Yeni Kayıt
Konudaki Resimler
önceki
|
Hızlı 
Bildirim
HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (457. sayfa)
Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Daha Fazla 
Bu Konudaki Kullanıcılar:
Daha Az 
3 Misafir - 3 Masaüstü
Giriş
Mesaj
-
-
quote:
Orijinalden alıntı: caner282828
relevantknowledge den nasıl kurtulacağım. spybot kullandım buldu fakat düzeltmiyor. erişilemiyor diyor. ad award da tarattm birşey olmadı .ne yapacağım.
İlk sayfada anlattigim gibi log gonderin.
quote:
Orijinalden alıntı: Ocean Blue
Serji kardeşim ilgin için teşekkür ederim.
Virüs programını kapattım combofixle tarattım listeyi gönderiyorum bi bakarsan memnun olurum. Şimdiden teşekkürler..
Malwarebytes Antimalware adlı programı indirin.
http://www.buraksonmez.com/dosyalar/mbam-setup.exe
* Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
* Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
* Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
* Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
* Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
* Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
* Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
* Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
* Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.
NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.
-
hocam benim logada bir bakarsanız sevinirim
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:00, on 13.12.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\No62NoExit\Desktop\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.kralliklar.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
O1 - Hosts: 208.65.153.251 uk.youtube.com
O1 - Hosts: 208.65.153.253 de.youtube.com
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70 www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com
O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com
O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com
O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com
O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com
O1 - Hosts: 64.15.125.33 sjc-v94.sjc.youtube.com
O1 - Hosts: 64.15.125.34 sjc-v95.sjc.youtube.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O4 - HKLM\..\Run: [iKeyWorks] C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Ovt Wia] C:\Windows\OV530EM.exe
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Banner Ad Blocker’a ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web trafiği koruması istatistikleri - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) -http://92.51.137.94/objects/NpFv501.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{444B7FE3-9D29-4330-9E28-BD608E4F4CE9}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 11903 bytes
-
İstemiştin yeniden veriyorum logları
HiJack raporu :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06, on 2009-12-14
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svlostSrv.exe
C:\WINDOWS\system32\svlost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\xp\Belgelerim\Karşıdan Yüklenenler\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: siszyd32.exe
O4 - Global Startup: Adobe Reader Hızlı Çalıştırma.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ?
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{096255B1-ABF1-44A9-8F55-C77C25A0F301}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: svlost Service (svlostServices) - Unknown owner - C:\WINDOWS\system32\svlostSrv.exe
--
End of file - 5472 bytes
Yeni combofix raporu :
ComboFix 09-12-09.04 - xp 2009-12-14 22:19:06.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1254.1.1055.18.511.317 [GMT 2:00]
Running from: c:\documents and settings\xp\Belgelerim\Karşıdan Yüklenenler\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((( Files Created from 2009-11-14 to 2009-12-14 )))))))))))))))))))))))))))))))
.
2009-12-14 19:20 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-14 18:56 . 2009-12-14 18:56 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-14 18:53 . 2009-12-14 18:53 -------- d-----w- c:\program files\Lavasoft
2009-12-14 18:53 . 2009-12-14 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-14 15:34 . 2009-12-14 15:34 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-14 15:26 . 2009-12-14 15:31 -------- d-----w- C:\18628-ComboFix
2009-12-14 15:26 . 2008-04-14 06:00 388096 ----a-w- c:\windows\system32\CF22933.exe
2009-12-14 15:25 . 2008-04-14 06:00 388096 ----a-w- c:\windows\system32\CF22685.exe
2009-12-13 16:36 . 2009-12-14 20:28 697856 ----a-w- c:\windows\system32\drivers\lbmqtjd.sys
2009-12-11 16:20 . 2009-12-11 16:20 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-11 16:20 . 2009-12-11 16:20 -------- d-----w- c:\documents and settings\xp\Application Data\SystemRequirementsLab
2009-12-06 13:28 . 2009-12-06 13:28 -------- d-----w- c:\windows\Sun
2009-12-02 11:22 . 2009-12-09 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-12-01 20:58 . 1998-06-17 22:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-12-01 20:58 . 2009-12-01 20:58 -------- d-----w- c:\program files\Custom-Strike
2009-12-01 20:43 . 2009-12-01 20:43 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-27 17:19 . 2009-11-27 17:21 -------- d-----w- c:\program files\Play65
2009-11-26 14:59 . 2009-11-26 15:02 -------- d-----w- c:\program files\ABC Amber LIT Converter
2009-11-25 14:04 . 2009-11-25 14:04 -------- d-----w- c:\documents and settings\xp\Local Settings\Application Data\Electronic Arts
2009-11-25 13:51 . 2009-11-25 13:51 -------- d-----w- c:\program files\Electronic Arts
2009-11-24 18:07 . 2009-11-24 18:07 -------- d-----w- c:\documents and settings\xp\Application Data\GRETECH
2009-11-23 12:46 . 2009-11-23 12:47 -------- d-----w- c:\program files\Total Video Converter
2009-11-23 12:19 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-11-23 11:38 . 2009-11-23 11:38 -------- d-----w- c:\documents and settings\xp\Application Data\DivX
2009-11-23 11:36 . 2009-11-23 17:38 292696 ----a-w- c:\windows\system32\XceedFtp.dll
2009-11-22 21:01 . 2009-12-10 17:20 -------- d-----w- c:\documents and settings\xp\Application Data\IDM
2009-11-22 21:01 . 2009-11-22 21:02 -------- d-----w- c:\program files\Internet Download Manager
2009-11-15 08:22 . 2009-11-15 08:22 -------- d-----w- c:\documents and settings\xp\Local Settings\Application Data\GlobalSCAPE
2009-11-15 08:21 . 2009-11-15 08:21 -------- d-----w- c:\documents and settings\xp\Application Data\GlobalSCAPE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-14 19:41 . 2009-10-24 16:57 -------- d-----w- c:\documents and settings\xp\Application Data\DMCache
2009-12-14 19:18 . 2009-12-14 19:18 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-14 19:18 . 2009-12-14 19:18 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-12-14 19:18 . 2009-12-14 19:18 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-14 19:18 . 2009-12-14 19:18 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-14 19:18 . 2009-12-14 19:18 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-14 19:18 . 2009-12-14 19:18 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-14 19:18 . 2009-12-14 19:18 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-14 19:18 . 2009-12-14 19:18 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-14 19:14 . 2009-12-14 19:13 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-14 19:13 . 2009-12-14 19:13 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-14 19:13 . 2009-12-14 19:13 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-14 19:13 . 2009-12-14 19:13 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-14 19:13 . 2009-12-14 19:12 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-14 19:10 . 2009-12-14 19:10 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-14 19:10 . 2009-12-14 19:09 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-14 19:09 . 2009-12-14 19:09 1638640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-14 19:09 . 2009-12-14 19:09 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-14 19:09 . 2009-12-14 19:08 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-14 15:34 . 2009-12-14 15:34 16 ----a-w- c:\documents and settings\xp\Application Data\fvgqad.dat
2009-12-14 15:25 . 2009-10-25 19:27 -------- d-----w- c:\program files\sXe Injected
2009-12-14 12:47 . 2009-10-25 19:12 -------- d-----w- c:\program files\Valve
2009-12-13 20:21 . 2009-10-24 16:48 -------- d-----w- c:\program files\Opera
2009-12-13 16:35 . 2009-12-13 16:35 16 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat
2009-12-13 16:35 . 2009-12-13 16:35 4 ----a-w- c:\documents and settings\xp\Application Data\avdrn.dat
2009-12-12 23:30 . 2001-11-22 12:00 77802 ----a-w- c:\windows\system32\perfc01F.dat
2009-12-12 23:30 . 2001-11-22 12:00 422642 ----a-w- c:\windows\system32\perfh01F.dat
2009-12-11 16:20 . 2009-12-11 16:20 138240 ----a-w- c:\documents and settings\xp\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-12-11 16:20 . 2009-12-11 16:20 138240 ----a-w- c:\documents and settings\xp\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-12-11 16:20 . 2009-12-11 16:20 138240 ----a-w- c:\documents and settings\xp\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-12-11 16:20 . 2009-12-11 16:20 138240 ----a-w- c:\documents and settings\xp\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-12-10 17:19 . 2009-11-22 21:11 28672 ----a-w- c:\documents and settings\xp\Application Data\IDM\NP_IDM6.dll
2009-12-10 17:19 . 2009-11-22 21:11 28672 ----a-w- c:\documents and settings\xp\Application Data\IDM\NP_IDM5.dll
2009-12-10 17:19 . 2009-11-22 21:11 28672 ----a-w- c:\documents and settings\xp\Application Data\IDM\NP_IDM4.dll
2009-12-10 17:19 . 2009-11-22 21:11 28672 ----a-w- c:\documents and settings\xp\Application Data\IDM\NP_IDM3.dll
2009-12-10 17:19 . 2009-11-22 21:11 28672 ----a-w- c:\documents and settings\xp\Application Data\IDM\NP_IDM2.dll
2009-12-10 17:19 . 2009-11-22 21:11 28672 ----a-w- c:\documents and settings\xp\Application Data\IDM\NP_IDM1.dll
2009-12-01 20:58 . 2009-10-24 14:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-30 13:35 . 2009-11-08 16:30 -------- d-----w- c:\program files\Magic Video Converter
2009-11-24 18:07 . 2009-10-28 19:43 -------- d-----w- c:\program files\GRETECH
2009-11-22 21:02 . 2009-11-22 21:02 165296 ----a-w- c:\documents and settings\xp\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-11-17 16:21 . 2009-10-24 14:46 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-12 16:52 . 2009-11-12 16:52 -------- d-----w- c:\program files\Ares
2009-11-11 14:21 . 2009-10-24 15:15 -------- d-----w- c:\program files\Winamp
2009-11-09 18:45 . 2009-11-09 18:45 -------- d-----w- c:\documents and settings\xp\Application Data\AdobeUM
2009-11-09 14:54 . 2009-11-09 14:52 -------- d-----w- c:\documents and settings\xp\Application Data\IObit
2009-11-09 14:52 . 2009-11-09 14:52 -------- d-----w- c:\program files\IObit
2009-11-09 14:13 . 2009-11-09 14:12 -------- d-----w- c:\program files\DivX
2009-11-09 14:12 . 2009-11-09 14:12 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-08 16:30 . 2009-10-30 09:25 -------- d-----w- c:\documents and settings\xp\Application Data\Vso
2009-11-08 16:30 . 2009-10-30 09:25 81920 ----a-w- c:\documents and settings\xp\Application Data\ezpinst.exe
2009-11-08 16:30 . 2009-10-30 09:25 81920 ----a-w- c:\documents and settings\xp\Application Data\ezpinst.exe
2009-11-08 16:30 . 2009-10-30 09:25 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-08 16:30 . 2009-10-30 09:25 47360 ----a-w- c:\documents and settings\xp\Application Data\pcouffin.sys
2009-11-08 16:30 . 2009-10-30 09:25 47360 ----a-w- c:\documents and settings\xp\Application Data\pcouffin.sys
2009-11-08 12:01 . 2009-11-08 12:01 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-07 15:56 . 2009-10-24 14:34 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-06 13:33 . 2009-11-06 13:33 0 ----a-w- c:\windows\nsreg.dat
2009-11-06 13:24 . 2009-10-24 15:16 -------- d-----w- c:\program files\Java
2009-11-06 13:17 . 2009-11-06 13:17 152576 ----a-w- c:\documents and settings\xp\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-05 18:00 . 2009-11-05 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-04 21:36 . 2009-10-24 14:44 64568 ----a-w- c:\documents and settings\xp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-04 19:36 . 2009-11-04 19:36 879 ----a-w- c:\windows\unins000.dat
2009-11-04 19:36 . 2009-11-04 19:36 -------- d-----w- c:\documents and settings\xp\Application Data\Flatcast
2009-11-04 19:36 . 2009-11-04 19:36 695578 ----a-w- c:\windows\unins000.exe
2009-11-04 14:16 . 2009-11-04 14:16 237568 ----a-w- c:\windows\system32\svlostSrv.exe
2009-11-04 14:16 . 2009-11-04 14:16 89600 ----a-w- c:\windows\system32\svlosta.dll
2009-11-04 14:16 . 2009-11-04 14:16 61440 ----a-w- c:\windows\system32\svlostb.dll
2009-11-04 14:16 . 2009-11-04 14:16 268288 ----a-w- c:\windows\system32\svlost.exe
2009-11-03 00:33 . 2009-11-03 00:33 -------- d-----w- c:\program files\Google
2009-10-30 11:46 . 2009-10-26 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-10-30 11:46 . 2009-10-26 06:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-30 01:06 . 2009-10-30 01:06 -------- d-----w- c:\program files\MSBuild
2009-10-30 01:05 . 2009-10-30 01:05 -------- d-----w- c:\program files\Reference Assemblies
2009-10-29 11:38 . 2009-10-29 11:38 -------- d-----w- c:\documents and settings\xp\Application Data\Media Player Classic
2009-10-29 07:41 . 2008-04-14 06:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-26 05:53 . 2009-10-26 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-26 05:53 . 2009-10-26 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-10-25 12:04 . 2009-10-25 12:04 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-25 12:03 . 2009-10-25 12:02 -------- d-----w- c:\program files\Microsoft
2009-10-25 12:03 . 2009-10-24 15:17 -------- d-----w- c:\program files\Windows Live
2009-10-25 12:03 . 2009-10-25 12:03 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-25 12:01 . 2009-10-25 12:01 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-25 11:55 . 2009-10-25 11:55 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-25 11:39 . 2009-10-25 11:39 -------- d-----w- c:\program files\AirTies
2009-10-24 17:15 . 2009-10-24 17:15 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-24 17:14 . 2009-10-24 17:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-24 15:28 . 2009-10-24 15:28 -------- d-----w- c:\program files\C-Media 3D Audio
2009-10-24 15:20 . 2009-10-24 15:20 -------- d-----w- c:\documents and settings\xp\Application Data\Ahead
2009-10-24 15:15 . 2009-10-24 15:15 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-24 15:15 . 2009-10-24 15:15 152576 ----a-w- c:\documents and settings\xp\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-10-24 15:13 . 2009-10-24 15:13 -------- d-----w- c:\program files\Microsoft.NET
2009-10-24 15:11 . 2009-10-24 15:09 -------- d-----w- c:\program files\Nero
2009-10-24 15:10 . 2009-10-24 15:09 -------- d-----w- c:\program files\Common Files\Ahead
2009-10-24 15:09 . 2009-10-24 15:08 -------- d-----w- c:\program files\Microsoft Works
2009-10-24 15:05 . 2009-10-24 15:05 -------- d-----w- c:\program files\ESET
2009-10-24 15:05 . 2009-10-24 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-10-24 14:53 . 2009-10-24 14:53 -------- d-----w- c:\program files\Realtek Sound Manager
2009-10-24 14:53 . 2009-10-24 14:53 -------- d-----w- c:\program files\AvRack
2009-10-24 14:53 . 2009-10-24 14:53 -------- d-----w- c:\program files\Realtek AC97
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-12-14_17.20.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2009-12-14 19:38 . 2009-12-14 19:38 16384 c:\windows\Temp\Perflib_Perfdata_1f4.dat
+ 2009-12-14 19:20 . 2009-09-23 12:55 64288 c:\windows\system32\DRVSTORE\lbd_B425E86B28F27CC7F4A0CAF275F9F2789F3C6909\Lbd.sys
+ 2008-07-29 06:05 . 2008-07-29 06:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 01:54 . 2008-07-29 01:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2009-12-14 18:52 . 2009-12-14 18:52 236032 c:\windows\Installer\16b0cb.msi
+ 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
+ 2009-12-14 18:55 . 2009-12-14 18:55 1861120 c:\windows\Installer\16b0d5.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-03 39408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-22 2606512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 90112]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-05-09 1443072]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-03 122368]
c:\documents and settings\xp\Start Menu\Programlar\BaŸlang‡\
siszyd32.exe [2008-4-14 23040]
c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
Adobe Reader Hzl €alŸtrma.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
AirTies ADSL Hizmet Program.lnk - c:\program files\AirTies\ADSL Hizmet Program\AirTies_util3.exe [2009-10-25 3655168]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\AirTies\\ADSL Hizmet Programı\\AirTies_util3.exe"=
"c:\\Documents and Settings\\xp\\Desktop\\EmRE2\\Oyunlar&ProgramLar\\Age Of Empires II\\Age Of Empires II.exe"=
"c:\\Documents and Settings\\xp\\Desktop\\EmRE2\\CryptLoad_1.1.8\\RouterClient.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-14 64288]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-05-09 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-05-15 472320]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-24 1184912]
S2 svlostServices;svlost Service;c:\windows\system32\svlostSrv.exe [2009-11-04 237568]
--- Other Services/Drivers In Memory ---
*Deregistered* - lbmqtjd
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.tr/
IE: Bütün linkleri IDM ile indir - c:\program files\Internet Download Manager\IEGetAll.htm
IE: FLV video içeriğini IDM ile indir - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: IDM ile indir - c:\program files\Internet Download Manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
TCP: {096255B1-ABF1-44A9-8F55-C77C25A0F301} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\xp\Application Data\Mozilla\Firefox\Profiles\f41meimz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.localstrike.com.ar/?q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - LocalStrike
FF - prefs.js: browser.startup.homepage - hxxp://tr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:tr:official
FF - prefs.js: keyword.URL - hxxp://search.localstrike.com.ar/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\xp\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npdsplay.dll
FF - plugin: c:\progra~1\Opera\program\plugins\NpFv522.dll
FF - plugin: c:\progra~1\Opera\program\plugins\NPSWF32.dll
FF - plugin: c:\progra~1\Opera\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera\program\plugins\NpFv522.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-12-14 22:27
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbmqtjd]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0ef73738-90b6-481d-83a4-29cd5b3faa6b}]
@Denied: (Full) (Everyone)
"Model"=dword:00000145
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a3,b8,c4,27,8f,c3,f0,b6,76,e7,37,dc,ff,ea,7a,46,1e,e7,a7,db,3b,
28,08,90,1d,ff,56,99,7e,76,34,26,2b,bb,07,3b,4a,71,c7,69,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(592)
c:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(2764)
c:\windows\system32\WININET.dll
c:\program files\Google\Quick Search Box\bin\1.2.1150.162\qsb.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-14 22:37:13
ComboFix-quarantined-files.txt 2009-12-14 20:37
ComboFix2.txt 2009-12-14 17:29
Pre-Run: 3,219,189,760 bayt boş
Post-Run: 3,160,342,528 bayt boş
- - End Of File - - 70E76EA9C30B3A50C82C7480B5F5B1CC
-
dediğiniz gibi Baslat - calistir - gpedit.msc yazıp entera bastım ama sanırım Xp Home Edition da gpedit yok yani açmıyor windows tarafından bulunamıyor diyor
hijackThis raporu...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:03, on 14.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shenturk\Mini Hava\minihava.exe
C:\Program Files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Shenturk\Mini Hava\minihava.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\TEMP\cpcly.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\savaş\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MiniHava] "C:\Program Files\Shenturk\Mini Hava\minihava.exe"
O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) -http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) -http://picasaweb.google.com/s/v/51.26/uploader2.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234890976609
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) -http://www.facebook.com/controls/contactx.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) -http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) -http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Güncelleme Hizmeti (gupdate1c9a08f6ed5a052) (gupdate1c9a08f6ed5a052) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
--
End of file - 6588 bytes
-
Selam serji , herkese yetişemiyorsun bunu biliyorum ama sayfa 151 de 3 programında raporunu sundum benden tekrar yeni raporlar istemiştin , tekrar tarattım ve yeni raporlar sayfa 152 de mevcut.Yardımcı olabilir misin ? Teşekkür ederim. -
quote:
Orijinalden alıntı: ahniz
sn serji vakit ayırıp cevapladığınız için sağolun. programı indirdim. mbam-setup.exe üzerine çift tıklayınca hiçbirşey olmuyor. Yani programı kurmama izin bile vermiyor. Bunun üzerine programın ismini değiştirdim ve programı kurdum. Ama şimdi de antivirüs programlarında olduğu gibi çalışmasına izin vermiyor.(Programın ismini değiştirerek de denedim olmadı)...
Ne yapmam lazım...
Üstadım durum hala aynı. Mümkünse bir cevap lütfen.... -
Serji Combofix logu aşağıda bakarsan sevinirim...
ComboFix 09-12-09.04 - ckoylazer 15.12.2009 10:28:33.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1254.1.1055.18.3007.2545 [GMT 2:00]
Running from: C:\Documents and Settings\CKOYLAZER\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Trend Micro Client-Server Security Agent AntiVirus *On-access scanning enabled* (Updated) {EC18189A-F400-4751-868E-A9F65394ADB7}
FW: Trend Micro Client-Server Security Agent Firewall *disabled* {EC18189A-F400-4751-868E-A9F65394ADB7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\driVERs\cgtvbwww.sys
C:\WINDOWS\system32\scrrntr.dll
C:\WINDOWS\system32\tmp55.tmp
.
---- Previous Run -------
.
C:\Documents and Settings\CKOYLAZER\Application Data\Kaspersky_Key_Finder_(KKF\Kaspersky_Key_Finder_V1.5_Url_caxapbqqm5qgcujpso0h20221wxshrj3\1.5.0.0\user.config
C:\Documents and Settings\CKOYLAZER\Application Data\Kaspersky_Key_Finder_(KKF\Kaspersky_Key_Finder_V1.5_Url_hp0cfuj505jj0hpaz3gnpoak204qivos\1.5.0.0\user.config
C:\WINDOWS\desktop\Sofra.exe.lnk
C:\WINDOWS\system32\av_md.exe
C:\WINDOWS\system32\Axkdcanc.dll
C:\WINDOWS\system32\axrgkd.dll
C:\WINDOWS\system32\config\systemprofile\av_md.exe
C:\WINDOWS\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
C:\WINDOWS\system32\ieuinit.inf
C:\WINDOWS\system32\scrrntr.dll
C:\WINDOWS\system32\twain_32.dll
-- Previous Run --
Infected copy of C:\WINDOWS\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
--------
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_cgtvbwww
-------\Service_cgtvbwww
((((((((((((((((((((((((( Files Created from 2009-11-15 to 2009-12-15 )))))))))))))))))))))))))))))))
.
-
Yardımcı olursanız sevinirim
Ne yapmam gerek yardımcı olursanız sevinirim teşekkürler.
ComboFix 09-12-04.02 - Gürhan 05.12.2009 11:16.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1254.90.1055.18.2046.1300 [GMT 2:00]
Running from: c:\users\Gürhan\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\WLSetup
c:\programdata\Microsoft\WLSetup\Logs\2009-09-28_18-33_e1c-ovqq6a47.log
c:\programdata\Microsoft\WLSetup\wlt7558.tmp
.
((((((((((((((((((((((((( Files Created from 2009-11-05 to 2009-12-05 )))))))))))))))))))))))))))))))
.
2009-12-05 09:25 . 2009-12-05 09:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-05 09:25 . 2009-12-05 09:25 -------- d-----w- c:\users\Elif\AppData\Local\temp
2009-12-05 09:25 . 2009-12-05 09:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-05 09:25 . 2009-12-05 09:25 -------- d-----w- c:\users\Anahid\AppData\Local\temp
2009-12-03 22:10 . 2009-12-03 22:10 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB252.tmp.exe
2009-11-25 10:38 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 06:37 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 06:37 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-19 15:02 . 2009-11-19 15:02 4045528 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-19 14:54 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-19 14:54 . 2009-11-19 15:02 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-19 14:54 . 2009-11-19 14:54 -------- d-----w- c:\programdata\Malwarebytes
2009-11-19 14:54 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-18 17:40 . 2009-11-18 17:40 -------- d-----w- c:\program files\Trend Micro
2009-11-18 06:37 . 2009-11-18 06:37 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 06:33 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-18 06:33 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-18 06:33 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-18 06:30 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-18 06:30 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-18 06:30 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-11 07:35 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 07:32 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-07 07:40 . 2009-11-07 07:40 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-06 10:49 . 2009-11-06 11:06 4096 d-----w- c:\program files\Common Files\SolidWorks Shared
2009-11-06 10:49 . 2009-11-06 10:49 -------- d-----w- c:\program files\lang
2009-11-06 10:49 . 2009-11-06 11:10 -------- d-----w- c:\programdata\SolidWorks
2009-11-06 10:49 . 2009-11-06 11:07 4096 d-----w- c:\program files\SolidWorks Corp
2009-11-06 10:49 . 2009-11-06 10:55 4096 d-----w- c:\program files\Browser
2009-11-06 10:48 . 2009-11-06 10:48 -------- d-----w- c:\program files\MSECache
2009-11-06 10:47 . 2009-11-06 10:47 4096 d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-06 10:43 . 2009-11-06 10:43 -------- d-----w- c:\program files\Common Files\SolidWorks Installation Manager
2009-11-06 10:43 . 2009-11-06 10:46 -------- d-----w- c:\windows\SolidWorks
2009-11-05 17:07 . 2009-11-05 17:13 -------- d-----w- c:\windows\Downloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 08:19 . 2009-09-27 14:10 34990 ----a-w- c:\programdata\nvModes.dat
2009-12-05 08:19 . 2009-09-27 10:20 4096 d-----w- c:\programdata\NVIDIA
2009-12-02 11:31 . 2009-10-16 19:40 4096 d-----w- c:\programdata\Test Drive Unlimited
2009-11-27 15:11 . 2009-10-02 14:11 3695616 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-25 22:47 . 2009-10-12 11:59 32768 d-----w- c:\program files\GTR2
2009-11-22 18:36 . 2007-01-05 05:14 598312 ----a-w- c:\windows\system32\perfh01F.dat
2009-11-22 18:36 . 2007-01-05 05:14 120110 ----a-w- c:\windows\system32\perfc01F.dat
2009-11-18 06:37 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 06:37 . 2009-11-18 06:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-11 15:37 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-11 15:29 . 2009-10-05 06:35 8192 d-----w- c:\programdata\Microsoft Help
2009-11-09 15:24 . 2009-10-19 14:42 -------- d-----w- c:\program files\Java
2009-11-09 11:30 . 2009-09-30 18:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-08 09:44 . 2009-09-27 11:16 4096 d-----w- c:\program files\Google
2009-11-06 10:49 . 2009-09-27 14:07 8192 d-----w- c:\program files\AGEIA Technologies
2009-11-05 17:45 . 2009-11-05 17:45 4096 d-----w- c:\program files\iTunes
2009-11-05 17:45 . 2009-11-05 17:45 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-05 17:45 . 2009-11-05 17:41 -------- d-----w- c:\program files\Common Files\Apple
2009-11-05 17:45 . 2009-11-05 17:11 -------- d-----w- c:\program files\iPod
2009-11-05 17:43 . 2009-11-05 17:43 -------- d-----w- c:\program files\Bonjour
2009-11-05 17:43 . 2009-11-05 17:43 4096 d-----w- c:\program files\QuickTime
2009-11-05 17:43 . 2009-11-05 17:22 -------- d-----w- c:\programdata\Apple Computer
2009-11-05 17:42 . 2009-11-05 17:42 4096 d-----w- c:\program files\Apple Software Update
2009-11-05 17:41 . 2009-11-05 17:41 -------- d-----w- c:\programdata\Apple
2009-11-05 17:23 . 2009-09-30 18:15 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-11-05 17:22 . 2009-11-05 17:22 -------- d-----w- c:\programdata\QuickTime
2009-11-04 17:12 . 2009-10-19 14:40 4096 d-----w- c:\program files\LimeWire
2009-11-02 18:42 . 2009-10-03 08:07 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 19:57 . 2009-09-27 12:00 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-31 19:53 . 2009-10-31 19:53 -------- d-----w- c:\program files\Samsung
2009-10-29 09:22 . 2009-10-29 09:22 56472 ----a-w- c:\users\Elif\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-28 18:58 . 2009-10-28 18:58 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-26 14:19 . 2009-10-26 14:19 -------- d-----w- c:\program files\GameSpy
2009-10-26 14:16 . 2009-10-26 14:16 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-26 14:15 . 2009-10-26 14:15 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-26 14:15 . 2009-10-26 14:15 669184 ----a-w- c:\windows\system32\pbsvc.exe
2009-10-26 14:15 . 2009-10-26 14:15 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-26 14:14 . 2009-10-26 14:14 -------- d-----w- c:\programdata\Media Center Programs
2009-10-26 14:05 . 2009-10-26 14:05 -------- d-----w- c:\program files\Electronic Arts
2009-10-16 14:11 . 2009-10-02 14:10 2353992 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-10-16 13:18 . 2009-10-16 13:18 -------- d-----w- c:\program files\Atari
2009-10-15 07:56 . 2009-10-15 07:56 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-10-14 06:05 . 2009-10-14 06:05 -------- d-----w- c:\program files\Auslogics
2009-10-13 11:46 . 2009-10-13 11:20 4096 d-----w- c:\program files\GTR Evolution
2009-10-13 11:06 . 2009-10-13 11:06 -------- d-----w- c:\programdata\WindowsSearch
2009-10-11 02:17 . 2009-10-19 14:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 06:57 . 2009-10-05 06:37 4096 d-----w- c:\program files\Microsoft Works
2009-10-06 18:47 . 2009-10-06 18:47 -------- d-----w- c:\programdata\Trymedia
2009-10-06 18:46 . 2009-10-06 18:44 4096 d-----w- c:\program files\ARCA Remax
2009-10-05 14:25 . 2009-10-05 14:23 53248 ----a-w- c:\windows\PSEXESVC.EXE
2009-10-03 17:09 . 2009-10-03 17:09 61064 ----a-w- c:\users\Anahid\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-02 14:10 . 2009-10-02 14:10 562552 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-10-02 14:10 . 2009-10-02 14:10 566632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-10-02 14:10 . 2009-10-02 14:10 640760 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-10-02 14:10 . 2009-10-02 14:10 520024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-10-02 14:10 . 2009-10-02 14:10 1028432 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-10-01 22:14 . 2009-10-01 21:48 137 ----a-w- c:\windows\system32\winser.bin
2009-10-01 22:04 . 2009-10-01 22:04 113 ----a-w- c:\windows\system32\accwiz.bin
2009-10-01 21:43 . 2009-10-01 21:43 108 ----a-w- c:\windows\system32\dxwizard.bin
2009-10-01 01:02 . 2009-11-18 06:32 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-18 06:32 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-18 06:32 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-18 06:32 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-18 06:32 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-18 06:32 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-18 06:32 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-18 06:32 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-18 06:32 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-18 06:32 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-18 06:32 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-18 06:32 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-30 18:36 . 2009-09-30 18:36 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-09-30 18:15 . 2009-09-27 12:00 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-09-30 15:34 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-09-30 15:34 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-09-28 17:11 . 2009-09-28 17:11 75928 ----a-w- c:\windows\system32\drivers\ThwSpace.sys
2009-09-27 15:46 . 2009-09-27 15:46 4942440 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 15:46 . 2009-09-27 15:46 13949544 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 14:12 . 2009-09-27 14:12 9509832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-09-27 14:12 . 2009-09-27 14:12 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 14:12 . 2009-09-27 14:12 3310184 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-09-27 14:12 . 2009-09-27 14:12 2169448 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 14:12 . 2009-09-27 14:12 1997416 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 14:12 . 2009-09-27 14:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 14:12 . 2009-09-27 14:12 170600 ----a-w- c:\windows\system32\nvcod167.dll
2009-09-27 14:12 . 2009-09-27 14:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 14:12 . 2009-09-27 14:12 11197032 ----a-w- c:\windows\system32\nvoglv32.dll
2009-09-27 14:12 . 2009-03-27 21:03 7614056 ----a-w- c:\windows\system32\nvd3dum.dll
2009-09-27 14:12 . 2009-03-27 21:03 1074280 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 12:00 . 2009-09-27 12:00 315392 ----a-w- c:\windows\HideWin.exe
2009-09-27 10:07 . 2009-09-27 10:07 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-09-27 10:07 . 2009-09-27 10:07 272896 ----a-w- c:\windows\system32\polstore.dll
2009-09-27 10:01 . 2009-09-27 10:01 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-27 10:01 . 2009-09-27 10:01 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-27 10:01 . 2009-09-27 10:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-27 10:01 . 2009-09-27 10:01 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-27 10:01 . 2009-09-27 10:01 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-27 10:01 . 2009-09-27 10:01 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-27 10:01 . 2009-09-27 10:01 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-27 10:01 . 2009-09-27 10:01 11264 ----a-w- c:\windows\system32\MRINFO.EXE
.
((((((((((((((((((((((((((((( SnapShot@2009-11-19_10.25.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-25 10:38 . 2009-10-29 09:26 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22254_none_17855e4d1ffaeb7e\tzupd.exe
+ 2009-09-27 10:09 . 2009-09-27 10:09 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18132_none_170f60c606cee124\tzupd.exe
+ 2009-11-25 10:38 . 2009-10-29 09:44 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22552_none_159cebd122d663ac\tzupd.exe
+ 2009-09-27 10:09 . 2009-09-27 10:09 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18351_none_15124cd609b9ad64\tzupd.exe
+ 2009-11-25 10:38 . 2009-10-29 09:36 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.21150_none_13b482d325b1d628\tzupd.exe
+ 2009-11-25 10:38 . 2009-10-29 09:51 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16947_none_133cdfd80c85988c\tzupd.exe
+ 2009-09-27 10:21 . 2009-12-05 08:20 35240 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-12-05 08:20 52784 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:02 . 2009-11-19 10:00 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-12-05 08:19 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-11-19 10:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-12-05 08:19 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-12-05 08:19 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2009-11-19 10:00 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-30 18:09 . 2009-11-11 09:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-30 18:09 . 2009-12-03 11:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-30 18:09 . 2009-12-03 11:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-30 18:09 . 2009-11-11 09:07 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-30 18:09 . 2009-11-11 09:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-30 18:09 . 2009-12-03 11:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-16 08:46 . 2009-10-31 08:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-16 08:46 . 2009-12-05 08:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-16 08:46 . 2009-10-31 08:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-16 08:46 . 2009-12-05 08:19 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-16 08:46 . 2009-12-05 08:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-16 08:46 . 2009-10-31 08:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-25 10:37 . 2009-11-25 10:37 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2009-11-25 06:37 . 2009-08-11 16:58 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6002.22196_none_8a82c317ad5def05\msxml6r.dll
+ 2009-09-27 08:27 . 2009-09-27 08:27 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6002.18087_none_8a04f68294374ca1\msxml6r.dll
+ 2009-11-25 06:37 . 2009-08-11 17:04 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22492_none_88985007b03b3485\msxml6r.dll
+ 2009-09-27 08:27 . 2009-09-27 08:27 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18306_none_887403b096d0fe9e\msxml6r.dll
+ 2009-11-25 06:37 . 2009-08-10 12:51 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.21103_none_87143919b2caf4b4\msxml6r.dll
+ 2009-11-25 06:37 . 2009-08-10 13:05 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16903_none_868ac42c99ad21a8\msxml6r.dll
+ 2009-11-25 06:37 . 2009-08-11 16:58 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.22196_none_8a83076fad5da222\msxml3r.dll
+ 2009-09-27 09:38 . 2009-09-27 09:38 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18087_none_8a053ada9436ffbe\msxml3r.dll
+ 2009-11-25 06:37 . 2009-08-11 17:04 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22492_none_8898945fb03ae7a2\msxml3r.dll
+ 2009-09-27 09:38 . 2009-09-27 09:38 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18306_none_8874480896d0b1bb\msxml3r.dll
+ 2009-11-25 06:37 . 2009-08-10 12:51 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.21103_none_87147d71b2caa7d1\msxml3r.dll
+ 2009-11-25 06:37 . 2009-08-10 13:05 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16903_none_868b088499acd4c5\msxml3r.dll
+ 2009-11-25 10:38 . 2009-10-29 09:26 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22254_none_17855e4d1ffaeb7e\tzres.dll
+ 2009-11-25 10:38 . 2009-10-29 09:17 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18132_none_170f60c606cee124\tzres.dll
+ 2009-11-25 10:38 . 2009-10-29 09:44 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22552_none_159cebd122d663ac\tzres.dll
+ 2009-11-25 10:38 . 2009-10-29 09:41 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18351_none_15124cd609b9ad64\tzres.dll
+ 2009-11-25 10:38 . 2009-10-29 07:55 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.21150_none_13b482d325b1d628\tzres.dll
+ 2009-11-25 10:38 . 2009-10-29 07:59 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16947_none_133cdfd80c85988c\tzres.dll
+ 2009-09-27 07:41 . 2009-12-05 08:20 9166 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3859704966-3601974497-4018524651-1000_UserData.bin
- 2009-11-19 10:00 . 2009-11-19 10:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-12-05 08:19 . 2009-12-05 08:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-12-05 08:19 . 2009-12-05 08:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-11-19 10:00 . 2009-11-19 10:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 10:33 . 2009-11-18 06:47 595748 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-22 18:36 595748 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-11-18 06:47 105078 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-11-22 18:36 105078 c:\windows\System32\perfc009.dat
+ 2009-09-30 15:16 . 2009-12-05 08:19 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-09-30 15:16 . 2009-11-19 10:00 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-11-25 10:37 . 2009-11-25 10:37 429568 c:\windows\Installer\e7bd28.msi
+ 2009-11-25 10:37 . 2009-11-25 10:37 1348432 c:\windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5\msxml4.dll
+ 2009-11-25 06:37 . 2009-08-11 16:58 1401856 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6002.22196_none_8a82c317ad5def05\msxml6.dll
+ 2009-11-25 06:37 . 2009-08-11 16:44 1401856 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6002.18087_none_8a04f68294374ca1\msxml6.dll
+ 2009-11-25 06:37 . 2009-08-11 15:26 1401344 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22492_none_88985007b03b3485\msxml6.dll
+ 2009-11-25 06:37 . 2009-08-10 11:01 1399296 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18306_none_887403b096d0fe9e\msxml6.dll
+ 2009-11-25 06:37 . 2009-08-10 12:51 1409536 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.21103_none_87143919b2caf4b4\msxml6.dll
+ 2009-11-25 06:37 . 2009-08-10 13:05 1406464 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16903_none_868ac42c99ad21a8\msxml6.dll
+ 2009-11-25 06:37 . 2009-08-11 16:58 1248768 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.22196_none_8a83076fad5da222\msxml3.dll
+ 2009-11-25 06:37 . 2009-08-11 16:44 1248768 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18087_none_8a053ada9436ffbe\msxml3.dll
+ 2009-11-25 06:37 . 2009-08-11 15:25 1257472 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22492_none_8898945fb03ae7a2\msxml3.dll
+ 2009-11-25 06:37 . 2009-08-10 11:00 1257472 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18306_none_8874480896d0b1bb\msxml3.dll
+ 2009-11-25 06:37 . 2009-08-10 12:51 1260032 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.21103_none_87147d71b2caa7d1\msxml3.dll
+ 2009-11-25 06:37 . 2009-08-10 13:05 1260032 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16903_none_868b088499acd4c5\msxml3.dll
+ 2006-11-02 10:22 . 2009-11-25 10:42 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-11-18 11:15 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-20 22:05 . 2009-07-20 22:05 1348432 c:\windows\System32\msxml4.dll
+ 2009-09-30 21:32 . 2009-11-25 10:38 154400346 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-27 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe " [X]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-01-03 520192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]
c:\users\Grhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3e,de,14,62,83,45,ca,01
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [02.10.2009 16:11 64160]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [31.10.2009 21:53 5120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [27.09.2009 16:48 240232]
S2 DFServ;DFServ;c:\program files\Faronics\Deep Freeze\Install C-0\DFServ.exe --> c:\program files\Faronics\Deep Freeze\Install C-0\DFServ.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07.11.2009 17:32 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03.07.2009 16:49 1028432]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [09.09.2008 06:01 79144]
S3 FontCache;Windows Yazı Tipi Önbelleği Hizmeti;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [30.09.2009 16:50 21504]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.09.2005 07:01 2799808]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2009-11-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:10]
2009-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-07 15:32]
2009-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-07 15:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/tr
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {F711CC09-7C42-46FD-9193-E2A76D99E962} = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
AddRemove-Ad-Aware - c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
Completion time: 2009-12-05 11:27
ComboFix-quarantined-files.txt 2009-12-05 09:27
ComboFix2.txt 2009-11-22 08:46
ComboFix3.txt 2009-11-19 10:27
ComboFix4.txt 2009-10-05 14:17
Pre-Run: 116.094.558.208 bayt boş
Post-Run: 115.537.670.144 bayt boş
- - End Of File - - 058B03F4B6441876CA8E661CC462A8A2
Buda son istediğiniz Malwarebytes sonucu
Malwarebytes' Anti-Malware 1.41
Veritabanı sürümü: 3196
Windows 6.0.6002 Service Pack 2
15.12.2009 15:57:12
mbam-log-2009-12-15 (15-57-12).txt
Tarama biçimi: Gelişmiş Tarama (C:\|D:\|)
Taranan öğeler: 344370
Geçen süre: 1 hour(s), 3 minute(s), 19 second(s)
Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 0
Etkilenmiş Kayıt Değerleri: 0
Etkilenmiş Kayıt Verisi Öğeleri: 0
Etkilenmiş Klasörler: 0
Etkilenmiş Dosyalar: 0
Etkilenmiş Hafıza İşlemleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Hafıza Modülleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Anahtarları:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Değerleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Verisi Öğeleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Klasörler:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Dosyalar:
(Herhangi bir tehlikeli öğe bulunmadı)
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:13:27, on 15.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AvaFind\AvaFind.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\AHMET\Desktop\Dobby7.08.15.85.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\AHMET\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\tr-tr\msntb.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AvaFind] "C:\Program Files\AvaFind\AvaFind.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) -https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {63C1621C-0002-43CF-A41B-45EB90FD60CA} (frmMain Control) -http://bigbox.matriksdata.com/rt/BpProLight.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67D37A41-37B5-42CF-8E84-DEBDB30313DA} (bpTicker3.bpMain) -http://www.bigpara.com/rt/ticker/bpTicker3.CAB
O16 - DPF: {6DF707D6-65D8-48FE-BD74-C02F5C49B754} (XPiyasaDegerleri Control) -http://bigpara.ekolay.net/M1/PiyasaDegerleri.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 8071 bytes
-
quote:
Orijinalden alıntı: No62
hocam benim logada bir bakarsanız sevinirim
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.kralliklar.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O4 - HKLM\..\Run: [Ovt Wia] C:\Windows\OV530EM.exe
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
-
quote:
Orijinalden alıntı: Foxxly~
İstemiştin yeniden veriyorum logları
The Avenger adlı programı masaüstünüze indirin.
http://www.buraksonmez.com/dosyalar/avenger.exe
1. Aşağıda renkli yazılmış olan yazıların tamamını seçip CTRL+C basın ve kopyalayın.
Drivers to disable:
lbmqtjd
Drivers to delete:
lbmqtjd
Files to delete:
C:\Windows\System32\siszyd32.exe
C:\Windows\siszyd32.exe
2. Program ikonunun üzerine çift tıklayarak programı çalıştırın.
* Load Script altında Paste from Clipboard seçin.
* Execute butonuna basın.
* Program soru sorarsa Evet tıklayın.
3. Bilgisayarınız yeniden başlayacak. (2 kez yeniden başlayabilir) Daha sonra bir takım işlemler yapılacaktır.
4. Tarama işlemi bittikten sonra C:\avenger.txt olarak bir log dosyası yaratılacaktır. (Yedekleriniz C:\avenger\backup.zip dizininde olacaktır.)
5. C:\avenger.txt dosyasını mesajınıza ekleyerek bize gönderin.
Malwarebytes Antimalware adlı programı indirin.
http://www.buraksonmez.com/dosyalar/mbam-setup.exe
* Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
* Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
* Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
* Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
* Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
* Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
* Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
* Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
* Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.
NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.
-
quote:
Orijinalden alıntı: sato_re
dediğiniz gibi Baslat - calistir - gpedit.msc yazıp entera bastım ama sanırım Xp Home Edition da gpedit yok yani açmıyor windows tarafından bulunamıyor diyor
hijackThis raporu...
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
Bunu da fixledikten sonra dener misin?
quote:
Orijinalden alıntı: COLOGNEEE
Selam serji , herkese yetişemiyorsun bunu biliyorum ama sayfa 151 de 3 programında raporunu sundum benden tekrar yeni raporlar istemiştin , tekrar tarattım ve yeni raporlar sayfa 152 de mevcut.Yardımcı olabilir misin ? Teşekkür ederim.
Asagidakilerin diisnda bir problem gozukmuyor. Onlari fixledikten sonra tekrar dene eger sorun cozulmezse baska bir kullanici hesabinda dene bakalim cozulecek mi.
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
quote:
Orijinalden alıntı: ahniz
Üstadım durum hala aynı. Mümkünse bir cevap lütfen....
http://www.malwarebytes.org/mbam.php
Bir de buradan indirmeyi deneyin bakalım.
-
quote:
Orijinalden alıntı: desing
Serji Combofix logu aşağıda bakarsan sevinirim...
Log yarim gozukuyor tekrar ComboFix logu gonderir misin? Ayrica bir de MBAM ile taratip da.
quote:
Orijinalden alıntı: bozcaadalı
Yardımcı olursanız sevinirim
Bir problem gozukmuyor. Hlaa devam ediyor mu sorunlar? -
teşekkürler.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:11:46, on 15.12.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\ntvdm.exe
C:\Windows\system32\conime.exe
C:\Users\SERCAN\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://search.localstrike.com.ar/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://search.localstrike.com.ar/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://search.localstrike.com.ar/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://search.localstrike.com.ar/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://search.localstrike.com.ar/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://search.localstrike.com.ar/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3DD1E62-CA2D-45D7-9D4B-553C00B95AAB}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NanoServiceMain - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe
--
End of file - 4522 bytes
< Bu mesaj bu kişi tarafından değiştirildi sTaTicOcO -- 15 Aralık 2009; 20:14:40 >
-
quote:
Orjinalden alıntı:serji
quote:
Orijinalden alıntı: desing
Serji Combofix logu aşağıda bakarsan sevinirim...
Log yarim gozukuyor tekrar ComboFix logu gonderir misin? Ayrica bir de MBAM ile taratip da.
quote:
Orijinalden alıntı: bozcaadalı
Yardımcı olursanız sevinirim
Bir problem gozukmuyor. Hlaa devam ediyor mu sorunlar?
_____________________________
HijackThis Kayit Dosyasi Analizi. Sistem Performansinizi artirin ve Guvenliginizi saglayin.
Problem yok oldu nasıl oldu anlamadım teşekkür ederim ilgilendiğin için. -
EY İNTERNET EXLORER AÇILIŞ SAYFASINI DEĞİŞTİREMEYEN ARKADAŞLAR.
hacklendiniz mesela açılış sayfasıdeğiştirme solmuş giriş yapamıyorsunuz. Veya hp.com gibi inatçı giriş sayfaları sümük gibi yapışmış. veya porno yapışmış vs.
Başlat > Çalıştır > Regedit
başlat menüsünden çalıştırı seçiyoruz ve regedit yazıyorun.
Gelen pencerenin içine bir boş tıklayın.
CTRL ile birlikte F tuşuna bas. yani ara menüsü gelecek. yaz oraya "start page" tırnaklar yok tabi. registerde arıyoruz simdi. sana sümük gibi yapşan başlangıç sayfasını görene kadar f3 tuşu ile aynı aramayı tekrarla.
doğru Start Page yi bulunca sağdan çift tıklayarak bu anahtara girin. sonra istediğiniz adresi yazın. meselawww.google.com gibi.
böylece her zaman açılan varsayılan sayfanız bu olacaktır.
bunun için fazla dertlenmeyin. program falan kullanmayın.
yalnız pornolarda açılışta çalışan programlar koyarak bunu yapanlar var. bunun için msconfig başlangıç sekmesinden sürekli çalışan ilgili programı kapatıp sonra bu dediğim işlemi yapmanız gerekir.
aksi taktirde siz açılış sayfasını düzeltsenizde o bir sonraki açılışta yine değiştiriyor. Bu zinciri ise dediğim gibi kırabilirsiniz.
başarılar.
-
quote:
Orijinalden alıntı: sTaTicOcO
teşekkürler.
Rica ederim.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://search.localstrike.com.ar/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://search.localstrike.com.ar/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://search.localstrike.com.ar/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://search.localstrike.com.ar/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://search.localstrike.com.ar/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://search.localstrike.com.ar/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
-
Mesajda belirttiklerini fixledim serji. Buda Combofix Logu Bunada bi göz atsan sana zahmet..
ComboFix 09-12-09.04 - asf 17.12.2009 9:45.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.1.1254.90.1055.18.511.263 [GMT 2:00]
Running from: c:\documents and settings\asf\Desktop\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\reboot.txt
Infected copy of c:\windows\system32\qmgr.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\qmgr.dll
.
((((((((((((((((((((((((( Files Created from 2009-11-17 to 2009-12-17 )))))))))))))))))))))))))))))))
.
2009-12-10 06:23 . 2009-12-10 06:23 -------- d-----w- c:\program files\Common Files\Panda Software
2009-12-10 06:23 . 2009-12-09 06:49 38968 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2009-12-10 06:23 . 2009-12-09 06:49 178872 ----a-w- c:\windows\system32\drivers\PavProc.sys
2009-12-09 06:49 . 2007-09-28 11:24 83896 ----a-w- c:\windows\system32\drivers\pavdrv51.sys
2009-12-08 16:11 . 2009-12-08 16:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Panda Software
2009-12-08 16:11 . 2009-12-08 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\sentinel
2009-12-08 16:10 . 2009-12-08 16:10 248 ----a-w- c:\windows\system32\PavCPL.dat
2009-12-08 16:10 . 2009-12-08 16:10 -------- d-----w- c:\documents and settings\asf\Local Settings\Application Data\Panda Software
2009-12-08 16:10 . 2009-12-09 06:28 -------- d-----w- c:\windows\system32\PAV
2009-12-08 16:09 . 2007-02-15 18:02 50736 ----a-w- c:\windows\system32\avldr.dll
2009-12-08 16:08 . 2009-12-08 16:08 -------- d-----w- c:\program files\Panda Security
2009-12-08 15:22 . 2009-12-08 15:22 375808 ----a-w- c:\windows\system32\CF30423.exe
2009-12-05 09:02 . 2005-03-11 22:48 109568 ------w- c:\windows\system32\pxinsi64.exe
2009-12-05 09:02 . 2005-03-11 22:48 108544 ------w- c:\windows\system32\pxcpyi64.exe
2009-12-05 09:02 . 2005-03-11 22:28 151552 ------w- c:\windows\system32\pxwma.dll
2009-12-04 11:57 . 2009-12-04 11:57 -------- d-----w- c:\program files\mIRCTurk.Com
2009-11-21 17:37 . 2009-04-28 20:20 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-11-21 17:37 . 2009-04-28 20:20 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-11-21 17:37 . 2009-04-28 20:20 129520 ------w- c:\windows\system32\pxafs.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-16 15:49 . 2006-11-03 14:00 -------- d-----w- c:\documents and settings\asf\Application Data\AdobeUM
2009-12-08 16:08 . 2006-11-02 17:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-08 15:58 . 2009-04-07 15:26 -------- d-----w- c:\documents and settings\asf\Application Data\SUPERAntiSpyware.com
2009-12-08 15:58 . 2009-04-07 15:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-08 15:57 . 2008-10-06 12:27 -------- d-----w- c:\program files\Opera
2009-12-08 15:53 . 2006-12-13 14:42 -------- d-----w- c:\program files\Google
2009-12-02 06:57 . 2007-10-31 07:46 -------- d-----w- c:\documents and settings\asf\Application Data\MSN6
2009-11-03 08:36 . 2001-11-22 12:00 61484 ----a-w- c:\windows\system32\perfc01F.dat
2009-11-03 08:36 . 2001-11-22 12:00 369254 ----a-w- c:\windows\system32\perfh01F.dat
2009-02-19 16:02 . 2007-11-13 09:31 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-02-19 16:02 . 2007-11-13 09:31 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-02-19 16:02 . 2007-11-13 09:31 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-02-19 16:02 . 2007-11-13 09:31 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-02-19 16:02 . 2007-11-13 09:31 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-12-08_15.39.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-17 07:50 . 2009-12-17 07:50 16384 c:\windows\Temp\Perflib_Perfdata_73c.dat
+ 2009-11-27 18:12 . 2009-12-17 07:50 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 16:57 . 2009-12-08 15:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-11-02 16:57 . 2009-12-17 07:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-11-02 16:57 . 2009-12-17 07:50 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-11-02 16:57 . 2009-12-08 15:38 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-12-09 06:50 . 2007-06-06 09:43 83640 c:\windows\LastGood\System32\Drivers\pavdrv51.sys
+ 2007-01-11 08:45 . 2009-12-17 07:42 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2007-01-11 08:45 . 2009-12-08 15:25 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2006-11-02 17:45 . 2009-12-16 15:48 2320896 c:\windows\Installer\41abf.msi
- 2006-11-02 17:45 . 2009-12-08 13:40 2320896 c:\windows\Installer\41abf.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe -atboottime" [X]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 57344]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" [2007-10-04 455984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-15 18:02 50736 ----a-w- c:\windows\system32\avldr.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gemstrmw]
2004-09-15 13:28 24576 ----a-w- c:\windows\system32\gemstrmw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 09:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegTool]
2005-06-08 13:49 40960 ----a-w- c:\program files\Gemplus\GemSafe Libraries Admin\BIN\RegTool.exe
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [10.12.2009 08:23 38968]
R2 GemSAFE Card Server;GemSAFE Card Server;c:\program files\Gemplus\GemSafe Libraries Admin\BIN\GCardSrvNT.exe [01.06.2005 11:17 118784]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [10.12.2009 08:23 178872]
S0 bxttiavs;bxttiavs;c:\windows\System32\drivers\bxttiavs.sys --> c:\windows\System32\drivers\bxttiavs.sys [?]
S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [04.11.2006 12:15 61776]
S3 HLUSB;HYPER-LOCK USB Device Driver;c:\windows\system32\drivers\HLUSB.sys [03.11.2006 14:55 31904]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.tr/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files\Panda Security\Panda Antivirus 2008\pavlsp.dll
TCP: {8724AF9C-1AC7-4679-8693-161F8A748520} = 4.2.2.0,4.2.2.1
TCP: {D09057F0-B047-4A99-B5A5-EC2EA4EAC2AC} = 208.67.222.222,208.67.222.220
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {767379DD-E321-4C33-9AE6-775AB08E32E0} - hxxp://upload.mynet.com/WebmailImageUploader/Resource/ResimEkleme.cab
DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} - hxxps://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv27.CAB
FF - ProfilePath - c:\documents and settings\asf\Application Data\Mozilla\Firefox\Profiles\5yy7c25t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-Sweeper - c:\program files\History Sweeper\sweeper.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1 - c:\program files\Eset\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-12-17 09:51
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(572)
c:\windows\System32\ODBC32.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\avldr.dll
- - - - - - - > 'lsass.exe'(644)
c:\windows\System32\dssenh.dll
- - - - - - - > 'explorer.exe'(5708)
c:\windows\System32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
c:\program files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
c:\program files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\program files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\windows\System32\wdfmgr.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\SOUNDMAN.EXE
c:\program files\QuickTime\qttask.exe
c:\program files\Panda Security\Panda Antivirus 2008\WebProxy.exe
.
**************************************************************************
.
Completion time: 2009-12-17 09:57:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-17 07:57
ComboFix2.txt 2009-12-08 15:44
Pre-Run: 10.861.826.048 bayt boş
Post-Run: 11.545.796.608 bayt boş
winxpsp1_en_pro_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
- - End Of File - - 4F80EE296B1BE2373EEE290667D11790
-
Burak dediğin şeyleri yaptım bir kaç gün idare etti normal bi şekilde.
8.1 türkçe ve 8.5 i denedim hatta en son wml9 betayı da denedim.
Perfect Uninstaller'den sildikten sonra messengeri her seferinde tüm parçalarıyla birlikte.Windows Live call,suite vs,hatta local settingste microsofttaki windows live contacts ve messenger klasörlerini de siliyorum her seferinde düzelir mi acaba diye fakat.
Bi arkadasıma bi şarkı atmak istediğimde messenger hata falan vermeden çat diye düştü.tekrar login oldum,gelen kutuma tıkladım ve yine sorgusuz sualsiz uyarısız tekrardan gitti messenger,wllogin.msi diye bi programı manuel kurmayı deniyorum ve "Sistem Yöneticisi,bu yüklemeyi engelleyecek önlemler aldı" yazıyor.Yahu bilgisayarı bir tek ben kullanıyorum,normal yolla Live Messenger kullanamamın sebebi de 80070659 kodlu hata kodunun açıklamasında da Sistem Yöneticisi İlkeleri'nden bahsediyordu.Bu ilkelere nasıl ulaşılıyor?Nasıl değiştirebilirim.
Sonuç itibariyle Dosya paylaşamıyorum,e-posta gelen kutuma tıkladığımda,veya araçlardan herhangi bi kutuyu tiklemeye veya tiki kaldırmaya calısıtgımda her halükarda msn den atıyor hatasız falan bir anda.Bazen nadiren de olsa kafasına göre atıyor.
Ip işlemleri
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
