Yeni Kayıt
Konudaki Resimler
önceki
|
Hızlı 
Bildirim
HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (268. sayfa)
Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Taktikal Led USB ŞARJLI Ultra Güçlü Mini Boy El Feneri [Enerji Sınıfı A++] : Amazon.com.tr: Yapı Market
https://www.amazon.com.tr/gp/product/B09J5C4JB9?psc=1
22 sa. önce paylaşıldı
Daha Fazla 
Bu Konudaki Kullanıcılar:
Daha Az 
3 Misafir - 3 Masaüstü
Giriş
Mesaj
-
-
quote:
Orjinalden alıntı: kaptancortis
serji teşekkkür ederim , akşam ev deki pc nin raporunuda gönderirim :)
tabi ki bekliyorum.
quote:
Orjinalden alıntı: isyanatesi06
s.a. serji birde benim makinaya bak ta arızasını çözelim
Sorunu yazmamissin ama liste asagida. kolay gelsin.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.tvkolik.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =http://www.oyna55.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
-
quote:
Orjinalden alıntı: Golday
Görünürde virüs yok system32 hatası arada bir çıkıyordu şu an gözükmüyor inş. gözükmezde
son olması dileggiyle rapor
Buuyk cogunlugunu temizlemisiz fakat bir tanesi kalmis.
Combofix adli programi indirin.
http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
quote:
Orjinalden alıntı: teknocel
???
Daha once de yazmistim.
quote:
Orjinalden alıntı: serji
Firefox icin: Araclar - Ozel verileri temizle - kayitli form ve arama gecmisi isaretleyip sil tiklayin.
IE icin: Araclar - internet secenekleri - Gozatma gecmisi altinda sil - Formlari sil.
-
merhaba. öncelikle kolay gelsin serji. kısaca sorunu anlatayım. dakikada bir panda açıkken explorer'a korsanlık girişimi diye uyarı geliyor. masaüstüde degişti ss ekleyecgim. ayrıca internete girerken çok zorlanıyorum. açılış sayfam değişti. birde windows security alert veriyor. onunda ss sini eklemeye çalışacagım inan internete girerken çok zorluyor. bazen pc donuyor. sorunu çözebilirsen sana minnettar kalacagım kolay gelsin. çözemezsende canın sagolsun şimdiden teşekkürler.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48: VIRUS ALERT!, on 15.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\WINDOWS\system32\PnkBstrA.exe
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Documents and Settings\All Users\Application Data\hmhktwxc\bkfcrsfo.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\878RMTMon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TRKY-DnsAyar\TRKY-DnsAyar.exe
C:\WINDOWS\system32\brastk.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mfglaxmx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\avciman.exe
C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\psimreal.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HiJackThis.exe
C:\WINDOWS\878RMT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: rosqxvmn - {20D5F8AF-9FC4-494A-BF76-297EC26B4F06} - C:\WINDOWS\rosqxvmn.dll
O4 - HKLM\..\Run: [High Definition Audio Özellik Sayfası Kısayolu] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\878RMTMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TRKY-DnsAyar] C:\Program Files\TRKY-DnsAyar\TRKY-DnsAyar.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [d80b853e] rundll32.exe "C:\WINDOWS\system32\ocvrrltq.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetCom] C:\WINDOWS\system32\mfglaxmx.exe
O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - HKLM\..\Policies\Explorer\Run: [fbLdeupjbm] C:\Documents and Settings\All Users\Application Data\hmhktwxc\bkfcrsfo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HDD temperature.lnk = C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = D:\oyun\files\heroes of\registration\RegistrationReminder.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.04\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.04\MediaManager\grab.html
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -http://linkinpark972.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -http://cid-cb9aaab6c308a3d4.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) -http://www.live365.com/players/play365.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) -http://www.flatcast.com/de/download/NpFv415.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1056ED04-F5B7-4236-B645-513B70EE815D}: NameServer = 212.57.1.18,212.175.13.116,212.175.13.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{19AE2914-1E5D-4824-BC94-6F7C8CC12266}: NameServer = 212.57.1.18,212.175.13.116,212.175.13.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{22110FD4-E560-4CC7-B3F9-CA9A6A8590FB}: NameServer = 212.57.1.18,212.175.13.116,212.175.13.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E2ED1CD-76F8-448A-B314-BBC5BBAB11F0}: NameServer = 212.57.1.18,212.175.13.116,212.175.13.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{777E007D-4FC3-44F5-97C2-0BF7AB6743A0}: NameServer = 212.57.1.18,212.175.13.116,212.175.13.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{967B224A-EDFC-458A-8FBF-7AD55ED27F89}: NameServer = 212.57.1.18,212.175.13.116,212.175.13.115
O17 - HKLM\System\CS1\Services\Tcpip\..\{1056ED04-F5B7-4236-B645-513B70EE815D}: NameServer = 212.57.1.18,212.175.13.116,212.175.13.115
O17 - HKLM\System\CS2\Services\Tcpip\..\{1056ED04-F5B7-4236-B645-513B70EE815D}: NameServer = 212.57.1.17,212.57.1.18,212.175.13.116
O17 - HKLM\System\CS3\Services\Tcpip\..\{1056ED04-F5B7-4236-B645-513B70EE815D}: NameServer = 212.57.1.17,212.57.1.18,212.175.13.116
O20 - AppInit_DLLs: C:\WINDOWS\karna.dat
O21 - SSODL: ngwstxfd - {8D9D82EC-8B53-4E69-9A6B-FD9B817ED1E6} - C:\WINDOWS\ngwstxfd.dll
O21 - SSODL: qrbgltos - {2438235F-5FE6-4074-9B12-527E3A6754AB} - C:\WINDOWS\qrbgltos.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 14182 bytes
-
quote:
Orjinalden alıntı: linkin_park20
merhaba. öncelikle kolay gelsin serji. kısaca sorunu anlatayım. dakikada bir panda açıkken explorer'a korsanlık girişimi diye uyarı geliyor. masaüstüde degişti ss ekleyecgim. ayrıca internete girerken çok zorlanıyorum. açılış sayfam değişti. birde windows security alert veriyor. onunda ss sini eklemeye çalışacagım inan internete girerken çok zorluyor. bazen pc donuyor. sorunu çözebilirsen sana minnettar kalacagım kolay gelsin. çözemezsende canın sagolsun şimdiden teşekkürler.
Evet ciddi anlamda virus bulasmis sisteme. Insallah temizleyecegiz.
* HijackThis adlı programı açın.
* Do a system scan only seçeneğine tıklayın.
* Aşağıdaki satırları işaretleyin.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: rosqxvmn - {20D5F8AF-9FC4-494A-BF76-297EC26B4F06} - C:\WINDOWS\rosqxvmn.dll
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKLM\..\Run: [d80b853e] rundll32.exe "C:\WINDOWS\system32\ocvrrltq.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetCom] C:\WINDOWS\system32\mfglaxmx.exe
O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - HKLM\..\Policies\Explorer\Run: [fbLdeupjbm] C:\Documents and Settings\All Users\Application Data\hmhktwxc\bkfcrsfo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: ngwstxfd - {8D9D82EC-8B53-4E69-9A6B-FD9B817ED1E6} - C:\WINDOWS\ngwstxfd.dll
O21 - SSODL: qrbgltos - {2438235F-5FE6-4074-9B12-527E3A6754AB} - C:\WINDOWS\qrbgltos.dll
* CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı Adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.
-
malesef ctrl+alt+del yapılmıyor. görev yöneticiniz yönetici tarafından devre dışı bırakılmış diye uyarı geliyor. -
quote:
Orjinalden alıntı: linkin_park20
malesef ctrl+alt+del yapılmıyor. görev yöneticiniz yönetici tarafından devre dışı bırakılmış diye uyarı geliyor.
http://www.guvenlikuzmanim.com/index.php?act=article&code=view&id=11 -
serji hocam sanki azıcık rahatladı ama sorun hala devam diyor.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:30: VIRUS ALERT!, on 15.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\878RMTMon.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
D:\HiJackThis.exe
O4 - HKLM\..\Run: [High Definition Audio Özellik Sayfası Kısayolu] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\878RMTMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TRKY-DnsAyar] C:\Program Files\TRKY-DnsAyar\TRKY-DnsAyar.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HDD temperature.lnk = C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = D:\oyun\files\heroes of\registration\RegistrationReminder.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.04\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.04\MediaManager\grab.html
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -http://linkinpark972.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -http://cid-cb9aaab6c308a3d4.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) -http://www.live365.com/players/play365.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) -http://www.flatcast.com/de/download/NpFv415.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1056ED04-F5B7-4236-B645-513B70EE815D}: NameServer = 212.57.1.18,212.57.1.17,212.175.13.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{19AE2914-1E5D-4824-BC94-6F7C8CC12266}: NameServer = 212.57.1.18,212.57.1.17,212.175.13.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{22110FD4-E560-4CC7-B3F9-CA9A6A8590FB}: NameServer = 212.57.1.18,212.57.1.17,212.175.13.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E2ED1CD-76F8-448A-B314-BBC5BBAB11F0}: NameServer = 212.57.1.18,212.57.1.17,212.175.13.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{777E007D-4FC3-44F5-97C2-0BF7AB6743A0}: NameServer = 212.57.1.18,212.57.1.17,212.175.13.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{967B224A-EDFC-458A-8FBF-7AD55ED27F89}: NameServer = 212.57.1.18,212.57.1.17,212.175.13.115
O17 - HKLM\System\CS1\Services\Tcpip\..\{1056ED04-F5B7-4236-B645-513B70EE815D}: NameServer = 212.57.1.18,212.57.1.17,212.175.13.115
O17 - HKLM\System\CS2\Services\Tcpip\..\{1056ED04-F5B7-4236-B645-513B70EE815D}: NameServer = 212.57.1.17,212.57.1.18,212.175.13.116
O17 - HKLM\System\CS3\Services\Tcpip\..\{1056ED04-F5B7-4236-B645-513B70EE815D}: NameServer = 212.57.1.17,212.57.1.18,212.175.13.115
O20 - AppInit_DLLs: C:\WINDOWS\karna.dat
O21 - SSODL: ngwstxfd - {E664D645-EDC6-47EB-98BA-2DDC46144579} - C:\WINDOWS\ngwstxfd.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 8567 bytes
bu sefer file bu şekilde oluştu.
-
ev pc raporum bir bkarasan sevinirim...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:35:29, on 15.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mehmet selim\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
O1 - Hosts: 208.65.153.251 uk.youtube.com
O1 - Hosts: 208.65.153.253 de.youtube.com
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com
O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com
O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com
O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com
O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com
O1 - Hosts: 64.15.125.33 sjc-v94.sjc.youtube.com
O1 - Hosts: 64.15.125.34 sjc-v95.sjc.youtube.com
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ey DSL! 2.0.lnk = C:\Program Files\Shenturk\Ey DSL! 2.0\EyDSL.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) -https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220039441984
O16 - DPF: {D0BB3ACE-4ED3-4D65-BB86-1A0C6CAF351F} (AvaLaunch Control) -http://212.175.239.246:81/avaLaunch94.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 12035 bytes
-
quote:
Orjinalden alıntı: linkin_park20
serji hocam sanki azıcık rahatladı ama sorun hala devam diyor.
bu sefer file bu şekilde oluştu.
Henuz islemler bitmedi.
Combofix adli programi indirin.
http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
-
quote:
Orjinalden alıntı: kaptancortis
ev pc raporum bir bkarasan sevinirim...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
-
combofix raporu:
ComboFix 08-10-15.06 - admi 2008-10-16 12:46:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.1.1055.18.653 [GMT 3:00]
Running from: C:\Documents and Settings\admi\Desktop\ComboFix.exe
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\bLVDNXbc.ini
C:\WINDOWS\system32\bLVDNXbc.ini2
C:\WINDOWS\system32\cbXNDVLb.dll
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\brastk.exe
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\body.gif
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\capt2.gif
C:\WINDOWS\privacy_danger\images\red.gif
C:\WINDOWS\privacy_danger\images\text.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\fjboyvlf.dll
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\igdpyp.dll
C:\WINDOWS\system32\iljayf.dll
C:\WINDOWS\system32\ioexowlc.dll
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\medup020.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\nlrurobt.ini
C:\WINDOWS\system32\ocvrrltq.dll
C:\WINDOWS\system32\ododsrtu.dll
C:\WINDOWS\system32\pmnnLBsT.dll
C:\WINDOWS\system32\pmnoLFxX.dll.vir
C:\WINDOWS\system32\qtlrrvco.ini
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\snrxdbuj.dll.vir
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\tborurln.dll
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\TsBLnnmp.ini
C:\WINDOWS\system32\TsBLnnmp.ini2
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbzmgj.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\system32\XxFLonmp.ini
C:\WINDOWS\system32\XxFLonmp.ini2
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_OREANS32
-------\Service_NPF
-------\Service_oreans32
((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))
.
2008-10-15 21:37 . 2008-10-15 21:37 <DIR> d-------- C:\Program Files\Common Files\Panda Security
2008-10-15 18:41 . 2008-10-15 18:41 <DIR> d-------- C:\Program Files\Trojan Remover
2008-10-15 18:41 . 2008-10-15 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-10-15 18:41 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-10-15 18:41 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-10-15 18:41 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-10-15 18:41 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-10-15 18:41 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-10-15 18:36 . 2007-03-06 16:33 12,336 --a------ C:\WINDOWS\system32\PGUNNT.EXE
2008-10-15 18:07 . 2008-10-15 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-15 17:42 . 2008-10-15 21:20 717 --a------ C:\WINDOWS\system32\wini104552664.exe
2008-10-15 17:39 . 2008-10-16 03:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\hmhktwxc
2008-10-15 17:39 . 2008-10-15 17:39 86,016 --a------ C:\WINDOWS\system32\mfglaxmx.exe
2008-10-15 17:39 . 2008-10-15 17:39 40,448 --a------ C:\WINDOWS\system32\yayvWNfe.dll
2008-10-15 17:39 . 2008-10-15 17:39 40,448 --a------ C:\WINDOWS\system32\geBuVnlL.dll
2008-10-15 17:38 . 2008-10-15 14:01 364,544 --a------ C:\WINDOWS\grfxbanoxvd.dll.XXX
2008-10-15 17:38 . 2008-10-15 14:01 266,240 --a------ C:\WINDOWS\qrbgltos.dll.XXX
2008-10-15 17:38 . 2008-10-15 14:01 225,280 --a------ C:\WINDOWS\ngwstxfd.dll.XXX
2008-10-15 17:38 . 2008-10-15 14:01 212,992 --a------ C:\WINDOWS\rosqxvmn.dll.XXX
2008-10-15 17:38 . 2008-10-15 14:01 94,208 --a------ C:\WINDOWS\efgv.exe.XXX
2008-10-15 17:38 . 2008-10-15 14:01 86,016 --a------ C:\WINDOWS\lomxeqsn.exe.XXX
2008-10-15 17:33 . 2005-02-08 15:12 2,670,592 --------- C:\WINDOWS\UNNMP.exe
2008-10-15 17:33 . 2005-07-27 12:08 49,655 --------- C:\WINDOWS\UNNMP.cfg
2008-10-15 17:31 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-10-15 17:30 . 2008-10-15 17:30 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-10-15 17:30 . 2004-11-18 00:29 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-10-15 17:30 . 2004-11-18 00:29 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-10-12 13:15 . 2008-10-12 13:15 <DIR> d-------- C:\Program Files\BearShare Applications
2008-10-12 13:15 . 2008-10-12 14:01 <DIR> d-------- C:\Documents and Settings\admi\Application Data\BearShare
2008-10-12 13:15 . 2007-11-22 17:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-10-09 22:18 . 2008-10-09 22:18 279,712 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-10-09 22:18 . 2008-10-09 22:18 25,888 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-10-09 22:16 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
2008-10-09 22:16 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
2008-10-09 22:16 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
2008-10-09 22:16 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
2008-10-09 22:14 . 2008-10-09 22:14 <DIR> d-------- C:\WINDOWS\Logs
2008-10-09 12:39 . 2008-10-09 12:39 1 --a------ C:\WINDOWS\system32\SI.bin
2008-10-02 13:37 . 2008-10-02 13:37 <DIR> d-------- C:\Program Files\uTorrent
2008-09-21 14:25 . 2008-10-11 20:13 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-09-18 20:04 . 2008-10-11 20:18 <DIR> d-------- C:\Program Files\Macromedia
2008-09-18 20:03 . 2008-10-11 20:17 <DIR> d-------- C:\WINDOWS\Downloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 18:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-15 18:17 --------- d-----w C:\Program Files\Panda Security
2008-10-15 18:17 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-10-15 16:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-15 14:44 --------- d-----w C:\Program Files\Winamp
2008-10-15 14:44 --------- d-----w C:\Program Files\TRKY-DnsAyar
2008-10-15 14:44 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-10-15 14:40 --------- d-----w C:\Documents and Settings\admi\Application Data\uTorrent
2008-10-15 14:34 --------- d-----w C:\Program Files\Nero
2008-10-15 14:33 --------- d-----w C:\Program Files\Ahead
2008-10-15 11:55 --------- d-----w C:\Program Files\HP
2008-10-15 00:36 --------- d-----w C:\Program Files\Ares
2008-10-15 00:29 --------- d-----w C:\Program Files\DAEMON Tools
2008-10-14 23:15 --------- d-----w C:\Program Files\Common Files\Nero
2008-10-14 16:48 --------- d-----w C:\Program Files\Turksportal Masaüstü 2008
2008-10-12 18:00 --------- d-----w C:\Program Files\MessengerDiscovery
2008-10-12 16:30 --------- d-----w C:\Program Files\SiberSozluk
2008-10-11 21:07 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-10-11 17:11 --------- d-----w C:\Program Files\Turksportal Football Manager 2007 Türkçe
2008-10-11 10:30 --------- d-----w C:\Program Files\Warcraft III
2008-10-11 09:53 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-10-10 16:22 --------- d-----w C:\Program Files\LimeWire
2008-10-10 16:21 --------- d-----w C:\Program Files\GENESIS TV
2008-10-10 16:18 --------- d-----w C:\Documents and Settings\admi\Application Data\Lavasoft
2008-10-07 15:16 --------- d-----w C:\Program Files\3D Photo Browser
2008-10-02 22:55 --------- d-----w C:\Documents and Settings\admi\Application Data\LimeWire
2008-09-23 12:38 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-09-13 18:09 --------- d-----w C:\Program Files\ReaSoft
2008-09-13 18:09 --------- d-----w C:\Documents and Settings\admi\Application Data\ReaSoft
2008-09-13 17:19 --------- d-----w C:\Documents and Settings\admi\Application Data\Mootools
2008-09-13 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-09-09 19:59 --------- d-----w C:\Program Files\Sun
2008-09-09 19:59 --------- d-----w C:\Program Files\Java
2008-09-01 18:30 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-09-01 18:30 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-01 18:30 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-01 18:25 22,328 ----a-w C:\Documents and Settings\admi\Application Data\PnkBstrK.sys
2008-08-29 16:15 --------- d-----w C:\Documents and Settings\admi\Application Data\My Battle for Middle-earth(tm) II Files
2008-08-28 16:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-24 19:06 --------- d-----w C:\Program Files\SopCast
2008-08-22 21:44 --------- d-----w C:\Documents and Settings\admi\Application Data\Nero
2008-08-22 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-08-16 10:12 --------- d-----w C:\Program Files\DC++
2008-08-16 10:07 --------- d-----w C:\Program Files\RevConnect
2008-08-16 08:44 --------- d-----w C:\Documents and Settings\admi\Application Data\Azureus
2008-08-14 12:42 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2006-12-11 14:38 81,920 ----a-w C:\Documents and Settings\admi\Application Data\ezpinst.exe
2006-12-11 14:38 47,360 ----a-w C:\Documents and Settings\admi\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCE97A72-640B-4DED-923F-8196FC01F76B}]
2008-10-15 17:39 40448 --a------ C:\WINDOWS\system32\yayvWNfe.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-07-23 5724184]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" [2005-02-26 212992]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"TV Card Remote Control Device Monitor"="C:\WINDOWS\878RMTMon.exe" [2005-07-14 352256]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-21 35328]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"TRKY-DnsAyar"="C:\Program Files\TRKY-DnsAyar\TRKY-DnsAyar.exe" [2006-03-12 221184]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-10-09 967048]
"High Definition Audio Özellik Sayfası Kısayolu"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 C:\WINDOWS\RTHDCPL.exe]
C:\Documents and Settings\admi\Start Menu\Programlar\BaŸlang‡\
HDD temperature.lnk - C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe [2004-11-24 657920]
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-05-15 479232]
C:\Documents and Settings\All Users\Start Menu\Programlar\BaŸlang‡\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{BCE97A72-640B-4DED-923F-8196FC01F76B}"= "C:\WINDOWS\system32\yayvWNfe.dll" [2008-10-15 40448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvWNfe]
2008-10-15 17:39 40448 C:\WINDOWS\system32\yayvWNfe.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\karna.dat igdpyp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7096:TCP"= 7096:TCP:BitComet 7096 TCP
"7096:UDP"= 7096:UDP:BitComet 7096 UDP
"12242:TCP"= 12242:TCP:BitComet 12242 TCP
"12242:UDP"= 12242:UDP:BitComet 12242 UDP
"17192:TCP"= 17192:TCP:BitComet 17192 TCP
"17192:UDP"= 17192:UDP:BitComet 17192 UDP
"19518:TCP"= 19518:TCP:BitComet 19518 TCP
"19518:UDP"= 19518:UDP:BitComet 19518 UDP
"12364:TCP"= 12364:TCP:BitComet 12364 TCP
"12364:UDP"= 12364:UDP:BitComet 12364 UDP
"23232:TCP"= 23232:TCP:BitComet 23232 TCP
"23232:UDP"= 23232:UDP:BitComet 23232 UDP
"4662:TCP"= 4662:TCP:emule
"4672:UDP"= 4672:UDP:emule
"58023:TCP"= 58023:TCP:Pando P2P TCP Listening Port
"58023:UDP"= 58023:UDP:Pando P2P UDP Listening Port
R2 878TVCard;Bt878 TV Card - Video Capture;C:\WINDOWS\system32\drivers\Bt878.sys [2005-09-05 214692]
R2 878TVTuner;Bt878 TV Card - TV Tuner;C:\WINDOWS\system32\drivers\BtTuner.sys [2005-09-05 11392]
R2 878Xbar;Bt878 TV Card - Crossbar;C:\WINDOWS\system32\drivers\BtXbar.sys [2005-09-05 8448]
R2 HDDTService;HDD Temperature;C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe [2004-11-24 384512]
S3 dTVdrvNT;dTVdrvNT;C:\WINDOWS\system32\dTVdrvNT.sys [2001-02-20 12188]
S3 XDva136;XDva136;C:\WINDOWS\system32\XDva136.sys [ ]
.
- - - - ORPHANS REMOVED - - - -
BHO-{356BA87C-1381-49F0-8433-A323B1ED1AC8} - C:\WINDOWS\system32\pmnnLBsT.dll
BHO-{55ECC7AA-73AF-4249-B593-FF49C9D8D1B8} - C:\WINDOWS\system32\cbXNDVLb.dll
BHO-{766eca1f-7686-4814-9d3e-7bc92c1933e2} - C:\WINDOWS\system32\igdpyp.dll
HKCU-Run-ares - C:\Program Files\Ares\Ares.exe
HKLM-Run-d80b853e - C:\WINDOWS\system32\tborurln.dll
SSODL-ngwstxfd-{524EA09C-B478-41D8-8168-8D6899BD8E43} - C:\WINDOWS\ngwstxfd.dll
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\admi\Application Data\Mozilla\Firefox\Profiles\tip8itxk.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://search.bearshare.com/tr/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2008-10-16 12:51:35
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = C:\WINDOWS\878RMTMon.exe????????????????T?a??F:?m?a?????????????????????????????????????????x?:??????A:?????????????????x?:??????F:?????????T?a?x?:?m?a????????????????|?E:?X???????????????????????????????????????????????????x?:?????T?a?h?o?m?a?????X?????A????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDDTService]
"ImagePath"="C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe /startedbyscm:916B11C7-40E287F3-HDDTService"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\SYSTEM32\winlogon.exe
-> C:\WINDOWS\SYSTEM32\yayvWNfe.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-10-16 12:57:02 - machine was rebooted [admi]
ComboFix-quarantined-files.txt 2008-10-16 09:56:56
Pre-Run: 16,928,382,976 bayt boş
Post-Run: 17,105,592,320 bayt boş
346 --- E O F --- 2008-09-10 17:02:05
çok sagol serji yardımların için.
-
serji şu loga bir bakarmısın bir sorun varmı?
ben en son şu otomatik güncelleştirmelerden internet explorer 7 yi yüklettirdim sonra internet explorer internete girmemeye başladı.
internet explorer 7 den olabilir dedim. Kaldırdım internet explorer 7 yi hala giremiyor. Sayfa görüntülenemiyor diyor. Kırmızı çerçeve içinde
"Ağ bağlantı sorunlarını gidermeyi denemek için, Araçlar'ı ve sonra "Bağlantı Sorunlarını Tanıla..." öğesini tıklatın."
yazıyor birde.
Dediği yere tıklıyorum ağ bağlantısında sorun bulunamadı diyor.
Fakat mozilladan internete girebiliyorum. Şimdi benim bu internet explorer yi düzeltmem gerek ne yapıcam?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:01:19, on 16.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bakır\Desktop\HiJackThis.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang TR
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min /nosplash
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} (JaguarEditControl-ISBANK) -https://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv27.CAB
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) -https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 4505 bytes
< Bu mesaj bu kişi tarafından değiştirildi Sirkadyen -- 16 Ekim 2008; 14:09:13 >
-
Arkadaşım merhaba. Bilgisayarıma bir virüs girdi ne yaptıysam silemedim. SİSTEM GERİ YÜKLEME YAPAMIYORUM. Geri yükleme tamamlanamadı diyor. Nod32 ile bilgisayarı taradım ve birkaç virüs temizledi ama nasifle.. Daha sonra combofix ile taradım yine nafile yok.. Klasörlerimde gezinirken bir pencere açılıyor. virüs var şu programı indir idye bişeyler yazıyor..
Güvenli kipte virüs taraması yapmadım. Yardımcı olabilirseniz inanın çok sevinirim.. geleceğim sizin ellerinizde... :(
combofix raporu:
ComboFix 08-10-15.08 - hayri 2008-10-16 14:11:13.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.1.1055.18.551 [GMT 3:00]
Running from: D:\install\ComboFix.exe
* Created a new restore point
* Resident AV is active
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\4PUPQPPPPPfmis
C:\WINDOWS\4PUPQPPPPPfmis\00000000000000000000.DLL
C:\WINDOWS\4PUPRPPPPPfmis
C:\WINDOWS\4PUPRPPPPPfmis\00000000000000000000.DLL
C:\WINDOWS\k.txt
C:\WINDOWS\system32\4PUPQPPPPPfmis
C:\WINDOWS\system32\4PUPQPPPPPfmis\00000000000000000000.DLL
C:\WINDOWS\system32\4PUPRPPPPPfmis
C:\WINDOWS\system32\4PUPRPPPPPfmis\00000000000000000000.DLL
.
((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))
.
2008-10-15 21:21 . 2008-10-15 21:21 <DIR> d-------- C:\WINDOWS\PrimoPDF4
2008-10-15 21:21 . 2006-12-11 23:12 176,235 --a------ C:\WINDOWS\system32\Primomonnt.dll
2008-10-15 16:42 . 2008-09-15 18:25 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 16:42 . 2008-09-08 13:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 16:41 . 2008-08-14 16:23 2,191,104 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 16:41 . 2008-08-14 16:23 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 16:41 . 2008-08-14 16:23 2,067,968 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 16:41 . 2008-08-14 16:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 15:32 . 2008-10-15 15:32 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-10-15 15:22 . 2008-10-15 15:22 61,440 --a------ C:\WINDOWS\system32\mipinu.dll
2008-10-15 14:54 . 2008-10-15 14:54 81 --------- C:\WINDOWS\WB.ini
2008-10-15 14:50 . 2008-04-26 16:14 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-10-06 19:51 . 2008-10-06 19:51 <DIR> d-------- C:\Program Files\GRETECH
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 13:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\services
2008-10-12 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-10-09 05:35 --------- d-----w C:\Documents and Settings\hayri\Application Data\LimeWire
2008-10-08 21:01 --------- d-----w C:\Program Files\Common Files\Schneider Electric Shared
2008-10-08 20:25 --------- d-----w C:\Program Files\Schneider Electric
2008-10-08 20:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-08 19:31 --------- d-----w C:\Documents and Settings\hayri\Application Data\OpenOffice.org2
2008-09-15 15:25 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-07 23:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-07 21:14 --------- d-----w C:\Program Files\MSN Messenger
2008-09-07 20:02 --------- d-----w C:\Program Files\Windows Live
2008-09-04 21:42 --------- d-----w C:\Program Files\iTunes
2008-09-04 21:42 --------- d-----w C:\Documents and Settings\hayri\Application Data\Apple Computer
2008-09-04 21:41 --------- d-----w C:\Program Files\QuickTime
2008-09-04 21:41 --------- d-----w C:\Program Files\iPod
2008-09-04 21:41 --------- d-----w C:\Program Files\Bonjour
2008-09-04 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-04 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-08-25 21:26 --------- d-----w C:\Program Files\GNU
2008-08-20 05:09 665,600 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-19 10:48 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-08-14 13:23 2,191,104 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,067,968 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-21 09:54 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-07-21 07:46 24,576 ----a-w C:\WINDOWS\system32\comremo.dll
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2004-08-08 07:48 520 --sh--w C:\WINDOWS\system32\vlhxaklo.sys
.
((((((((((((((((((((((((((((( snapshot_2008-10-15_15.45.52.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-20 05:07:26 3,088,896 ----a-w C:\WINDOWS\$hf_mig$\KB956390\SP3QFE\mshtml.dll
+ 2008-08-20 05:07:23 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB956390\SP3QFE\shdocvw.dll
+ 2008-08-20 05:07:24 619,520 ----a-w C:\WINDOWS\$hf_mig$\KB956390\SP3QFE\urlmon.dll
+ 2008-08-20 05:07:24 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB956390\SP3QFE\wininet.dll
+ 2007-11-30 11:21:50 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB956390\spmsg.dll
+ 2007-11-30 11:21:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB956390\spuninst.exe
+ 2007-11-30 11:21:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB956390\update\spcustom.dll
+ 2007-11-30 12:41:01 756,600 ----a-w C:\WINDOWS\$hf_mig$\KB956390\update\update.exe
+ 2007-11-30 12:41:01 386,424 ----a-w C:\WINDOWS\$hf_mig$\KB956390\update\updspapi.dll
+ 2008-08-14 13:23:18 2,147,328 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:23:23 2,067,968 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:23:17 2,025,984 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:23:23 2,191,104 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 18:21:52 473,600 ----a-w C:\WINDOWS\PrimoPDF4\uninstall.exe
- 2008-06-20 11:40:08 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-08-14 10:04:36 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-06-23 15:10:11 3,088,384 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-08-20 05:09:45 3,088,896 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-06-26 08:13:09 1,499,136 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-08-20 05:09:44 1,499,136 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-06-26 08:13:09 619,008 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-08-20 05:09:44 619,008 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-06-23 15:10:12 665,600 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-08-20 05:09:44 665,600 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
- 2008-08-23 11:35:06 177,856 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-16 09:45:01 177,856 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-06-23 15:10:11 3,088,384 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-08-20 05:09:45 3,088,896 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-10-15 14:20:51 67,544 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
- 2008-06-26 08:13:09 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-08-20 05:09:44 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-11-30 12:41:01 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:21:50 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-11-06 21:55:04 106,256 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\ps5ui.dll
+ 2006-11-06 21:55:05 383,248 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\pscript5.dll
- 2008-06-26 08:13:09 619,008 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-08-20 05:09:44 619,008 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-10-16 09:46:37 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_46c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-17 08:05 210168 D:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-12-01 21:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2008-08-04 12:11 2841824 C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 19:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 12:29 2007088 D:\Program Files\FlashGet\flashget.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-03 23:30 133104 C:\Documents and Settings\hayri\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 19:00 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
--a------ 2008-07-21 12:54 949376 C:\Program Files\ESET\nod32kui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
--a------ 2007-10-19 13:28 202032 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S7UB Start]
--a------ 2006-03-13 21:59 102453 C:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-01-12 14:36 827392 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-07-09 17:16 36352 D:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
--a------ 2008-04-14 19:00 177152 C:\WINDOWS\system32\mqrt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Common Files\\Siemens\\SQLANY\\dbsrv7.exe"=
"D:\\Program Files\\Siemens\\Step7\\S7BIN\\S7tgtopx.exe"=
"D:\\Program Files\\Siemens\\Step7\\S7INF\\S7usiapx.exe"=
"C:\\Program Files\\H-Designer\\v6.2.1\\H-Designer.exe"=
"D:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\FlashGet\\flashget.exe"=
R2 almservice;Automation License Manager Service;C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe [2007-07-26 770110]
R2 CCAgent;CCAgent;C:\Program Files\Common Files\Siemens\Ace\bin\CCAgent.EXE [2007-08-28 274499]
R2 CCEServer;CCEServer;C:\Program Files\Common Files\Siemens\ACE\Bin\CCEServer.exe [2007-08-28 200773]
R2 Dpmtrcdd;Dpmtrcdd;C:\WINDOWS\system32\DRIVERS\dpmtrcdd.sys [2006-02-14 28299]
R2 MsDtsServer;SQL Server Integration Services;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2006-05-09 203552]
R2 MSSQL$WINCC;SQL Server (WINCC);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-05-09 28938072]
R2 NA_Service;NetAccess Service;C:\WINDOWS\system32\NA_Service.exe [2005-09-13 49152]
R2 RedundancyControl;RedundancyControl;C:\Program Files\Common Files\Siemens\ace\bin\RedundancyControl.exe [2007-08-28 331853]
R2 RedundancyState;RedundancyState;C:\Program Files\Common Files\Siemens\ace\bin\RedundancyState.exe [2007-08-28 131147]
R2 s7asysvx;S7 Global Services;D:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe [2006-03-13 69685]
R2 s7oiehsx;SIMATIC IEPG Help Service;C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [2007-08-28 208968]
R2 s7snsrtx;PROFINET IO RT-Protocol;C:\WINDOWS\system32\DRIVERS\s7snsrtx.sys [2007-07-30 71168]
R2 S7TraceServiceX;S7TraceServiceX;C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [2007-03-22 163840]
R2 SCSMonitor;SCSMonitor;C:\Program Files\Common Files\Siemens\ace\bin\SCSMX.exe [2007-08-28 122945]
R2 SNTIE;SIMATIC Industrial Ethernet (ISO);C:\WINDOWS\system32\DRIVERS\sntie.sys [2007-08-10 328192]
R2 SSCService;SIMATIC Security Control Service;C:\Program Files\Common Files\Siemens\SimaticSecurityControl\ssc_service_x.exe [2007-07-17 339968]
R2 UsbConnect;Usb PLC;C:\WINDOWS\system32\UsbConnect.exe [2004-03-26 61440]
R3 Duntlw;UNTLW device;C:\WINDOWS\system32\Drivers\DuntlwNT.sys [2006-02-24 53568]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
S2 XipConnect;Xway TCP/IP;C:\WINDOWS\system32\XipConnect.exe [2004-03-26 61440]
S3 CCEClient;CCEClient;C:\Program Files\Common Files\Siemens\ACE\Bin\CCEClient.exe [2007-08-28 229445]
S3 CCPerfMon;CCPerfMon;C:\Program Files\Common Files\Siemens\bin\CCPerfMon.exe [2007-07-19 159809]
S3 plcusb;usb Cable for PLC;C:\WINDOWS\system32\DRIVERS\plcusb.sys [2005-03-29 52576]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;C:\WINDOWS\system32\drivers\s7oefs_x.sys [2002-10-18 30512]
S3 SQLAgent$WINCC;SQL Server Agent (WINCC);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2006-04-14 319776]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c1e332e-62bc-11dd-93e7-0016d4305909}]
\shell\explore\Command - G:\boot.exe
\shell\open\Command - G:\boot.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71fc2b4a-80ee-11dd-9425-0016d4305909}]
\shell\explore\Command - G:\boot.exe
\shell\open\Command - G:\boot.exe
.
Contents of the 'Scheduled Tasks' folder
2008-10-15 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\hayri\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 23:30]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\hayri\Application Data\Mozilla\Firefox\Profiles\agjbiczp.default\
FF -: plugin - C:\Documents and Settings\hayri\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - D:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2008-10-16 14:13:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-10-16 14:14:08
ComboFix-quarantined-files.txt 2008-10-16 11:13:48
ComboFix2.txt 2008-10-15 13:00:22
ComboFix3.txt 2008-10-15 12:46:26
ComboFix4.txt 2008-09-02 20:30:42
ComboFix5.txt 2008-10-16 11:10:34
Pre-Run: 2,865,508,352 bayt boş
Post-Run: 2,862,149,632 bayt boş
255 --- E O F --- 2008-10-16 08:54:19
hijackthis raporu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:26, on 2008-10-16
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Siemens\Ace\bin\CCAgent.EXE
C:\Program Files\Common Files\Siemens\ACE\Bin\CCEServer.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\NA_Service.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\Program Files\Common Files\Siemens\ace\bin\RedundancyControl.exe
C:\Program Files\Common Files\Siemens\ace\bin\RedundancyState.exe
D:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
C:\Program Files\Common Files\Siemens\ace\bin\SCSMX.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Common Files\Siemens\SimaticSecurityControl\ssc_service_x.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UsbConnect.exe
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
C:\WINDOWS\system32\usbconsole.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\hayri\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CCAgent - SIEMENS AG - C:\Program Files\Common Files\Siemens\Ace\bin\CCAgent.EXE
O23 - Service: CCEClient - SIEMENS AG - C:\Program Files\Common Files\Siemens\ACE\Bin\CCEClient.exe
O23 - Service: CCEServer - SIEMENS AG - C:\Program Files\Common Files\Siemens\ACE\Bin\CCEServer.exe
O23 - Service: CCPerfMon - SIEMENS AG - C:\Program Files\Common Files\Siemens\bin\CCPerfMon.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: RedundancyControl - SIEMENS AG - C:\Program Files\Common Files\Siemens\ace\bin\RedundancyControl.exe
O23 - Service: RedundancyState - SIEMENS AG - C:\Program Files\Common Files\Siemens\ace\bin\RedundancyState.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - D:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: S7TraceServiceX - SIEMENS AG - C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
O23 - Service: SCSMonitor - SIEMENS AG - C:\Program Files\Common Files\Siemens\ace\bin\SCSMX.exe
O23 - Service: SIMATIC Security Control Service (SSCService) - SIEMENS AG - C:\Program Files\Common Files\Siemens\SimaticSecurityControl\ssc_service_x.exe
O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINDOWS\system32\UsbConnect.exe
O23 - Service: Xway TCP/IP (XipConnect) - Schneider Automation - C:\WINDOWS\system32\XipConnect.exe
--
End of file - 5405 bytes
yardımcı olabilirsenin inanın çok sevinirim. teşekkür ederim kolay gelsin.
-
Serji laptop birden sürekli takılmalar yapmaya başladı..
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\APPS\Powercinema\PCMService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\EliNTeR\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [High Definition Audio Özellik Sayfası Kısayolu] HDAShCut.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) -http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9431 bytes
-
İlgili arkadaşlar benim de log dosyama bakarsanız sevinirim.. çok güzel bir topic oldu bu.. emei geçen herkesin eline salık diyorum..
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\WService.EXE
C:\Program Files\Anti Sansur\antisansur.exe
C:\Windows\System32\Shutdown\svchost.exe
C:\Windows\System32\Shutdown\sxe26.tmp
C:\WINDOWS\system32\nvsvc32.exe
D:\oyun\kurulumlar\medal of honnor\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\alihaydar\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://www.avast.com/go.php?verb=register-home&lang=tur
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O1 - Hosts: 208.217.256.90 testtesttest.com
O1 - Hosts: 208.117.236.71 youtube.com
O1 - Hosts: 208.117.236.71www.youtube.com
O1 - Hosts: 208.117.236.71 au.youtube.com
O1 - Hosts: 208.117.236.71 ca.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [antisansur] C:\Program Files\Anti Sansur\antisansur.exe
O4 - HKCU\..\Run: [MyApp] C:\Windows\System32\Shutdown\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - Unknown owner - C:\WINDOWS\ATKKBService.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\oyun\kurulumlar\medal of honnor\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
-
burak dostum benim pc göçtü 
işe gelirken bilgisayarcıya bıraktım. artık sorun kalmadı anlayacağın
-
quote:
Orjinalden alıntı: linkin_park20
combofix raporu:
çok sagol serji yardımların için.
Rica ederim.
The Avenger adlı programı masaüstünüze indirin.
http://www.guvenlikuzmanim.com/dosyalar/avenger.exe
1. Aşağıda yazılmış olan yazıların tamamını seçip CTRL+C basın ve kopyalayın.
Files to delete:
C:\WINDOWS\karna.dat
C:\WINDOWS\igdpyp.dll
C:\WINDOWS\system32\igdpyp.dll
C:\WINDOWS\system32\yayvWNfe.dll
2. Program ikonunun üzerine çift tıklayarak programı çalıştırın.
* Load Script altında Paste from Clipboard seçin.
* Execute butonuna basın.
* Program soru sorarsa Evet tıklayın.
3. Bilgisayarınız yeniden başlayacak. (2 kez yeniden başlayabilir) Daha sonra bir takım işlemler yapılacaktır.
4. Tarama işlemi bittikten sonra C:\avenger.txt olarak bir log dosyası yaratılacaktır. (Yedekleriniz C:\avenger\backup.zip dizininde olacaktır.)
5. C:\avenger.txt dosyasını mesajınıza ekleyerek bize gönderin.
quote:
Orjinalden alıntı: WizzY_WizarD
serji şu loga bir bakarmısın bir sorun varmı?
ben en son şu otomatik güncelleştirmelerden internet explorer 7 yi yüklettirdim sonra internet explorer internete girmemeye başladı.
internet explorer 7 den olabilir dedim. Kaldırdım internet explorer 7 yi hala giremiyor. Sayfa görüntülenemiyor diyor. Kırmızı çerçeve içinde
"Ağ bağlantı sorunlarını gidermeyi denemek için, Araçlar'ı ve sonra "Bağlantı Sorunlarını Tanıla..." öğesini tıklatın."
yazıyor birde.
Dediği yere tıklıyorum ağ bağlantısında sorun bulunamadı diyor.
Fakat mozilladan internete girebiliyorum. Şimdi benim bu internet explorer yi düzeltmem gerek ne yapıcam?
SP2 gozukuyor sistemde. SP3 yuklemeni tavsiye ederim. Eger istemiyorsan SP2 bastan yuklemek sorunu cozebilir. Cevabini bekliyorum.
< Bu mesaj bu kişi tarafından değiştirildi serji -- 16 Ekim 2008; 20:54:58 >
-
quote:
Orjinalden alıntı: mutluhayri
Arkadaşım merhaba. Bilgisayarıma bir virüs girdi ne yaptıysam silemedim. SİSTEM GERİ YÜKLEME YAPAMIYORUM. Geri yükleme tamamlanamadı diyor. Nod32 ile bilgisayarı taradım ve birkaç virüs temizledi ama nasifle.. Daha sonra combofix ile taradım yine nafile yok.. Klasörlerimde gezinirken bir pencere açılıyor. virüs var şu programı indir idye bişeyler yazıyor..
Güvenli kipte virüs taraması yapmadım. Yardımcı olabilirseniz inanın çok sevinirim.. geleceğim sizin ellerinizde... :(
combofix raporu:
yardımcı olabilirsenin inanın çok sevinirim. teşekkür ederim kolay gelsin.
Perlovga Removal Tool adlı programı masaüstünüze indirin.
http://www.guvenlikuzmanim.com/dosyalar/perlovga.exe
Programı çalıştırıp Start tıklayın. Daha sonra bilgisayarınızı zaman kaybetmeden yeniden başlatın.
* Bilgisayarınızı taramak için Bitdefender Çevrimiçi Tarama açın.
http://www.bitdefender.com/scan8/ie.html
* I agree ve sonra da Scan tıklayın. (Ayarları değiştirmeyin)
* Tarama bittikten sonra Detected Problems sekmesini tıklayın ve Click here to export the scan report.
* Raporu HTML olarak kaydettikten sonra mesajınıza ekleyerek bize gönderin.
SuperAntiSpyware adlı programı indirip kurun.
http://www.superantispyware.com/downloads/SUPERAntiSpyware.exe
* SUPERAntiSypware.exe çift tıklayın ve programı varsayılan ayarlarıyla kurun.
* Masaüstünüzde programın ikonu oluşacaktır. Programı çalıştırmak için ikona çift tıklayın.
* Eğer güncellemeniz için soru sorarsa Evet tıklayın. Eğer sormazsa, taratmadan önce kendiniz Check for Updates butonuna tıklayarak güncelleştirin.
* Configuration and Preferences sekmesi altında Preferences butonuna tıklayın.
* General and Startup sekmesine tıklayın ve Start-up Options altında Start SUPERAntiSpyware when Windows starts seçeneğinin seçili olmadığından emin olun.
* Scanning Control sekmesine gelin ve Scanner Options altında yalnızca aşağıdakilerin işaretli olduğundan emin olun. (Diğerlerini işaretsiz bırakın.)
# Close browsers before scanning.
# Scan for tracking cookies.
# Terminate memory threats before quarantining.
* Close butonuna tıklayarak programı kapatın.
* Henüz sisteminizi taratmayın.
Şimdi tekrar programı çalıştırın:
* Ana menüde Scan for Harmful Software altında Scan your computer tıklayın.
* Sol tarafta C:\Fixed Drive işaretli olduğundan emin olun.
* Sağ tarafta Complete Scan altında Perform Complete Scan seçin ve Next tıklayın.
* Tarama işlemi bittikten sonra zararlı yazılımları içeren bir tarama özeti açılacak. OK tıklayın.
* Herşeyin işaretli olduğundan emin olun ve Next tıklayın.
* Quarantine and Removal is Complete şeklinde bir uyarı alacaksınız. OK tıklayın ve ana menüye dönmek için Finish tıklayın.
* Eğer yeniden başlatmanız gerektiği söylenirse, Yes tıklayıp bilgisayarınızı yeniden başlatın.
* İşlem sonuçlarını öğrenmek için:
# Preferences tıklayın ve Statistics/Logs sekmesine gelin.
# Scanner Logs altında SUPERAntiSpyware Scan Log çift tıklayın.
# Eğer birden fazla log varsa, güncel olanı seçin ve View log tıklayın. Bir yazı dosyası açılacaktır.
# Açılan dosyayı kaydedip mesajınıza ekleyerek bize gönderin.
* Close tıklayarak programı kapatın.
-
quote:
Orjinalden alıntı: EliNTeR
Serji laptop birden sürekli takılmalar yapmaya başladı..
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Evet sistemde virus gozukuyor. Yukaridaki islemlerden sonra:
Combofix adli programi indirin.
http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
Ip işlemleri
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
