtorrent 1.7.7 Leecher Pack\\utorrent 1.7.7_mult10_leecher.exe"=
"c:\\Program Files\\µtorrent\\µtorrent 1.7.7 Leecher Pack\\utorrent 1.7.7_fake2x_seeder.exe"=
"c:\\Program Files\\µtorrent\\µtorrent 1.7.7 Leecher Pack\\utorrent 1.7.7_original.exe"=
"d:\\oyunlar\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"d:\\oyunlar\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"d:\\oyunlar\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.01.2008 17:29 33808]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [24.06.2009 19:46 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [24.06.2009 19:46 971552]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13.03.2008 18:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30.04.2008 17:06 24592]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [24.06.2009 13:37 39456]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [24.06.2009 13:32 876288]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.tr/
uInternet Settings,ProxyOverride = local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} - hxxps://sube.garanti.com.tr/lib/JaguarEditControl.CAB
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} - hxxps://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv27.CAB
FF - ProfilePath - c:\documents and settings\coskun\Application Data\Mozilla\Firefox\Profiles\x55dy8jo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tr/
FF - component: c:\documents and settings\COSKUN\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
AddRemove-µtorrent 1.7.7 - c:\program files\µtorrent\µtorrent 1.7.7
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-10-17 12:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7a2de447-e094-471e-9629-7eb27cf5f8dc}]
@Denied: (Full) (Everyone)
"Model"=dword:0000011b
"Therad"=dword:00000009
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,0b,b0,0e,82,56,d9,d8,39,f6,78,b8,05,22,0b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):74,16,19,16,4d,25,9e,f7,cf,e7,d7,7d,79,af,1c,3e,2b,c5,f6,24,0f,
16,e0,43,b5,6d,76,10,af,92,ac,42,d5,21,60,9e,c3,c5,1d,ab,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1212)
c:\windows\system32\nvLsp.dll
- - - - - - - > 'explorer.exe'(3528)
c:\windows\system32\WININET.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2009-10-17 12:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-17 09:48
Pre-Run: 10.055.610.368 bayt boş
Post-Run: 9.994.899.456 bayt boş
188 --- E O F --- 2009-10-16 12:41
işte böle bir sonuç çıktı ee sorun neymiş?
-
Buyur hocam ;)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:47, on 17.10.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Users\No62NoExit\Desktop\HiJackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://hcbo.roleplaylife.net/forum.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: 208.65.153.251 uk.youtube.com
O1 - Hosts: 208.65.153.253 de.youtube.com
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70 www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com
O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com
O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com
O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com
O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com
O1 - Hosts: 64.15.125.33 sjc-v94.sjc.youtube.com
O1 - Hosts: 64.15.125.34 sjc-v95.sjc.youtube.com
O1 - Hosts: 64.15.125.35 sjc-v96.sjc.youtube.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [iKeyWorks] C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Banner Ad Blocker’a ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Web trafiği koruması istatistikleri - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8235DD53-017B-47FA-8D0F-405B639648F6}: NameServer = 208.67.222.222,208.67.222.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 10516 bytes
-
Verdiğiniz program sayesinde başaralı bir şekilde kaldırdım.
Ve Yeni ComboFix Sonuçları :
ComboFix 09-10-16.09 - Gorkemay 17.10.2009 13:33.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.2046.1627 [GMT 3:00]
Running from: c:\documents and settings\Gorkemay\Desktop\ComboFix\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\Installer\1c18034.msp
c:\windows\Installer\2306a4.msp
c:\windows\Installer\300c62.msp
c:\windows\system32\scrrntr.dll
.
((((((((((((((((((((((((( Files Created from 2009-09-17 to 2009-10-17 )))))))))))))))))))))))))))))))
.
2009-10-17 10:25 . 2009-10-17 10:28 95539 ----a-w- C:\BdUninstallTool2009.10.17-01.25.44.reg
2009-10-17 10:23 . 2009-10-17 10:25 2884 ----a-w- C:\BdUninstallTool2009.10.17-01.23.54.reg
2009-10-15 16:28 . 2009-10-15 16:28 -------- d-----w- c:\program files\MSECache
2009-10-15 16:26 . 2009-10-15 16:27 -------- d-----w- c:\windows\SHELLNEW
2009-10-15 16:26 . 2009-10-15 16:26 -------- d-----w- c:\program files\Microsoft.NET
2009-10-15 16:25 . 2009-10-15 16:25 -------- d-----r- C:\MSOCache
2009-10-13 19:22 . 2009-10-13 19:22 -------- d-----w- c:\documents and settings\Gorkemay\Local Settings\Application Data\O&O
2009-10-12 15:59 . 2009-10-13 16:14 -------- d-----w- c:\program files\Ontrack
2009-10-10 18:38 . 2009-10-10 18:38 -------- d-----w- c:\program files\Uniblue
2009-10-08 17:30 . 2009-10-16 15:53 -------- d---a-w- c:\program files\JDownloader 0.8
2009-10-07 20:10 . 2009-10-07 20:40 -------- d-----w- c:\program files\Rainmeter
2009-10-07 19:55 . 2009-10-07 19:55 -------- d-----w- c:\documents and settings\Gorkemay\Local Settings\Application Data\Stardock
2009-10-07 19:54 . 2009-10-07 19:54 -------- d-----w- c:\program files\Common Files\Stardock
2009-10-06 21:12 . 2005-01-22 16:05 20480 ----a-w- c:\windows\system32\wbload.dll
2009-10-06 21:12 . 2009-10-07 19:54 -------- d-----w- c:\program files\Stardock
2009-10-06 21:07 . 2009-10-06 21:07 -------- d-----w- c:\program files\P2PFilter
2009-10-06 20:57 . 2009-10-06 20:57 -------- d-----w- c:\documents and settings\Gorkemay\Local Settings\Application Data\Readon_Technology
2009-10-06 20:54 . 2009-10-06 20:54 -------- d-----w- c:\documents and settings\Gorkemay\Local Settings\Application Data\TVU Networks
2009-10-06 20:54 . 2009-10-06 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-10-06 20:52 . 2009-10-06 20:52 -------- d-----w- c:\documents and settings\Gorkemay\LocalLow
2009-10-03 11:22 . 2009-10-03 11:22 -------- d-----w- c:\documents and settings\Gorkemay\Application Data\Office Genuine Advantage
2009-10-03 11:00 . 2009-10-03 11:01 -------- d-----w- c:\documents and settings\Gorkemay\Local Settings\Application Data\RcIncidents
2009-10-03 10:50 . 2009-10-03 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-10-02 20:13 . 2009-10-02 20:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-02 20:12 . 2009-10-02 20:12 -------- d-----w- c:\program files\Microsoft
2009-10-01 19:18 . 2009-10-01 19:18 -------- dc-h--w- c:\windows\ie8
2009-09-29 21:22 . 2001-08-17 17:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-09-29 21:22 . 2001-08-17 17:57 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2009-09-29 21:19 . 2009-09-29 21:19 364544 ----a-w- c:\windows\system32\sm56co81.dll
2009-09-29 21:17 . 2009-09-29 21:17 9728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-09-29 19:45 . 2009-10-10 18:34 -------- d-----w- c:\program files\Driver Checker
2009-09-29 19:32 . 2009-09-29 19:32 -------- d-----w- c:\documents and settings\Gorkemay\Local Settings\Application Data\Thinstall
2009-09-29 19:32 . 2009-09-29 19:32 -------- d-----w- c:\documents and settings\Gorkemay\Application Data\Thinstall
2009-09-26 23:15 . 2009-09-27 16:57 -------- d-----w- c:\documents and settings\Gorkemay\Application Data\Ventrilo
2009-09-26 23:15 . 2009-09-26 23:15 -------- d-----w- c:\program files\Ventrilo
2009-09-26 23:14 . 2009-09-26 23:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-26 22:54 . 2009-09-26 22:54 -------- d-----w- c:\program files\Softnyx
2009-09-26 13:34 . 2009-10-10 20:29 -------- d-----w- c:\program files\Opera
2009-09-26 13:13 . 2009-09-26 13:13 -------- d-----w- c:\documents and settings\Gorkemay\Local Settings\Application Data\WMTools Downloaded Files
2009-09-26 12:26 . 2009-08-03 10:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-26 12:26 . 2009-09-26 12:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-26 12:26 . 2009-08-03 10:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-24 15:33 . 2009-09-29 21:06 -------- d-----w- c:\documents and settings\Gorkemay\Local Settings\Application Data\ApplicationHistory
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-17 10:30 . 2008-06-22 19:51 -------- d-----w- c:\documents and settings\Gorkemay\Application Data\DMCache
2009-10-17 10:30 . 2008-06-22 19:51 -------- d-----w- c:\documents and settings\Gorkemay\Application Data\IDM
2009-10-17 10:18 . 2008-06-22 20:58 -------- d-----w- c:\program files\FlashGet
2009-10-15 17:04 . 2008-06-21 17:07 48200 ----a-w- c:\documents and settings\Gorkemay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 16:14 . 2008-06-21 17:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-10 18:43 . 2009-07-04 18:03 -------- d-----w- c:\documents and settings\Gorkemay\Application Data\Uniblue
2009-10-10 18:43 . 2009-07-04 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-10-09 20:47 . 2008-04-15 09:30 82184 ----a-w- c:\windows\system32\perfc01F.dat
2009-10-09 20:47 . 2008-04-15 09:30 430412 ----a-w- c:\windows\system32\perfh01F.dat
2009-10-04 17:23 . 2009-07-05 16:12 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-29 21:19 . 2008-06-21 17:49 1090304 ----a-w- c:\windows\system32\drivers\smserial.sys
2009-09-29 21:18 . 2006-05-12 10:13 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2009-09-29 21:18 . 2008-06-22 21:12 4202496 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2009-09-29 21:17 . 2008-06-21 17:36 117888 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2009-09-29 21:17 . 2006-05-12 10:21 534568 ----a-w- c:\windows\system32\drivers\btaudio.sys
2009-09-29 21:17 . 2008-06-21 17:44 77824 ----a-w- c:\windows\SOUNDMAN.EXE
2009-09-29 21:17 . 2008-06-21 17:44 1206816 ----a-w- c:\windows\RtlUpd.exe
2009-09-29 21:17 . 2008-06-21 17:44 9715200 ----a-w- c:\windows\RTLCPL.EXE
2009-09-29 21:17 . 2008-06-21 17:44 5029376 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-09-29 21:17 . 2008-06-21 17:44 17508864 ----a-w- c:\windows\RTHDCPL.EXE
2009-09-29 21:17 . 2009-07-11 23:01 57344 ----a-w- c:\windows\ALCMTR.EXE
2009-09-29 21:17 . 2008-06-21 17:44 2808832 ----a-w- c:\windows\ALCWZRD.EXE
2009-09-29 21:17 . 2008-06-21 17:44 2168320 ----a-w- c:\windows\MicCal.exe
2009-09-29 21:14 . 2006-05-12 10:17 37160 ----a-w- c:\windows\system32\drivers\btport.sys
2009-09-29 19:47 . 2008-06-22 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-09-18 21:40 . 2009-07-04 18:13 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-15 20:34 . 2009-09-15 20:34 131 ----a-w- c:\documents and settings\Gorkemay\Local Settings\Application Data\fusioncache.dat
2009-09-15 16:23 . 2008-06-22 20:59 5 -c--a-w- c:\windows\system32\SySMP3CutJoin.dat
2009-09-12 22:34 . 2009-09-12 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-12 22:29 . 2009-09-12 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-12 21:10 . 2009-09-12 21:10 -------- d-----w- c:\program files\ImTOO
2009-08-25 20:19 . 2009-08-25 20:19 117008 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-20 17:36 . 2009-08-20 17:35 -------- d-----w- c:\program files\VDOWNLOADER
2009-08-05 09:00 . 2008-04-15 09:30 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 12:07 . 2009-08-03 12:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 12:07 . 2009-08-03 12:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 12:07 . 2009-08-03 12:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-26 13:44 . 2009-07-26 13:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 02:23 . 2008-06-22 19:31 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-07-21 16:46 . 2009-07-19 16:43 81984 ----a-w- c:\windows\system32\bdod.bin
2009-07-20 06:34 . 2009-07-20 06:34 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
.
------- Sigcheck -------
[-] 2009-06-22 . E47D77A2F5D64974D9B6724552EB44AD . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-10-02 3883856]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-07-28 1360304]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-09-29 1208320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-08-03 419088]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-09-29 17508864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\Gorkemay\Start Menu\Programlar\BaŸlang‡\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2006-1-21 118784]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-10-7 3450608]
c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-10-09 17:38 69120 ----a-r- c:\program files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Team JPN\\Race Driver GRID\\GRID.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Softnyx\\WolfTeam\\Wolfteam.bin"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe"=
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [15.04.2008 12:30 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [15.04.2008 12:30 14336]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26.09.2009 15:26 232720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.09.2009 15:26 19096]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-10-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 12:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.tr/
uInternet Settings,ProxyOverride = <local>
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {357112BE-786F-4BC2-9942-2D4C8DDED86F} = 4.2.2.2,4.2.2.3
FF - ProfilePath - c:\documents and settings\Gorkemay\Application Data\Mozilla\Firefox\Profiles\zred58hv.default\
FF - component: c:\documents and settings\Gorkemay\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM1.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM2.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM3.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM5.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-BvtUtility - c:\program files\BvT Grup\BvT Live Tv\BvtUtility.exe
HKLM-Run-Bilkapac1.2c - c:\windows\system32\Bilkapac1.2c.exe
AddRemove-HijackThis - d:\program setupları\AntiVirus Programları\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-10-17 13:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1417001333-1993962763-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-1417001333-1993962763-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{810294B6-9041-2C80-EEA9-851D36E93224}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abhefdeoippggmfokmghlncohkoidpgpmo"=hex:69,61,69,66,6b,6f,67,65,6b,6e,69,64,
64,69,6f,64,6d,6f,00,00
"makeiaghikenkkcjddehjfidjp"=hex:6f,61,68,67,70,6c,6c,61,6d,65,63,6c,62,6e,6d,
6a,6e,68,69,6b,6b,66,68,6c,6f,70,64,6f,61,68,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c6,06,fa,f1,c6,91,29,b6,62,62,68,2c,12,ec,74,8e,90,0f,71,5a,8c,
27,f1,a0,93,89,ef,a4,65,4c,db,e4,b8,e0,35,32,4e,99,03,5e,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c2a65f5a-5faa-4510-9f79-4e0c4922a511}]
@Denied: (Full) (Everyone)
"Model"=dword:000000c0
"Therad"=dword:0000000f
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="5EC2ACEE88C1CA7646AEB73495639CD43F434549B9EDA4113EB86CB7F9F7440F5EE0BDA0E77C81E5767472C47D4A2D52FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34528EDD5E5BE2F6E6678EDD5E5BE2F6E667C03B0990E99516C62102B7524C4AE40C5593CA635132D294EA5746894CF80701C05C106642342DF017979D874D5BA5702F08A6C2FE03493D0596E9DE61EEAF610A508B937BF2140F7D71EF5574A23F5AC93F3D71B2D00ABC7BA85A7B1FE3EA6943488986EC7290F104A48E3772331639FAD0E09917453DBBEE4EF8D54933BF20F3C6A1A20EE12C1DBC195F1B9836D4AEFE2B69D6759ACC1A63192E54434FFB420AA5693CFE89B44A9D8C4C65DF646990731132B740A269E9C0EF665715BCAE3D570F011E00433AE5820EC36CE18E87675E1797C189C006F0D28D902DED942C3691848686F77C9210288336FA5D18237026A77EEB8A6ED82B4C81A01C1D040C05D0D79EA6F039D59C322619CFB576761E957F4BA39EB65CC4BFAD0FDC18CD2C3394307325170EE295A582689F713882165C31EA4844BA51A3A749D51D77C5AB82BC8CB11BBE26D8376E789E8FBB7906310FA24AAC22AE3B5B5D5F74FCF755EDE58DB90898DCBF1FEF5A3E40BCE2EE89FD238D5D1B7EDA5FB7234E7091FB7A9B83335E2D1E8A2C5DE69B5BD033DA6056BC74009ACDC51BCA379C49D0638646A238B96F582286D30173C7ACDAF7BA28796343DA7B75075FCA0CD3562071C05E301392B9C68EB2AEBA235B64EB03BB35C69B33D480B5F6AC741D33506F2BF77ABAD8925C3A41944C81B4B30516BDBD8B54434AF62A27EC1B1E058CE652751EE8797FF34D750CD64F0C1E92E96E074443FA6B759F015566576291131CDEAA460BE732D352413646ECD9861FBD0FB2F4855A59027F0EC001A121466047B1172BD647D1B3876B78D46F2A4C630294871C935308269E615D81CC7C596F92EAFAA8541C71785DC481193682FE4F0C22C028408C2277548C135142DCB4227D2E8C3EA02DD86C97A072CDB22D6332045C8C2A71700DF14FA73E797E6CF7BCD9A27493ED07823D4CD862CEEAB6F0C4666D8EDB242DDA73124CADAC129B74664FF34F7082FA9F7AE9C9DB207A6FD5A184035E17E6B4D6C1F119A6BCA09B31AC57512EC1B41C929A2ED3DA668DEDF145844E865A5D3D7E039831E0A2E165687F43EF1797744273F72EDAD2EAE80AD8145C0586C8BE410343033A887AA3340A33B2850228C18A8C4FD0C8A91D60E154D2D9E15029557D4AF004603D04C485B6809E4FDC4B32D3DEC0518AB90E60D561AD1F20CB6601F5ECE041511321BA1E4783D10D087EEEC31D53C10F50F3E58B2E321F05D28FB56FB8C8344013DC0C83C2BCE901D762354230"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1052)
c:\program files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll
c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll
- - - - - - - > 'lsass.exe'(1112)
c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll
c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll
- - - - - - - > 'explorer.exe'(1904)
c:\windows\system32\WININET.dll
c:\windows\system32\APSHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-17 13:41
ComboFix-quarantined-files.txt 2009-10-17 10:41
Pre-Run: 40.622.395.392 bayt boş
Post-Run: 40.594.493.440 bayt boş
251 --- E O F --- 2009-06-28 08:15
-
combofix açılırken ;
-
quote:
Orijinalden alıntı: serji
quote:
Orijinalden alıntı: baba_muhtar
sistemim biraz eski ama son günlerde açılışı iyice yavaşladı ilgilenirseniz sevinirim
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
combofix sonuçlarım hocam ilgilendiğiniz için teşekkürler.
ComboFix 09-10-11.03 - @ 17.10.2009 16:37.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1254.90.1055.18.511.178 [GMT 3:00]
Running from: c:\documents and settings\@\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\@\Application Data\wiaserva.log
c:\windows\Installer\18c0ab.msp
c:\windows\Installer\18c0c8.msp
c:\windows\Installer\18c0ce.msp
c:\windows\Installer\21518a.msp
c:\windows\Installer\2b00c.msp
c:\windows\Installer\35f57.msp
c:\windows\Installer\464a04.msp
c:\windows\Installer\694ff.msp
c:\windows\Installer\760793.msp
c:\windows\Installer\7607a3.msp
c:\windows\Installer\7607a9.msp
c:\windows\Installer\7607c7.msp
c:\windows\Installer\7607e0.msp
c:\windows\Installer\7607e6.msp
c:\windows\Installer\7607ff.msp
c:\windows\Installer\760805.msp
c:\windows\Installer\76080b.msp
c:\windows\Installer\cfa1bf.msp
c:\windows\Installer\cfa1c5.msp
c:\windows\Installer\cfa1cb.msp
c:\windows\Installer\cfa1d1.msp
c:\windows\Installer\cfa1d7.msp
c:\windows\Installer\cfa1dd.msp
c:\windows\Installer\cfa1e3.msp
c:\windows\Installer\cfa1e9.msp
c:\windows\Installer\cfa1ef.msp
c:\windows\Installer\cfa1f5.msp
c:\windows\Installer\cfa1fb.msp
c:\windows\Installer\cfa201.msp
c:\windows\Installer\cfa207.msp
c:\windows\Installer\cfa20d.msp
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\_id.dat
c:\windows\system32\scrrntr.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WIN32X
-------\Service_win32x
((((((((((((((((((((((((( Files Created from 2009-09-17 to 2009-10-17 )))))))))))))))))))))))))))))))
.
2009-10-16 21:17 . 2009-10-16 21:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-10-16 18:25 . 2009-10-16 18:25 -------- d-----w- c:\program files\Trend Micro
2009-10-14 06:32 . 2009-10-14 06:32 -------- d-----w- c:\documents and settings\@\Application Data\CheckPoint
2009-10-14 06:30 . 2009-10-14 06:30 -------- d-----w- c:\program files\CheckPoint
2009-10-14 06:30 . 2009-10-17 14:07 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-10-14 06:29 . 2009-10-10 19:42 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-10-14 06:29 . 2009-10-10 19:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-10-14 06:29 . 2009-10-10 19:42 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-10-14 06:29 . 2009-10-14 06:30 -------- d-----w- c:\windows\system32\ZoneLabs
2009-10-14 06:29 . 2009-10-14 06:29 -------- d-----w- c:\program files\Zone Labs
2009-10-14 06:28 . 2009-10-17 14:09 -------- d-----w- c:\windows\Internet Logs
2009-10-05 18:59 . 2009-10-01 07:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-05 18:46 . 2009-10-05 18:46 -------- d-----w- c:\documents and settings\@\Local Settings\Application Data\PCHealth
2009-10-05 18:46 . 2009-10-05 18:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2009-09-28 08:26 . 2009-09-28 08:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2009-09-24 15:40 . 2009-09-24 15:04 -------- d-----w- C:\ubuntu
2009-09-21 10:25 . 2009-09-21 10:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-09-19 12:40 . 2008-12-01 13:53 16640 ----a-w- c:\windows\system32\drivers\WsAudioDevice_383.sys
2009-09-19 12:39 . 2009-09-19 12:39 -------- d-----w- c:\program files\Wondershare
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-17 13:36 . 2001-11-22 12:00 77968 ----a-w- c:\windows\system32\perfc01F.dat
2009-10-17 13:36 . 2001-11-22 12:00 422664 ----a-w- c:\windows\system32\perfh01F.dat
2009-10-14 06:17 . 2009-02-27 21:35 -------- d-----w- c:\program files\FlashGet
2009-10-11 15:02 . 2009-04-06 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-11 14:57 . 2009-08-02 15:44 59876 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-10 18:23 . 2009-01-27 14:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-05 18:43 . 2009-09-16 10:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-09-28 08:30 . 2008-11-15 14:44 -------- d-----w- c:\program files\Google
2009-09-18 16:20 . 2008-12-10 19:59 -------- d-----w- c:\program files\Rockstar Games
2009-09-18 16:20 . 2008-11-15 13:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-17 20:16 . 2009-09-16 10:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-16 10:23 . 2009-09-16 10:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-09-14 20:01 . 2009-08-13 18:54 -------- d-----w- c:\program files\TrackMania Nations ESWC Special Edition
2009-09-11 20:02 . 2008-11-15 14:55 -------- d-----w- c:\program files\Microsoft.NET
2009-09-11 14:18 . 2001-11-22 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 22:43 . 2009-05-26 14:03 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 14:21 . 2009-08-02 13:22 -------- d-----w- c:\program files\Opera
2009-09-08 15:31 . 2009-09-08 14:24 -------- d-----w- c:\program files\Icons from File
2009-09-07 19:33 . 2009-09-07 19:33 -------- d-----w- c:\program files\Resco
2009-09-07 19:32 . 2008-11-21 18:06 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-05 17:04 . 2009-09-05 17:04 -------- d-----w- c:\documents and settings\@\Application Data\Uniblue
2009-09-05 14:41 . 2008-11-15 15:09 -------- d-----w- c:\documents and settings\@\Application Data\Skype
2009-09-04 21:04 . 2001-11-22 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 22:56 . 2009-06-19 14:00 -------- d-----w- c:\program files\Extra Screen Capture Pro
2009-09-02 14:04 . 2009-09-02 14:01 -------- d-----w- c:\program files\MagicISO
2009-09-01 15:57 . 2009-04-10 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Zoom Player
2009-09-01 15:56 . 2008-11-15 14:42 -------- d-----w- c:\documents and settings\@\Application Data\BSplayer Pro
2009-09-01 13:30 . 2009-06-20 11:59 -------- d-----w- c:\program files\3D Image Commander
2009-09-01 12:46 . 2009-09-01 12:46 -------- d-----w- c:\program files\AVG
2009-08-30 16:28 . 2009-02-21 20:50 -------- d-----w- c:\documents and settings\@\Application Data\Audacity
2009-08-30 14:16 . 2009-08-30 14:16 -------- d-----w- c:\program files\Foto-Mosaik-Edda
2009-08-30 14:05 . 2009-08-30 13:57 -------- d-----w- c:\program files\Darkest of Days
2009-08-30 14:02 . 2009-08-30 13:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-30 14:01 . 2009-08-30 13:47 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-30 13:59 . 2009-08-30 13:59 -------- d-----w- c:\program files\OpenAL
2009-08-30 13:59 . 2009-08-30 13:59 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-08-30 13:59 . 2009-08-30 13:59 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-29 18:39 . 2009-08-13 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-08-29 18:32 . 2008-11-15 14:08 77104 ----a-w- c:\documents and settings\@\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-29 17:56 . 2009-08-29 17:56 -------- d-----w- c:\program files\A4Tech
2009-08-29 07:56 . 2001-11-22 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:01 . 2001-11-22 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 20:40 . 2009-05-27 09:05 -------- d-----w- c:\program files\Falco Watcher
2009-08-23 16:28 . 2009-04-10 19:30 -------- d-----w- c:\program files\Quintessential Media Player
2009-08-23 14:19 . 2009-08-21 12:37 -------- d-----w- c:\documents and settings\@\Application Data\Gold Audio Suite
2009-08-22 16:28 . 2009-08-22 16:28 -------- d-----w- c:\documents and settings\@\Application Data\Audio Extractor
2009-08-22 14:52 . 2009-08-22 14:52 -------- d-----w- c:\program files\Pointstone
2009-08-21 12:37 . 2009-08-21 12:37 -------- d-----w- c:\program files\Gold Audio Suite
2009-08-06 16:24 . 2008-11-15 13:34 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 16:24 . 2007-07-30 17:19 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 16:24 . 2008-11-15 13:34 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 16:24 . 2008-11-15 13:34 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 16:24 . 2008-11-15 13:07 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 16:24 . 2001-11-22 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 16:23 . 2008-11-15 13:34 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 16:23 . 2009-04-29 15:18 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 16:23 . 2009-04-29 15:18 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 16:23 . 2008-11-15 13:07 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:00 . 2001-11-22 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:27 . 2001-11-22 12:00 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:27 . 2001-11-21 20:00 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 16:52 . 2009-08-04 16:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-07-20 06:34 . 2009-07-20 06:34 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1211176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-05-28 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 241664]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-10 1037192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-09 730480]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
AirTies ADSL Hizmet Program.lnk - c:\program files\AirTies\ADSL Hizmet Program\AirTies_util3.exe [2008-11-15 3655168]
[HKLM\~\startupfolder\C:^Documents and Settings^@^Start Menu^Programlar^Başlangıç^Hava Cıva!.lnk]
path=c:\documents and settings\@\Start Menu\Programlar\Başlangıç\Hava Cıva!.lnk
backup=c:\windows\pss\Hava Cıva!.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^@^Start Menu^Programlar^Başlangıç^HayatSu.lnk]
path=c:\documents and settings\@\Start Menu\Programlar\Başlangıç\HayatSu.lnk
backup=c:\windows\pss\HayatSu.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programlar\Başlangıç\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AcrSch2Svc"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"idsvc"=3 (0x3)
"gupdate1c9864c77218cf6"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\TOSHIBA\\Teleport\\Rkb.exe"=
"c:\\Program Files\\TOSHIBA\\Teleport\\Rsc.exe"=
"c:\\Program Files\\TOSHIBA\\SIPServer\\sipprx.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AirTies\\ADSL Hizmet Programı\\AirTies_util3.exe"=
"c:\\Program Files\\Rockstar Games\\Midnight Club II\\mc2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"2371:TCP"= 2371:TCP:etpnsfno
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [28.04.2009 18:59 55152]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [09.10.2009 15:23 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [09.10.2009 15:23 476528]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [10.02.2007 05:04 14336]
R3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [22.07.2009 18:25 23096]
R3 PhTVTune;LifeView FlyVideo WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [15.11.2008 16:28 19616]
R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [19.09.2009 15:40 16640]
S3 fsssvc;Windows Live Aile Koruması;c:\program files\Windows Live\Family Safety\fsssvc.exe [06.02.2009 18:08 533360]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [22.07.2009 18:25 245760]
S3 tsusbser;Toshiba TS705 Serial Port;c:\windows\system32\drivers\tsusbser.sys [28.01.2009 20:04 89728]
S4 gupdate1c9864c77218cf6;Google Update Service (gupdate1c9864c77218cf6);c:\program files\Google\Update\GoogleUpdate.exe [04.02.2009 01:12 133104]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ndlchqadv
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
IE: &FlashGet ile indir - c:\program files\FlashGet\jc_link.htm
IE: &Tümünü FlashGet ile indir - c:\program files\FlashGet\jc_all.htm
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: {CD496969-9A2F-40C6-AA46-D95F7BE2A71D} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\@\Application Data\Mozilla\Firefox\Profiles\glcijlxt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tr/
FF - component: c:\documents and settings\@\Application Data\Mozilla\Firefox\Profiles\glcijlxt.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\documents and settings\@\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-10-17 16:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-583907252-1425521274-1801674531-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Param2"=""
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b
[HKEY_USERS\S-1-5-21-583907252-1425521274-1801674531-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\DesktopAppInstall\oemDesktop2]
"Name"="oemDesktop2"
"DisplayName"="GoldKey"
"Param1"="EXTRAS\\DESKTOP\\TOSHIBA GoldKey\\setup.exe"
"Param2"=""
"Type"="createprocess"
"Order"=dword:00000000
"State"=dword:0000000b
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0FE9758D-999D-5364-A982D9FF5B788FED}\{C0BD10EF-72B8-B20F-55BDE04C7FD39C0B}\{292331AE-173A-E499-B30D8FE5870ABBF2}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5EB4415E-B969-2C69-DD874BCF6C12CC68}\{3E489D97-A265-F92B-B062A61AC9296970}\{9D75BF9D-92B8-985A-711124B44CF5D523}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(700)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\relog_ap.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'explorer.exe'(3760)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_tur.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\AirTies\ADSL Hizmet Programc:\windows\explorer.exe
.
**************************************************************************
.
Completion time: 2009-10-17 17:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-17 14:15
Pre-Run: 9.195.200.512 bayt boş
Post-Run: 9.433.391.104 bayt boş
312 --- E O F --- 2009-10-16 16:37
Ip işlemleri
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
