DH Anasayfa
İndirim Kodu
Ara
Popüler
Foruma Git
Hakkımızda
Destek
Mobil Sürüm
Standart Site Görünümü
Bu Konuda
  • Tüm Forumlar
  • İşletim Sistemleri ve Yazılımlar
  • Yazılım Genel
  • Güvenlik Programları
  • Bu Konuda
Arama butonu
Bağlan:
Facebook
Google+
Twitter
Aşağı Git Tüm Forumlar İşletim Sistemleri ve Yazılımlar Yazılım Genel Güvenlik Programları Bilgisayarımda Virüs var (trojan, malware yada spyware) birçok program bulamıyor... Avira - Nod32
Bu konudaki kullanıcılar: 1 misafir, 1 mobil kullanıcı
40
Cevap 11387
Tıklama 0
Öne Çıkarma
Bilgisayarımda Virüs var (trojan, malware yada spyware) birçok program bulamıyor... Avira - Nod32
Cevap Yaz
Konuya Özel
0
01Mrt
16 yıl
Yarbay
Konu Sahibi

Bilgisayara taktığım usb belleğe bulaşan birşey var autorun.inf etkileniyor ve gizli klasör oluşturuyor...
usb belleği kullanmama izin vermediği gibi bir yavaşlama da oluyor, sistemde avira yüklü sonradan nod32 (v.4) kurdum ama sonuç aynı...
Yani usb olmasa olayın farkında bile olmayacağım, ayrıca msn kendi kendine listemdekilere linkler gönderiyor...
tarama yaptığımda nod32 usbdeki autorun.inf dosyasını buluyor o kadar. avirada tık yok...

autorun.inf dosyasının içeriği bu şekilde... 

[autorun] 
  ***open=driver\usb\gamesz.exe 
  ***action=Open 
  ***shell\open=Open 
  ***shell\open\command=driver\usb\gamesz.exe 
  ***Usb_Driver installed 
   
  Satır başlarındaki *** normalde yok ben ekledim ki herhangi bir sorun olmasın... :)))


Açılış bu şekilde... Open neyin nesi... :))
< Resime gitmek için tıklayın >

Gizli olan klasör "driver" içeriği altta...
< Resime gitmek için tıklayın >
< Resime gitmek için tıklayın >
< Resime gitmek için tıklayın >
En son resimdeki dosyalar sürekli değişiyor sanırım kullanılan dosyaları (xpde) buraya kopyalıyor...
Herhangi birine tıklandığında dosyanın direk özellikleri açılıyor...
Bu konuda bilgisi olan lütfen bişeyler eklesin ilk defa böyle bişeyle karşılaşıyorum...



T
tcebeci
16 yıl
Yarbay

Combofixhttp://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe ve
Mbam ilehttp://www.guvenlikuzmanim.com/dosyalar/mbam-setup.exe ile tam tarama yaptırın


tarama sonunda log raporlarını yayınlayın





< Bu mesaj bu kişi tarafından değiştirildi tcebeci -- 24 Temmuz 2009; 22:54:54 >
Bu mesaja 1 cevap geldi.
0
01Mrt
16 yıl
Yarbay
Konu Sahibi

Logları indirmek isterseniz linkleri...

http://d01.megashares.com/dl/1d89d74/Combo_log.txt
http://d01.megashares.com/dl/edef3f3/mbam-log-2009-07-25.txt

http://www.2shared.com/file/6843837/f8041686/Combo_log.html
http://www.2shared.com/file/6843838/68bb0b17/mbam-log-2009-07-25.html

Combo_log 
ComboFix 09-07-20.05 - Administrator 25.07.2009 19:42.1.4 - NTFSx86 
  Microsoft Windows XP Professional  5.1.2600.3.1254.90.1055.18.3070.2338 [GMT 3:00] 
  Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe 
  AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} 
  AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} 
  FW: ESET Kişisel güvenlik duvarı *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} 
   * Created a new restore point 
   
  WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! 
  . 
   
  (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
   
  c:\windows\system32\scrrntr.dll 
   
  . 
  (((((((((((((((((((((((((   Files Created from 2009-06-25 to 2009-07-25  ))))))))))))))))))))))))))))))) 
  . 
   
  2009-07-23 19:34 . 2009-07-23 19:34	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\ESET 
  2009-07-23 18:08 . 2009-07-23 18:08	--------	d-----w-	c:\documents and settings\Administrator\Application Data\ESET 
  2009-07-23 18:07 . 2009-07-23 18:07	--------	d-----w-	c:\windows\system32\config\systemprofile\Application Data\ESET 
  2009-07-23 18:06 . 2009-07-23 18:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\ESET 
  2009-07-23 17:42 . 2009-07-23 17:42	--------	d-----w-	c:\program files\ESET 
  2009-07-21 19:53 . 2008-05-21 12:28	7994	----a-w-	C:\yama.vbs 
  2009-07-19 14:46 . 2009-07-19 14:46	--------	d-----w-	c:\documents and settings\Administrator\DoctorWeb 
  2009-07-19 10:50 . 2009-07-19 10:50	--------	d-----w-	c:\program files\Dracula Virüs Temizleyici 3.5 
  2009-07-17 19:38 . 2009-07-21 19:06	--------	d-----w-	c:\program files\Spybot - Search & Destroy 
  2009-07-17 19:38 . 2009-07-21 19:05	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 
  2009-07-17 19:35 . 2009-07-17 19:35	--------	d--h--w-	c:\windows\PIF 
  2009-07-17 17:47 . 2009-07-17 17:47	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Temp 
  2009-07-16 19:59 . 2008-06-19 14:24	28544	----a-w-	c:\windows\system32\drivers\pavboot.sys 
  2009-07-16 19:58 . 2009-07-16 19:58	--------	d-----w-	c:\program files\Panda Security 
  2009-07-12 11:28 . 2009-07-12 11:28	--------	d-----w-	c:\program files\Microsoft Silverlight 
  2009-07-12 09:06 . 2009-07-12 09:06	--------	d-sh--w-	c:\documents and settings\Administrator\IECompatCache 
  2009-07-11 20:10 . 2009-06-23 15:44	147456	--sh--r-	c:\windows\smsWfi.exe 
  2009-07-10 19:51 . 2009-07-10 19:51	--------	d-----w-	c:\program files\Bonjour 
  2009-07-10 19:46 . 2009-07-10 19:46	--------	d-----w-	c:\program files\Common Files\Macrovision Shared 
  2009-07-09 09:20 . 2009-07-09 09:20	--------	d-sh--w-	c:\documents and settings\Administrator\PrivacIE 
  2009-07-09 09:19 . 2009-07-09 09:19	--------	d-sh--w-	c:\documents and settings\Administrator\IETldCache 
  2009-07-09 04:02 . 2009-06-02 10:12	102912	------w-	c:\windows\system32\dllcache\iecompat.dll 
  2009-07-09 04:01 . 2009-07-09 04:01	--------	d-----w-	c:\windows\ie8updates 
  2009-07-09 04:01 . 2009-04-30 21:14	12800	------w-	c:\windows\system32\dllcache\xpshims.dll 
  2009-07-09 04:01 . 2009-04-30 21:14	1985024	------w-	c:\windows\system32\dllcache\iertutil.dll 
  2009-07-09 04:01 . 2009-04-30 21:14	11064832	------w-	c:\windows\system32\dllcache\ieframe.dll 
  2009-07-09 04:01 . 2009-04-30 21:14	246272	------w-	c:\windows\system32\dllcache\ieproxy.dll 
  2009-07-09 04:00 . 2009-07-09 04:01	--------	dc-h--w-	c:\windows\ie8 
  2009-07-05 13:15 . 2009-07-05 18:26	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\BS_Player 
  2009-07-05 13:15 . 2009-07-05 13:15	--------	d-----w-	c:\program files\Conduit 
  2009-07-05 13:15 . 2009-07-05 13:15	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Conduit 
  2009-07-05 13:15 . 2009-07-05 13:46	--------	d-----w-	c:\program files\BS_Player 
  2009-07-05 13:15 . 2009-07-05 13:15	--------	d-----w-	c:\program files\Webteh 
  2009-07-05 13:08 . 2009-07-05 13:08	--------	d-----w-	c:\program files\AirTies 
  2009-07-05 13:08 . 2007-03-16 09:53	450944	----a-w-	c:\windows\system32\drivers\TUSB1150.sys 
  2009-07-05 13:08 . 2006-12-04 12:42	97388	----a-w-	c:\windows\system32\drivers\Fwusb1b.bin 
  2009-07-03 20:45 . 2009-07-12 17:46	158	----a-w-	C:\tw0001.dat 
  2009-07-02 16:00 . 2008-04-13 08:45	32128	----a-w-	c:\windows\system32\drivers\usbccgp.sys 
  2009-06-30 16:37 . 2009-06-30 16:37	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\vdownloader 
  2009-06-28 18:22 . 2009-06-28 18:22	--------	d-----w-	c:\windows\system32\dns 
  2009-06-26 19:05 . 2009-06-26 19:05	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Datalayer 
  2009-06-26 19:05 . 2009-06-28 20:39	--------	d-----w-	c:\documents and settings\Administrator\Phone Browser 
  2009-06-26 19:04 . 2009-06-26 19:04	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Nokia 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\program files\DIFX 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\program files\Common Files\Nokia 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\documents and settings\Administrator\Application Data\PC Suite 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Suite 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\program files\Common Files\PCSuite 
  2009-06-26 19:01 . 2006-05-29 05:26	8704	----a-w-	c:\windows\system32\drivers\nmwcdc.sys 
  2009-06-26 19:01 . 2006-05-29 05:26	13312	----a-w-	c:\windows\system32\drivers\nmwcdcm.sys 
  2009-06-26 19:01 . 2006-05-29 05:26	127488	----a-w-	c:\windows\system32\drivers\nmwcd.sys 
  2009-06-26 19:01 . 2006-05-29 05:26	30720	----a-w-	c:\windows\system32\nmwcdcocls.dll 
  2009-06-26 19:01 . 2006-05-29 05:26	4608	----a-w-	c:\windows\system32\nmwcdlog.dll 
  2009-06-26 19:01 . 2006-05-29 05:26	50688	----a-w-	c:\windows\system32\nmwcdcls.dll 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\program files\Nokia 
  2009-06-26 19:00 . 2009-06-26 19:00	--------	d-----w-	c:\documents and settings\All Users\Application Data\Downloaded Installations 
   
  . 
  ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  2009-07-24 19:57 . 2009-06-18 16:12	--------	d-----w-	c:\program files\Unlocker 
  2009-07-18 17:50 . 2009-06-18 07:35	--------	d-----w-	c:\program files\MSN Messenger 
  2009-07-10 19:51 . 2009-06-18 16:18	--------	d-----w-	c:\program files\Common Files\Adobe 
  2009-07-05 13:08 . 2009-06-18 06:50	--------	d--h--w-	c:\program files\InstallShield Installation Information 
  2009-06-26 16:57 . 2009-06-18 07:41	68456	----a-w-	c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 
  2009-06-23 09:52 . 2001-11-22 15:00	68472	----a-w-	c:\windows\system32\perfc01F.dat 
  2009-06-23 09:52 . 2001-11-22 15:00	383452	----a-w-	c:\windows\system32\perfh01F.dat 
  2009-06-21 14:30 . 2009-06-21 14:30	--------	d-----w-	c:\documents and settings\Administrator\Application Data\GRETECH 
  2009-06-20 17:06 . 2009-06-18 16:51	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Ahead 
  2009-06-18 17:12 . 2009-06-18 17:06	--------	d-----w-	c:\program files\proeWildfire 3.0 
  2009-06-18 17:00 . 2009-06-18 16:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help 
  2009-06-18 16:59 . 2009-06-18 16:59	--------	d-----w-	c:\program files\Microsoft Works 
  2009-06-18 16:58 . 2009-06-18 16:58	--------	d-----w-	c:\program files\MSBuild 
  2009-06-18 16:58 . 2009-06-18 16:58	--------	d-----w-	c:\program files\Microsoft.NET 
  2009-06-18 16:56 . 2009-06-18 16:56	--------	d-----w-	c:\program files\Microsoft Visual Studio 8 
  2009-06-18 16:52 . 2009-06-18 16:51	--------	d-----w-	c:\program files\Common Files\Ahead 
  2009-06-18 16:51 . 2009-06-18 16:51	--------	d-----w-	c:\program files\Nero 
  2009-06-18 16:17 . 2009-06-18 16:17	--------	d-----w-	c:\documents and settings\All Users\Application Data\TechSmith 
  2009-06-18 16:17 . 2009-06-18 16:17	--------	d-----w-	c:\program files\TechSmith 
  2009-06-18 16:12 . 2009-06-18 16:12	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Desktopicon 
  2009-06-18 16:03 . 2009-06-18 16:03	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Media Player Classic 
  2009-06-18 16:02 . 2009-06-18 16:02	--------	d-----w-	c:\program files\K-Lite Codec Pack 
  2009-06-18 15:09 . 2009-06-18 15:09	--------	d-----w-	c:\documents and settings\Administrator\Application Data\vlc 
  2009-06-18 15:08 . 2009-06-18 15:08	--------	d-----w-	c:\program files\VideoLAN 
  2009-06-18 15:04 . 2009-06-18 15:04	--------	d-----w-	c:\program files\HD Tune 
  2009-06-18 13:25 . 2009-06-18 13:25	--------	d-----w-	c:\documents and settings\All Users\Application Data\ATI 
  2009-06-18 13:25 . 2009-06-18 13:25	--------	d-----w-	c:\documents and settings\Administrator\Application Data\ATI 
  2009-06-18 10:27 . 2009-06-18 10:27	--------	d-----w-	c:\program files\AIMP2 
  2009-06-18 08:35 . 2009-06-18 08:35	0	----a-w-	c:\windows\ativpsrm.bin 
  2009-06-18 08:34 . 2009-06-18 08:33	--------	d-----w-	c:\program files\ATI Technologies 
  2009-06-18 08:33 . 2009-06-18 07:45	--------	d-----w-	c:\program files\Common Files\InstallShield 
  2009-06-18 08:22 . 2009-06-18 08:22	--------	d-----w-	c:\program files\Vimicro 
  2009-06-18 08:20 . 2009-06-18 06:49	16608	----a-w-	c:\windows\gdrv.sys 
  2009-06-18 08:18 . 2009-06-18 08:18	319488	----a-w-	c:\windows\HideWin.exe 
  2009-06-18 08:07 . 2009-06-18 08:07	0	----a-w-	c:\windows\nsreg.dat 
  2009-06-18 07:53 . 2009-06-18 06:40	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat 
  2009-06-18 07:53 . 2009-06-18 07:53	12328	----a-w-	c:\documents and settings\beyaz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 
  2009-06-18 07:46 . 2009-06-18 07:46	--------	d-----w-	c:\program files\Intel 
  2009-06-18 07:45 . 2009-06-18 06:50	--------	d-----w-	c:\program files\Realtek 
  2009-06-18 06:57 . 2009-06-18 06:57	--------	d-----w-	c:\program files\Avira 
  2009-06-18 06:57 . 2009-06-18 06:57	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avira 
  2009-06-18 06:50 . 2009-06-18 06:50	--------	d-----w-	c:\documents and settings\Administrator\Application Data\InstallShield 
  2009-06-18 06:39 . 2009-06-18 06:39	21736	----a-w-	c:\windows\system32\emptyregdb.dat 
  2009-05-16 03:58 . 2009-05-16 03:58	4069888	----a-w-	c:\windows\system32\drivers\ati2mtag.sys 
  2009-05-16 03:39 . 2009-05-16 03:39	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll 
  2009-05-16 03:38 . 2009-05-16 03:38	335872	----a-w-	c:\windows\system32\ati2dvag.dll 
  2009-05-16 03:18 . 2009-05-16 03:18	204800	----a-w-	c:\windows\system32\atipdlxx.dll 
  2009-05-16 03:17 . 2009-05-16 03:17	155648	----a-w-	c:\windows\system32\Oemdspif.dll 
  2009-05-16 03:17 . 2009-05-16 03:17	26112	----a-w-	c:\windows\system32\Ati2mdxx.exe 
  2009-05-16 03:17 . 2009-05-16 03:17	43520	----a-w-	c:\windows\system32\ati2edxx.dll 
  2009-05-16 03:17 . 2009-05-16 03:17	155648	----a-w-	c:\windows\system32\ati2evxx.dll 
  2009-05-16 03:15 . 2009-05-16 03:15	602112	----a-w-	c:\windows\system32\ati2evxx.exe 
  2009-05-16 03:14 . 2009-05-16 03:14	53248	----a-w-	c:\windows\system32\ATIDDC.DLL 
  2009-05-16 03:07 . 2009-05-16 03:07	2987136	----a-w-	c:\windows\system32\ati3duag.dll 
  2009-05-16 02:55 . 2009-05-16 02:55	11423744	----a-w-	c:\windows\system32\atioglxx.dll 
  2009-05-16 02:54 . 2009-05-16 02:54	2122624	----a-w-	c:\windows\system32\ativvaxx.dll 
  2009-05-16 02:54 . 2009-05-16 02:54	887724	----a-w-	c:\windows\system32\ativva6x.dat 
  2009-05-16 02:54 . 2009-05-16 02:54	3	----a-w-	c:\windows\system32\ativva5x.dat 
  2009-05-16 02:51 . 2009-05-16 02:51	311296	----a-w-	c:\windows\system32\atiiiexx.dll 
  2009-05-16 02:38 . 2009-05-16 02:38	49664	----a-w-	c:\windows\system32\atimpc32.dll 
  2009-05-16 02:38 . 2009-05-16 02:38	49664	----a-w-	c:\windows\system32\amdpcom32.dll 
  2009-05-16 02:33 . 2009-05-16 02:33	479232	----a-w-	c:\windows\system32\atikvmag.dll 
  2009-05-16 02:31 . 2009-05-16 02:31	139264	----a-w-	c:\windows\system32\atiadlxx.dll 
  2009-05-16 02:31 . 2009-05-16 02:31	17408	----a-w-	c:\windows\system32\atitvo32.dll 
  2009-05-16 02:30 . 2009-05-16 02:30	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll 
  2009-05-16 02:26 . 2009-05-16 02:26	376832	----a-w-	c:\windows\system32\atiok3x2.dll 
  2009-05-16 02:24 . 2009-05-16 02:24	651264	----a-w-	c:\windows\system32\ati2cqag.dll 
  2009-05-16 01:35 . 2009-05-16 01:35	45056	----a-w-	c:\windows\system32\aticalrt.dll 
  2009-05-16 01:34 . 2009-05-16 01:34	45056	----a-w-	c:\windows\system32\aticalcl.dll 
  2009-05-16 01:33 . 2009-05-16 01:33	3158016	----a-w-	c:\windows\system32\aticaldd.dll 
  2009-05-15 18:05 . 2009-06-18 08:33	593920	------w-	c:\windows\system32\ati2sgag.exe 
  2009-05-13 05:04 . 2008-04-14 06:00	915456	----a-w-	c:\windows\system32\wininet.dll 
  2009-05-07 15:32 . 2008-04-14 06:00	345088	----a-w-	c:\windows\system32\localspl.dll 
  2009-05-05 19:33 . 2009-05-05 19:33	118784	----a-w-	c:\windows\system32\atibtmon.exe 
  2009-07-22 23:11 . 2009-06-18 08:07	134648	----a-w-	c:\program files\mozilla firefox\components\brwsrcmp.dll 
  . 
   
  (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  . 
  *Note* empty entries & legit default entries are not shown  
  REGEDIT4 
   
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] 
  "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960] 
   
  [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 
   
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 
  2009-07-05 13:46	2215960	----a-w-	c:\program files\BS_Player\tbBS_1.dll 
   
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] 
  "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960] 
   
  [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 
   
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] 
  "{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960] 
   
  [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 
   
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-18 133104] 
  "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] 
  "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208] 
  "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] 
  "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] 
  "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984] 
   
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "GEST"="=" [X] 
  "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] 
  "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152] 
  "Domino"="c:\windows\Domino.EXE" [2006-06-28 49152] 
  "AIMP2"="c:\program files\AIMP2\AIMP2.exe" [2008-12-30 358400] 
  "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] 
  "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] 
  "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] 
  "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] 
  "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640] 
  "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208] 
  "Windowss"="smsWfi.exe" - c:\windows\smsWfi.exe [2009-06-23 147456] 
   
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] 
  "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] 
   
  [HKEY_LOCAL_MACHINE\software\microsoft\security center] 
  "UpdatesDisableNotify"=dword:00000001 
   
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] 
  "EnableFirewall"= 0 (0x0) 
   
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] 
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"= 
  "%windir%\\system32\\sessmgr.exe"= 
  "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= 
  "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= 
  "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= 
  "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= 
  "e:\\driver\\usb\\gamesz.exe"= 
  "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= 
  "c:\\Program Files\\MSN Messenger\\livecall.exe"= 
   
  R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [16.07.2009 22:59 28544] 
  R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.06.2009 09:57 108289] 
  R2 ekrn;ESET Service;c:\program files\ESET\Eset Smart Security\ekrn.exe [09.04.2009 15:19 731840] 
  R3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [05.07.2009 16:08 450944] 
  R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [18.06.2009 11:22 428160] 
  S2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe /s --> c:\windows\reset.exe  [?] 
  S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18.06.2009 10:45 1684736] 
   
  [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] 
  "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP 
  . 
  Contents of the 'Scheduled Tasks' folder 
   
  2009-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1383384898-1177238915-500Core.job 
  - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 07:30] 
   
  2009-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1383384898-1177238915-500UA.job 
  - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 07:30] 
  . 
  - - - - ORPHANS REMOVED - - - - 
   
  HKLM-Run-BigDog303 - c:\windows\VM303_STI.EXE 
  HKLM-Run-AirTiesWUS-300 - c:\program files\AirTies\AirTiesWUS-300\WUS300.exe 
  HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll 
  HKU-Default-RunOnce-nltide2 - rundll32 advpack.dll 
   
   
  . 
  ------- Supplementary Scan ------- 
  . 
  uStart Page = about:blank 
  uInternet Settings,ProxyOverride = local 
  IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 
  TCP: {626F8656-8372-48BB-A7AD-C46E20F35E43} = 127.0.0.1 
  FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4pnj89e2.default\ 
  FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll 
  . 
   
  ************************************************************************** 
   
  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net 
  Rootkit scan 2009-07-25 19:48 
  Windows 5.1.2600 Service Pack 3 NTFS 
   
  scanning hidden processes ...   
   
  scanning hidden autostart entries ...  
   
  HKLM\Software\Microsoft\Windows\CurrentVersion\Run 
    BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????  
   
  scanning hidden files ...   
   
  scan completed successfully 
  hidden files: 0 
   
  ************************************************************************** 
  . 
  --------------------- LOCKED REGISTRY KEYS --------------------- 
   
  [HKEY_USERS\S-1-5-21-2052111302-1383384898-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences] 
  @Denied: (2) (Administrator) 
  "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, 
     d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,47,2b,4b,1a,01,8e,45,96,75,54,\ 
  "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, 
     d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,47,2b,4b,1a,01,8e,45,96,75,54,\ 
  . 
  --------------------- DLLs Loaded Under Running Processes --------------------- 
   
  - - - - - - - > 'winlogon.exe'(1012) 
  c:\windows\system32\Ati2evxx.dll 
  . 
  Completion time: 2009-07-25 19:49 
  ComboFix-quarantined-files.txt  2009-07-25 16:49 
   
  Pre-Run: 89.177.079.808 bayt boş 
  Post-Run: 90.077.794.304 bayt boş 
   
  262	--- E O F ---	2009-07-09 04:02


mbam-log-2009-07-25 
Malwarebytes' Anti-Malware 1.39 
  Veritabanı sürümü: 2500 
  Windows 5.1.2600 Service Pack 3 
   
  25.07.2009 21:51:04 
  mbam-log-2009-07-25 (21-51-04).txt 
   
  Tarama biçimi: Gelişmiş Tarama (C:\|D:\|E:\|) 
  Taranan öğeler: 254768 
  Geçen süre: 39 minute(s), 24 second(s) 
   
  Etkilenmiş Hafıza İşlemleri: 0 
  Etkilenmiş Hafıza Modülleri: 0 
  Etkilenmiş Kayıt Anahtarları: 0 
  Etkilenmiş Kayıt Değerleri: 0 
  Etkilenmiş Kayıt Verisi Öğeleri: 1 
  Etkilenmiş Klasörler: 0 
  Etkilenmiş Dosyalar: 0 
   
  Etkilenmiş Hafıza İşlemleri: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Hafıza Modülleri: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Kayıt Anahtarları: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Kayıt Değerleri: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Kayıt Verisi Öğeleri: 
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. 
   
  Etkilenmiş Klasörler: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Dosyalar: 
  (Herhangi bir tehlikeli öğe bulunmadı)





< Bu mesaj bu kişi tarafından değiştirildi 01Mrt -- 25 Temmuz 2009; 22:14:43 >
Bu mesaja 1 cevap geldi.
M
Matrix Prisoner
16 yıl
Binbaşı

güvenli kipte açmanıza izin veriyormu?


Bu mesaja 1 cevap geldi.
T
tcebeci
16 yıl
Yarbay

Avenger programıyla şekildekileri uygulayın
http://www.guvenlikuzmanim.com/dosyalar/avenger.exe
< Resime gitmek için tıklayın >

Ve tekrar Combofix le taratıp log gönderin


Edit: Çİft antivirüs programı kullanmak pek tavsiye edilmez





< Bu mesaj bu kişi tarafından değiştirildi tcebeci -- 26 Temmuz 2009; 13:14:56 >
Bu mesaja 1 cevap geldi.
0
01Mrt
16 yıl
Yarbay
Konu Sahibi

@tcebeci
Zaten ben hep avira kullanıyorum uğraştırmadan kurulduğu için, nod32 yi acaba bişeyler bulur mu ümidi ile kurmuştum...
Söylediğiniz gibi yaptım ilk reset ten sonra mavi ekranla karşılaştım bu normal mi?
Ayrıca 3. satırdaki "scrrntr" gibi görünüyor yoksa "scrmtr" mi... yani 'r n' mi 'm' mi? ...

Avenger Log... 
Logfile of The Avenger Version 2.0, (c) by Swandog46 
 http://swandog46.geekstogo.com 
   
  Platform:  Windows XP 
   
  ******************* 
   
  Script file opened successfully. 
  Script file read successfully. 
   
  Backups directory opened successfully at C:\Avenger 
   
  ******************* 
   
  Beginning to process script file: 
   
  Rootkit scan active. 
  No rootkits found! 
   
  Driver "pavboot" disabled successfully. 
  Driver "Ambfilt" disabled successfully. 
   
  Error:  could not open driver "scrrntr" 
  Disablement of driver "scrrntr" failed! 
  Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) 
    --> the object does not exist 
   
  Driver "pavboot" deleted successfully. 
  Driver "Ambfilt" deleted successfully. 
   
  Error:  registry key "\Registry\Machine\System\CurrentControlSet\Services\scrrntr" not found! 
  Deletion of driver "scrrntr" failed! 
  Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) 
    --> the object does not exist 
   
   
  Completed script processing. 
   
  ******************* 
   
  Finished!  Terminate.


Bu mesaja 1 cevap geldi.
T
tcebeci
16 yıl
Yarbay

şu anda mavi ekran varmı?
Birkez daha combofix yaparmısın?

scrrntr dosyası zaten silinmiş görünüyor, önemli değil





< Bu mesaj bu kişi tarafından değiştirildi tcebeci -- 26 Temmuz 2009; 20:01:29 >
Bu mesaja 1 cevap geldi.
0
01Mrt
16 yıl
Yarbay
Konu Sahibi

@tcebeci
mavi ekran şuan yok tekrar reset attım açıldı...
"SCRRNTR" yani doğru yazmışım sorun yok değil mi...

Combo_Log 
ComboFix 09-07-20.05 - Administrator 26.07.2009 19:53.3.4 - NTFSx86 
  Microsoft Windows XP Professional  5.1.2600.3.1254.90.1055.18.3070.2373 [GMT 3:00] 
  Running from: c:\documents and settings\Administrator\Desktop\Program & Driver\ComboFix.exe 
  AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} 
   
  WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! 
  . 
   
  (((((((((((((((((((((((((   Files Created from 2009-06-26 to 2009-07-26  ))))))))))))))))))))))))))))))) 
  . 
   
  2009-07-26 07:35 . 2009-07-26 07:35	--------	d-----w-	c:\program files\MadOnion.com 
  2009-07-25 18:53 . 2009-07-25 18:53	--------	d-----w-	c:\windows\system32\xircom 
  2009-07-25 18:53 . 2009-07-25 18:53	--------	d-----w-	c:\windows\system32\wbem\snmp 
  2009-07-25 18:53 . 2009-07-25 18:53	--------	d-----w-	c:\program files\microsoft frontpage 
  2009-07-25 16:59 . 2009-07-25 16:59	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Malwarebytes 
  2009-07-25 16:58 . 2009-07-13 10:36	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys 
  2009-07-25 16:58 . 2009-07-25 16:59	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware 
  2009-07-25 16:58 . 2009-07-25 16:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes 
  2009-07-25 16:58 . 2009-07-13 10:36	19096	----a-w-	c:\windows\system32\drivers\mbam.sys 
  2009-07-23 19:34 . 2009-07-23 19:34	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\ESET 
  2009-07-23 18:08 . 2009-07-23 18:08	--------	d-----w-	c:\documents and settings\Administrator\Application Data\ESET 
  2009-07-23 18:07 . 2009-07-23 18:07	--------	d-----w-	c:\windows\system32\config\systemprofile\Application Data\ESET 
  2009-07-23 18:06 . 2009-07-23 18:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\ESET 
  2009-07-21 19:53 . 2008-05-21 12:28	7994	----a-w-	C:\yama.vbs 
  2009-07-19 14:46 . 2009-07-19 14:46	--------	d-----w-	c:\documents and settings\Administrator\DoctorWeb 
  2009-07-19 10:50 . 2009-07-19 10:50	--------	d-----w-	c:\program files\Dracula Virüs Temizleyici 3.5 
  2009-07-17 19:38 . 2009-07-21 19:06	--------	d-----w-	c:\program files\Spybot - Search & Destroy 
  2009-07-17 19:38 . 2009-07-21 19:05	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 
  2009-07-17 19:35 . 2009-07-17 19:35	--------	d--h--w-	c:\windows\PIF 
  2009-07-17 17:47 . 2009-07-17 17:47	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Temp 
  2009-07-16 19:59 . 2008-06-19 14:24	28544	----a-w-	c:\windows\system32\drivers\pavboot.sys 
  2009-07-16 19:58 . 2009-07-16 19:58	--------	d-----w-	c:\program files\Panda Security 
  2009-07-12 11:28 . 2009-07-12 11:28	--------	d-----w-	c:\program files\Microsoft Silverlight 
  2009-07-12 09:06 . 2009-07-12 09:06	--------	d-sh--w-	c:\documents and settings\Administrator\IECompatCache 
  2009-07-11 20:10 . 2009-06-23 15:44	147456	--sh--r-	c:\windows\smsWfi.exe 
  2009-07-10 19:51 . 2009-07-10 19:51	--------	d-----w-	c:\program files\Bonjour 
  2009-07-10 19:46 . 2009-07-10 19:46	--------	d-----w-	c:\program files\Common Files\Macrovision Shared 
  2009-07-09 09:20 . 2009-07-09 09:20	--------	d-sh--w-	c:\documents and settings\Administrator\PrivacIE 
  2009-07-09 09:19 . 2009-07-09 09:19	--------	d-sh--w-	c:\documents and settings\Administrator\IETldCache 
  2009-07-09 04:02 . 2009-06-02 10:12	102912	------w-	c:\windows\system32\dllcache\iecompat.dll 
  2009-07-09 04:01 . 2009-07-09 04:01	--------	d-----w-	c:\windows\ie8updates 
  2009-07-09 04:01 . 2009-04-30 21:14	12800	------w-	c:\windows\system32\dllcache\xpshims.dll 
  2009-07-09 04:01 . 2009-04-30 21:14	1985024	------w-	c:\windows\system32\dllcache\iertutil.dll 
  2009-07-09 04:01 . 2009-04-30 21:14	11064832	------w-	c:\windows\system32\dllcache\ieframe.dll 
  2009-07-09 04:01 . 2009-04-30 21:14	246272	------w-	c:\windows\system32\dllcache\ieproxy.dll 
  2009-07-09 04:00 . 2009-07-09 04:01	--------	dc-h--w-	c:\windows\ie8 
  2009-07-05 13:15 . 2009-07-05 18:26	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\BS_Player 
  2009-07-05 13:15 . 2009-07-05 13:15	--------	d-----w-	c:\program files\Conduit 
  2009-07-05 13:15 . 2009-07-05 13:15	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Conduit 
  2009-07-05 13:15 . 2009-07-05 13:46	--------	d-----w-	c:\program files\BS_Player 
  2009-07-05 13:15 . 2009-07-05 13:15	--------	d-----w-	c:\program files\Webteh 
  2009-07-05 13:08 . 2009-07-05 13:08	--------	d-----w-	c:\program files\AirTies 
  2009-07-05 13:08 . 2007-03-16 09:53	450944	----a-w-	c:\windows\system32\drivers\TUSB1150.sys 
  2009-07-05 13:08 . 2006-12-04 12:42	97388	----a-w-	c:\windows\system32\drivers\Fwusb1b.bin 
  2009-07-03 20:45 . 2009-07-12 17:46	158	----a-w-	C:\tw0001.dat 
  2009-07-02 16:00 . 2008-04-13 08:45	32128	----a-w-	c:\windows\system32\drivers\usbccgp.sys 
  2009-06-30 16:37 . 2009-06-30 16:37	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\vdownloader 
  2009-06-28 18:22 . 2009-06-28 18:22	--------	d-----w-	c:\windows\system32\dns 
  2009-06-26 19:05 . 2009-06-26 19:05	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Datalayer 
  2009-06-26 19:05 . 2009-06-28 20:39	--------	d-----w-	c:\documents and settings\Administrator\Phone Browser 
  2009-06-26 19:04 . 2009-06-26 19:04	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Nokia 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\program files\DIFX 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\program files\Common Files\Nokia 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\documents and settings\Administrator\Application Data\PC Suite 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Suite 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\program files\Common Files\PCSuite 
  2009-06-26 19:01 . 2006-05-29 05:26	8704	----a-w-	c:\windows\system32\drivers\nmwcdc.sys 
  2009-06-26 19:01 . 2006-05-29 05:26	13312	----a-w-	c:\windows\system32\drivers\nmwcdcm.sys 
  2009-06-26 19:01 . 2006-05-29 05:26	127488	----a-w-	c:\windows\system32\drivers\nmwcd.sys 
  2009-06-26 19:01 . 2006-05-29 05:26	30720	----a-w-	c:\windows\system32\nmwcdcocls.dll 
  2009-06-26 19:01 . 2006-05-29 05:26	4608	----a-w-	c:\windows\system32\nmwcdlog.dll 
  2009-06-26 19:01 . 2006-05-29 05:26	50688	----a-w-	c:\windows\system32\nmwcdcls.dll 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\program files\Nokia 
  2009-06-26 19:00 . 2009-06-26 19:00	--------	d-----w-	c:\documents and settings\All Users\Application Data\Downloaded Installations 
   
  . 
  ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  2009-07-26 07:35 . 2009-06-18 06:50	--------	d--h--w-	c:\program files\InstallShield Installation Information 
  2009-07-25 19:20 . 2009-06-18 16:12	--------	d-----w-	c:\program files\Unlocker 
  2009-07-18 17:50 . 2009-06-18 07:35	--------	d-----w-	c:\program files\MSN Messenger 
  2009-07-10 19:51 . 2009-06-18 16:18	--------	d-----w-	c:\program files\Common Files\Adobe 
  2009-06-26 16:57 . 2009-06-18 07:41	68456	----a-w-	c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 
  2009-06-23 09:52 . 2001-11-22 15:00	68472	----a-w-	c:\windows\system32\perfc01F.dat 
  2009-06-23 09:52 . 2001-11-22 15:00	383452	----a-w-	c:\windows\system32\perfh01F.dat 
  2009-06-21 14:30 . 2009-06-21 14:30	--------	d-----w-	c:\documents and settings\Administrator\Application Data\GRETECH 
  2009-06-20 17:06 . 2009-06-18 16:51	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Ahead 
  2009-06-18 17:12 . 2009-06-18 17:06	--------	d-----w-	c:\program files\proeWildfire 3.0 
  2009-06-18 17:00 . 2009-06-18 16:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help 
  2009-06-18 16:59 . 2009-06-18 16:59	--------	d-----w-	c:\program files\Microsoft Works 
  2009-06-18 16:58 . 2009-06-18 16:58	--------	d-----w-	c:\program files\MSBuild 
  2009-06-18 16:58 . 2009-06-18 16:58	--------	d-----w-	c:\program files\Microsoft.NET 
  2009-06-18 16:56 . 2009-06-18 16:56	--------	d-----w-	c:\program files\Microsoft Visual Studio 8 
  2009-06-18 16:52 . 2009-06-18 16:51	--------	d-----w-	c:\program files\Common Files\Ahead 
  2009-06-18 16:51 . 2009-06-18 16:51	--------	d-----w-	c:\program files\Nero 
  2009-06-18 16:17 . 2009-06-18 16:17	--------	d-----w-	c:\documents and settings\All Users\Application Data\TechSmith 
  2009-06-18 16:17 . 2009-06-18 16:17	--------	d-----w-	c:\program files\TechSmith 
  2009-06-18 16:12 . 2009-06-18 16:12	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Desktopicon 
  2009-06-18 16:03 . 2009-06-18 16:03	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Media Player Classic 
  2009-06-18 16:02 . 2009-06-18 16:02	--------	d-----w-	c:\program files\K-Lite Codec Pack 
  2009-06-18 15:09 . 2009-06-18 15:09	--------	d-----w-	c:\documents and settings\Administrator\Application Data\vlc 
  2009-06-18 15:08 . 2009-06-18 15:08	--------	d-----w-	c:\program files\VideoLAN 
  2009-06-18 15:04 . 2009-06-18 15:04	--------	d-----w-	c:\program files\HD Tune 
  2009-06-18 13:25 . 2009-06-18 13:25	--------	d-----w-	c:\documents and settings\All Users\Application Data\ATI 
  2009-06-18 13:25 . 2009-06-18 13:25	--------	d-----w-	c:\documents and settings\Administrator\Application Data\ATI 
  2009-06-18 10:27 . 2009-06-18 10:27	--------	d-----w-	c:\program files\AIMP2 
  2009-06-18 08:35 . 2009-06-18 08:35	0	----a-w-	c:\windows\ativpsrm.bin 
  2009-06-18 08:34 . 2009-06-18 08:33	--------	d-----w-	c:\program files\ATI Technologies 
  2009-06-18 08:33 . 2009-06-18 07:45	--------	d-----w-	c:\program files\Common Files\InstallShield 
  2009-06-18 08:22 . 2009-06-18 08:22	--------	d-----w-	c:\program files\Vimicro 
  2009-06-18 08:20 . 2009-06-18 06:49	16608	----a-w-	c:\windows\gdrv.sys 
  2009-06-18 08:18 . 2009-06-18 08:18	319488	----a-w-	c:\windows\HideWin.exe 
  2009-06-18 08:07 . 2009-06-18 08:07	0	----a-w-	c:\windows\nsreg.dat 
  2009-06-18 07:53 . 2009-06-18 06:40	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat 
  2009-06-18 07:53 . 2009-06-18 07:53	12328	----a-w-	c:\documents and settings\beyaz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 
  2009-06-18 07:46 . 2009-06-18 07:46	--------	d-----w-	c:\program files\Intel 
  2009-06-18 07:45 . 2009-06-18 06:50	--------	d-----w-	c:\program files\Realtek 
  2009-06-18 06:57 . 2009-06-18 06:57	--------	d-----w-	c:\program files\Avira 
  2009-06-18 06:57 . 2009-06-18 06:57	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avira 
  2009-06-18 06:50 . 2009-06-18 06:50	--------	d-----w-	c:\documents and settings\Administrator\Application Data\InstallShield 
  2009-06-18 06:39 . 2009-06-18 06:39	21736	----a-w-	c:\windows\system32\emptyregdb.dat 
  2009-05-16 03:58 . 2009-05-16 03:58	4069888	----a-w-	c:\windows\system32\drivers\ati2mtag.sys 
  2009-05-16 03:39 . 2009-05-16 03:39	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll 
  2009-05-16 03:38 . 2009-05-16 03:38	335872	----a-w-	c:\windows\system32\ati2dvag.dll 
  2009-05-16 03:18 . 2009-05-16 03:18	204800	----a-w-	c:\windows\system32\atipdlxx.dll 
  2009-05-16 03:17 . 2009-05-16 03:17	155648	----a-w-	c:\windows\system32\Oemdspif.dll 
  2009-05-16 03:17 . 2009-05-16 03:17	26112	----a-w-	c:\windows\system32\Ati2mdxx.exe 
  2009-05-16 03:17 . 2009-05-16 03:17	43520	----a-w-	c:\windows\system32\ati2edxx.dll 
  2009-05-16 03:17 . 2009-05-16 03:17	155648	----a-w-	c:\windows\system32\ati2evxx.dll 
  2009-05-16 03:15 . 2009-05-16 03:15	602112	----a-w-	c:\windows\system32\ati2evxx.exe 
  2009-05-16 03:14 . 2009-05-16 03:14	53248	----a-w-	c:\windows\system32\ATIDDC.DLL 
  2009-05-16 03:07 . 2009-05-16 03:07	2987136	----a-w-	c:\windows\system32\ati3duag.dll 
  2009-05-16 02:55 . 2009-05-16 02:55	11423744	----a-w-	c:\windows\system32\atioglxx.dll 
  2009-05-16 02:54 . 2009-05-16 02:54	2122624	----a-w-	c:\windows\system32\ativvaxx.dll 
  2009-05-16 02:54 . 2009-05-16 02:54	887724	----a-w-	c:\windows\system32\ativva6x.dat 
  2009-05-16 02:54 . 2009-05-16 02:54	3	----a-w-	c:\windows\system32\ativva5x.dat 
  2009-05-16 02:51 . 2009-05-16 02:51	311296	----a-w-	c:\windows\system32\atiiiexx.dll 
  2009-05-16 02:38 . 2009-05-16 02:38	49664	----a-w-	c:\windows\system32\atimpc32.dll 
  2009-05-16 02:38 . 2009-05-16 02:38	49664	----a-w-	c:\windows\system32\amdpcom32.dll 
  2009-05-16 02:33 . 2009-05-16 02:33	479232	----a-w-	c:\windows\system32\atikvmag.dll 
  2009-05-16 02:31 . 2009-05-16 02:31	139264	----a-w-	c:\windows\system32\atiadlxx.dll 
  2009-05-16 02:31 . 2009-05-16 02:31	17408	----a-w-	c:\windows\system32\atitvo32.dll 
  2009-05-16 02:30 . 2009-05-16 02:30	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll 
  2009-05-16 02:26 . 2009-05-16 02:26	376832	----a-w-	c:\windows\system32\atiok3x2.dll 
  2009-05-16 02:24 . 2009-05-16 02:24	651264	----a-w-	c:\windows\system32\ati2cqag.dll 
  2009-05-16 01:35 . 2009-05-16 01:35	45056	----a-w-	c:\windows\system32\aticalrt.dll 
  2009-05-16 01:34 . 2009-05-16 01:34	45056	----a-w-	c:\windows\system32\aticalcl.dll 
  2009-05-16 01:33 . 2009-05-16 01:33	3158016	----a-w-	c:\windows\system32\aticaldd.dll 
  2009-05-15 18:05 . 2009-06-18 08:33	593920	------w-	c:\windows\system32\ati2sgag.exe 
  2009-05-13 05:04 . 2008-04-14 06:00	915456	----a-w-	c:\windows\system32\wininet.dll 
  2009-05-07 15:32 . 2008-04-14 06:00	345088	----a-w-	c:\windows\system32\localspl.dll 
  2009-05-05 19:33 . 2009-05-05 19:33	118784	----a-w-	c:\windows\system32\atibtmon.exe 
  2009-07-22 23:11 . 2009-06-18 08:07	134648	----a-w-	c:\program files\mozilla firefox\components\brwsrcmp.dll 
  . 
   
  (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  . 
  *Note* empty entries & legit default entries are not shown  
  REGEDIT4 
   
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] 
  "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960] 
   
  [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 
   
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 
  2009-07-05 13:46	2215960	----a-w-	c:\program files\BS_Player\tbBS_1.dll 
   
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] 
  "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960] 
   
  [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 
   
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] 
  "{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960] 
   
  [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 
   
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-18 133104] 
  "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] 
  "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208] 
  "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] 
  "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] 
  "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984] 
   
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "GEST"="=" [X] 
  "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] 
  "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152] 
  "Domino"="c:\windows\Domino.EXE" [2006-06-28 49152] 
  "AIMP2"="c:\program files\AIMP2\AIMP2.exe" [2008-12-30 358400] 
  "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] 
  "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] 
  "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] 
  "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] 
  "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208] 
  "Windowss"="smsWfi.exe" - c:\windows\smsWfi.exe [2009-06-23 147456] 
   
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] 
  "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] 
   
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] 
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"= 
  "%windir%\\system32\\sessmgr.exe"= 
  "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= 
  "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= 
  "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= 
  "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= 
  "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= 
  "c:\\Program Files\\MSN Messenger\\livecall.exe"= 
   
  R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.06.2009 09:57 108289] 
  R3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [05.07.2009 16:08 450944] 
  R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [18.06.2009 11:22 428160] 
  S2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe /s --> c:\windows\reset.exe  [?] 
   
  [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] 
  "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP 
  . 
  Contents of the 'Scheduled Tasks' folder 
   
  2009-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1383384898-1177238915-500Core.job 
  - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 07:30] 
   
  2009-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1383384898-1177238915-500UA.job 
  - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 07:30] 
  . 
  . 
  ------- Supplementary Scan ------- 
  . 
  uStart Page = about:blank 
  uInternet Settings,ProxyOverride = local 
  IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 
  TCP: {626F8656-8372-48BB-A7AD-C46E20F35E43} = 127.0.0.1 
  TCP: {D1428DCA-C5B2-46BF-8AE8-61F215A7D796} = 4.2.2.1,4.2.2.2 
  FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4pnj89e2.default\ 
  FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll 
  . 
   
  ************************************************************************** 
   
  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net 
  Rootkit scan 2009-07-26 19:58 
  Windows 5.1.2600 Service Pack 3 NTFS 
   
  scanning hidden processes ...   
   
  scanning hidden autostart entries ...  
   
  scanning hidden files ...   
   
  scan completed successfully 
  hidden files: 0 
   
  ************************************************************************** 
  . 
  --------------------- LOCKED REGISTRY KEYS --------------------- 
   
  [HKEY_USERS\S-1-5-21-2052111302-1383384898-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences] 
  @Denied: (2) (Administrator) 
  "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, 
     d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,47,2b,4b,1a,01,8e,45,96,75,54,\ 
  "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, 
     d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,47,2b,4b,1a,01,8e,45,96,75,54,\ 
  . 
  --------------------- DLLs Loaded Under Running Processes --------------------- 
   
  - - - - - - - > 'winlogon.exe'(956) 
  c:\windows\system32\Ati2evxx.dll 
   
  - - - - - - - > 'explorer.exe'(1288) 
  c:\windows\system32\WININET.dll 
  c:\windows\system32\webcheck.dll 
  . 
  Completion time: 2009-07-26 19:59 
  ComboFix-quarantined-files.txt  2009-07-26 16:59 
  ComboFix2.txt  2009-07-26 10:42 
  ComboFix3.txt  2009-07-25 16:49 
   
  Pre-Run: 89.845.944.320 bayt boş 
  Post-Run: 89.894.903.808 bayt boş 
   
  253	--- E O F ---	2009-07-09 04:02


Bu mesaja 1 cevap geldi.
T
tcebeci
16 yıl
Yarbay

Tamamdır, sorun gözükmüyor ama biz son kez mbam ile "Gelişmiş Tarama" seçeneğini işaretleyip tarama yaptıralım
http://www.guvenlikuzmanim.com/dosyalar/mbam-setup.exe

Tarama bittikten sonra tekrar log gönderirseniz sevinirim





< Bu mesaj bu kişi tarafından değiştirildi tcebeci -- 26 Temmuz 2009; 20:15:06 >
Bu mesaja 1 cevap geldi.
0
01Mrt
16 yıl
Yarbay
Konu Sahibi

Avengerı trojan olarak görüyor sanırım bulduğu üç şeyde avengerla ilgili...
USB hala takmıyorum eğer sorun yok herşey tamam derseniz takıcam...

Mbam Log 
Malwarebytes' Anti-Malware 1.39 
  Veritabanı sürümü: 2500 
  Windows 5.1.2600 Service Pack 3 
   
  26.07.2009 21:40:50 
  mbam-log-2009-07-26 (21-40-50).txt 
   
  Tarama biçimi: Gelişmiş Tarama (C:\|D:\|F:\|H:\|) 
  Taranan öğeler: 255435 
  Geçen süre: 38 minute(s), 25 second(s) 
   
  Etkilenmiş Hafıza İşlemleri: 0 
  Etkilenmiş Hafıza Modülleri: 0 
  Etkilenmiş Kayıt Anahtarları: 0 
  Etkilenmiş Kayıt Değerleri: 0 
  Etkilenmiş Kayıt Verisi Öğeleri: 1 
  Etkilenmiş Klasörler: 0 
  Etkilenmiş Dosyalar: 2 
   
  Etkilenmiş Hafıza İşlemleri: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Hafıza Modülleri: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Kayıt Anahtarları: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Kayıt Değerleri: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Kayıt Verisi Öğeleri: 
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. 
   
  Etkilenmiş Klasörler: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Dosyalar: 
  c:\documents and settings\administrator\Desktop\program & driver\avenger.exe (Trojan.Agnet) -> Quarantined and deleted successfully. 
  c:\documents and settings\administrator\local settings\application data\Google\Chrome\user data\Default\Cache\f_001627 (Trojan.Agnet) -> Quarantined and deleted successfully.


Bu mesaja 1 cevap geldi.
T
tcebeci
16 yıl
Yarbay

Sorun yok görünüyor, NOD32 ile ilgiligönderdiğim PM deki işlemi yaptınızmı?





< Bu mesaj bu kişi tarafından değiştirildi tcebeci -- 26 Temmuz 2009; 22:08:42 >
Bu mesaja 1 cevap geldi.
0
01Mrt
16 yıl
Yarbay
Konu Sahibi

evet yaptım...


Bu mesaja 1 cevap geldi.
T
tcebeci
16 yıl
Yarbay

Tamamdır o zaman sorunsuz.
Fakat birşey soracağım yaptırdığınız taramalarda, USB Flash Disk takılı değilmiydi E:\ sürücüsünde?


Bu mesaja 1 cevap geldi.
0
01Mrt
16 yıl
Yarbay
Konu Sahibi

hayır değil ve biçimlendirme yapmama rağmen aynı şeyle karşılaştım...
flash disk takılı iken sürekli kullanılıyor görünüyor bende çıkarıyorum...


Bu mesaja 1 cevap geldi.
T
tcebeci
16 yıl
Yarbay

Flash diskin içi şimdi virüs kaynıyordur. Bende ikaz etmeyi unuttum, kusura bakma. Şimdi ne kadar flash diskin varsa bilgisayara tak ve Combofix ve Mbam ile flash diskleride taramaya dahil etmelisin


Bu mesaja 1 cevap geldi.
0
01Mrt
16 yıl
Yarbay
Konu Sahibi

combofix kısa sürüyor ama mbam uzun sürüyor, yarına bırakıyorum artık sıkıldım...
yardımların için teşekkür ederim, ama sanki bilgisayara da birşey var ve flashı takınca bulaşıyor gibi geliyor bana mantık olarak...
başka bi düşüncen var mı?


Bu mesaja 1 cevap geldi.
T
tcebeci
16 yıl
Yarbay

flash tan bilgisayara atlıyor zaten virüs, işlemciyide sürekli meşgul ediyor.

Bilgisayar şu anda temiz ama flası taktığın anda herşey başa dönecek, en azından şimdilik combofix yaptırabilirsin





< Bu mesaj bu kişi tarafından değiştirildi tcebeci -- 26 Temmuz 2009; 22:27:12 >
Bu mesaja 1 cevap geldi.
0
01Mrt
16 yıl
Yarbay
Konu Sahibi

ama başka bilgisayarda biçimlendirdiğim zaman sorun olmuyor ve klasör görünmüyor, bu bilgisayara takınca etkileniyor...
iyice beynim sulandı yaaa ben böyle bişey görmedim ömrüm boyunca...
neyse yarın flash takılı olarak combo ve mbam loglarını eklerim...


Bu mesaja 1 cevap geldi.
T
tcebeci
16 yıl
Yarbay

Şöyle izah edeyim;
Flash a virüs bulaştıktan sonra taktığın anda bilgisayara virüs geçiyor. Bu virüste kendini sürücü olarak Windows a ekliyor. Bundan sonra flaşı formatlasan bile bilgisayara bulaşan virüs tekrar flaşa geçiyor.
Malesef çoğu antivirüs programı bunu englleyemiyor.


Ok, yarın tekrar görüşürüz ozaman iyi geceler

Edit: Bilgisayarda c:\windows\smsWfi.exe dosyası da virüslü gözümden kaçmış;
The Avenger a şöyle yazıyorsunuz;


Files to delete:
c:\windows\smsWfi.exe





< Bu mesaj bu kişi tarafından değiştirildi tcebeci -- 27 Temmuz 2009; 12:55:19 >
Bu mesaja 1 cevap geldi.
0
01Mrt
16 yıl
Yarbay
Konu Sahibi

Mesajınızı yeni aldım bu aralar hiç vaktim olmuyor, aşırı yoğun çalışıyorum...
Dediğinizi sildikten sonra bi combo yaparım...
Mutlaka en son hali ile bi log daha eklerim...

log 
ComboFix 09-07-20.05 - Administrator 26.07.2009 22:29.4.4 - NTFSx86 
  Microsoft Windows XP Professional  5.1.2600.3.1254.90.1055.18.3070.2596 [GMT 3:00] 
  Running from: c:\documents and settings\Administrator\Desktop\Program & Driver\ComboFix.exe 
  AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} 
   
  WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! 
  . 
   
  (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
   
  C:\cleanup.exe 
   
  . 
  (((((((((((((((((((((((((   Files Created from 2009-06-26 to 2009-07-26  ))))))))))))))))))))))))))))))) 
  . 
   
  2009-07-26 07:35 . 2009-07-26 07:35	--------	d-----w-	c:\program files\MadOnion.com 
  2009-07-25 18:53 . 2009-07-25 18:53	--------	d-----w-	c:\windows\system32\xircom 
  2009-07-25 18:53 . 2009-07-25 18:53	--------	d-----w-	c:\windows\system32\wbem\snmp 
  2009-07-25 18:53 . 2009-07-25 18:53	--------	d-----w-	c:\program files\microsoft frontpage 
  2009-07-25 16:59 . 2009-07-25 16:59	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Malwarebytes 
  2009-07-25 16:58 . 2009-07-13 10:36	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys 
  2009-07-25 16:58 . 2009-07-25 16:59	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware 
  2009-07-25 16:58 . 2009-07-25 16:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes 
  2009-07-25 16:58 . 2009-07-13 10:36	19096	----a-w-	c:\windows\system32\drivers\mbam.sys 
  2009-07-23 19:34 . 2009-07-23 19:34	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\ESET 
  2009-07-23 18:08 . 2009-07-23 18:08	--------	d-----w-	c:\documents and settings\Administrator\Application Data\ESET 
  2009-07-23 18:07 . 2009-07-23 18:07	--------	d-----w-	c:\windows\system32\config\systemprofile\Application Data\ESET 
  2009-07-23 18:06 . 2009-07-23 18:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\ESET 
  2009-07-21 19:53 . 2008-05-21 12:28	7994	----a-w-	C:\yama.vbs 
  2009-07-19 14:46 . 2009-07-19 14:46	--------	d-----w-	c:\documents and settings\Administrator\DoctorWeb 
  2009-07-19 10:50 . 2009-07-19 10:50	--------	d-----w-	c:\program files\Dracula Virüs Temizleyici 3.5 
  2009-07-17 19:38 . 2009-07-21 19:06	--------	d-----w-	c:\program files\Spybot - Search & Destroy 
  2009-07-17 19:38 . 2009-07-21 19:05	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 
  2009-07-17 19:35 . 2009-07-17 19:35	--------	d--h--w-	c:\windows\PIF 
  2009-07-17 17:47 . 2009-07-17 17:47	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Temp 
  2009-07-16 19:59 . 2008-06-19 14:24	28544	----a-w-	c:\windows\system32\drivers\pavboot.sys 
  2009-07-16 19:58 . 2009-07-16 19:58	--------	d-----w-	c:\program files\Panda Security 
  2009-07-12 11:28 . 2009-07-12 11:28	--------	d-----w-	c:\program files\Microsoft Silverlight 
  2009-07-12 09:06 . 2009-07-12 09:06	--------	d-sh--w-	c:\documents and settings\Administrator\IECompatCache 
  2009-07-11 20:10 . 2009-06-23 15:44	147456	--sh--r-	c:\windows\smsWfi.exe 
  2009-07-10 19:51 . 2009-07-10 19:51	--------	d-----w-	c:\program files\Bonjour 
  2009-07-10 19:46 . 2009-07-10 19:46	--------	d-----w-	c:\program files\Common Files\Macrovision Shared 
  2009-07-09 09:20 . 2009-07-09 09:20	--------	d-sh--w-	c:\documents and settings\Administrator\PrivacIE 
  2009-07-09 09:19 . 2009-07-09 09:19	--------	d-sh--w-	c:\documents and settings\Administrator\IETldCache 
  2009-07-09 04:02 . 2009-06-02 10:12	102912	------w-	c:\windows\system32\dllcache\iecompat.dll 
  2009-07-09 04:01 . 2009-07-09 04:01	--------	d-----w-	c:\windows\ie8updates 
  2009-07-09 04:01 . 2009-04-30 21:14	12800	------w-	c:\windows\system32\dllcache\xpshims.dll 
  2009-07-09 04:01 . 2009-04-30 21:14	1985024	------w-	c:\windows\system32\dllcache\iertutil.dll 
  2009-07-09 04:01 . 2009-04-30 21:14	11064832	------w-	c:\windows\system32\dllcache\ieframe.dll 
  2009-07-09 04:01 . 2009-04-30 21:14	246272	------w-	c:\windows\system32\dllcache\ieproxy.dll 
  2009-07-09 04:00 . 2009-07-09 04:01	--------	dc-h--w-	c:\windows\ie8 
  2009-07-05 13:15 . 2009-07-05 18:26	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\BS_Player 
  2009-07-05 13:15 . 2009-07-05 13:15	--------	d-----w-	c:\program files\Conduit 
  2009-07-05 13:15 . 2009-07-05 13:15	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Conduit 
  2009-07-05 13:15 . 2009-07-05 13:46	--------	d-----w-	c:\program files\BS_Player 
  2009-07-05 13:15 . 2009-07-05 13:15	--------	d-----w-	c:\program files\Webteh 
  2009-07-05 13:08 . 2009-07-05 13:08	--------	d-----w-	c:\program files\AirTies 
  2009-07-05 13:08 . 2007-03-16 09:53	450944	----a-w-	c:\windows\system32\drivers\TUSB1150.sys 
  2009-07-05 13:08 . 2006-12-04 12:42	97388	----a-w-	c:\windows\system32\drivers\Fwusb1b.bin 
  2009-07-03 20:45 . 2009-07-12 17:46	158	----a-w-	C:\tw0001.dat 
  2009-07-02 16:00 . 2008-04-13 08:45	32128	----a-w-	c:\windows\system32\drivers\usbccgp.sys 
  2009-06-30 16:37 . 2009-06-30 16:37	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\vdownloader 
  2009-06-28 18:22 . 2009-06-28 18:22	--------	d-----w-	c:\windows\system32\dns 
   
  . 
  ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  2009-07-26 07:35 . 2009-06-18 06:50	--------	d--h--w-	c:\program files\InstallShield Installation Information 
  2009-07-25 19:20 . 2009-06-18 16:12	--------	d-----w-	c:\program files\Unlocker 
  2009-07-18 17:50 . 2009-06-18 07:35	--------	d-----w-	c:\program files\MSN Messenger 
  2009-07-10 19:51 . 2009-06-18 16:18	--------	d-----w-	c:\program files\Common Files\Adobe 
  2009-06-26 19:05 . 2009-06-26 19:05	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Datalayer 
  2009-06-26 19:04 . 2009-06-26 19:04	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Nokia 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\documents and settings\Administrator\Application Data\PC Suite 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\program files\DIFX 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Suite 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\program files\Common Files\Nokia 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\program files\Common Files\PCSuite 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\program files\Nokia 
  2009-06-26 19:00 . 2009-06-26 19:00	--------	d-----w-	c:\documents and settings\All Users\Application Data\Downloaded Installations 
  2009-06-26 16:57 . 2009-06-18 07:41	68456	----a-w-	c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 
  2009-06-23 09:52 . 2001-11-22 15:00	68472	----a-w-	c:\windows\system32\perfc01F.dat 
  2009-06-23 09:52 . 2001-11-22 15:00	383452	----a-w-	c:\windows\system32\perfh01F.dat 
  2009-06-21 14:30 . 2009-06-21 14:30	--------	d-----w-	c:\documents and settings\Administrator\Application Data\GRETECH 
  2009-06-20 17:06 . 2009-06-18 16:51	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Ahead 
  2009-06-18 17:12 . 2009-06-18 17:06	--------	d-----w-	c:\program files\proeWildfire 3.0 
  2009-06-18 17:00 . 2009-06-18 16:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help 
  2009-06-18 16:59 . 2009-06-18 16:59	--------	d-----w-	c:\program files\Microsoft Works 
  2009-06-18 16:58 . 2009-06-18 16:58	--------	d-----w-	c:\program files\MSBuild 
  2009-06-18 16:58 . 2009-06-18 16:58	--------	d-----w-	c:\program files\Microsoft.NET 
  2009-06-18 16:56 . 2009-06-18 16:56	--------	d-----w-	c:\program files\Microsoft Visual Studio 8 
  2009-06-18 16:52 . 2009-06-18 16:51	--------	d-----w-	c:\program files\Common Files\Ahead 
  2009-06-18 16:51 . 2009-06-18 16:51	--------	d-----w-	c:\program files\Nero 
  2009-06-18 16:17 . 2009-06-18 16:17	--------	d-----w-	c:\documents and settings\All Users\Application Data\TechSmith 
  2009-06-18 16:17 . 2009-06-18 16:17	--------	d-----w-	c:\program files\TechSmith 
  2009-06-18 16:12 . 2009-06-18 16:12	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Desktopicon 
  2009-06-18 16:03 . 2009-06-18 16:03	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Media Player Classic 
  2009-06-18 16:02 . 2009-06-18 16:02	--------	d-----w-	c:\program files\K-Lite Codec Pack 
  2009-06-18 15:09 . 2009-06-18 15:09	--------	d-----w-	c:\documents and settings\Administrator\Application Data\vlc 
  2009-06-18 15:08 . 2009-06-18 15:08	--------	d-----w-	c:\program files\VideoLAN 
  2009-06-18 15:04 . 2009-06-18 15:04	--------	d-----w-	c:\program files\HD Tune 
  2009-06-18 13:25 . 2009-06-18 13:25	--------	d-----w-	c:\documents and settings\All Users\Application Data\ATI 
  2009-06-18 13:25 . 2009-06-18 13:25	--------	d-----w-	c:\documents and settings\Administrator\Application Data\ATI 
  2009-06-18 10:27 . 2009-06-18 10:27	--------	d-----w-	c:\program files\AIMP2 
  2009-06-18 08:35 . 2009-06-18 08:35	0	----a-w-	c:\windows\ativpsrm.bin 
  2009-06-18 08:34 . 2009-06-18 08:33	--------	d-----w-	c:\program files\ATI Technologies 
  2009-06-18 08:33 . 2009-06-18 07:45	--------	d-----w-	c:\program files\Common Files\InstallShield 
  2009-06-18 08:22 . 2009-06-18 08:22	--------	d-----w-	c:\program files\Vimicro 
  2009-06-18 08:20 . 2009-06-18 06:49	16608	----a-w-	c:\windows\gdrv.sys 
  2009-06-18 08:18 . 2009-06-18 08:18	319488	----a-w-	c:\windows\HideWin.exe 
  2009-06-18 08:07 . 2009-06-18 08:07	0	----a-w-	c:\windows\nsreg.dat 
  2009-06-18 07:53 . 2009-06-18 06:40	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat 
  2009-06-18 07:53 . 2009-06-18 07:53	12328	----a-w-	c:\documents and settings\beyaz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 
  2009-06-18 07:46 . 2009-06-18 07:46	--------	d-----w-	c:\program files\Intel 
  2009-06-18 07:45 . 2009-06-18 06:50	--------	d-----w-	c:\program files\Realtek 
  2009-06-18 06:57 . 2009-06-18 06:57	--------	d-----w-	c:\program files\Avira 
  2009-06-18 06:57 . 2009-06-18 06:57	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avira 
  2009-06-18 06:50 . 2009-06-18 06:50	--------	d-----w-	c:\documents and settings\Administrator\Application Data\InstallShield 
  2009-06-18 06:39 . 2009-06-18 06:39	21736	----a-w-	c:\windows\system32\emptyregdb.dat 
  2009-05-16 03:58 . 2009-05-16 03:58	4069888	----a-w-	c:\windows\system32\drivers\ati2mtag.sys 
  2009-05-16 03:39 . 2009-05-16 03:39	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll 
  2009-05-16 03:38 . 2009-05-16 03:38	335872	----a-w-	c:\windows\system32\ati2dvag.dll 
  2009-05-16 03:18 . 2009-05-16 03:18	204800	----a-w-	c:\windows\system32\atipdlxx.dll 
  2009-05-16 03:17 . 2009-05-16 03:17	155648	----a-w-	c:\windows\system32\Oemdspif.dll 
  2009-05-16 03:17 . 2009-05-16 03:17	26112	----a-w-	c:\windows\system32\Ati2mdxx.exe 
  2009-05-16 03:17 . 2009-05-16 03:17	43520	----a-w-	c:\windows\system32\ati2edxx.dll 
  2009-05-16 03:17 . 2009-05-16 03:17	155648	----a-w-	c:\windows\system32\ati2evxx.dll 
  2009-05-16 03:15 . 2009-05-16 03:15	602112	----a-w-	c:\windows\system32\ati2evxx.exe 
  2009-05-16 03:14 . 2009-05-16 03:14	53248	----a-w-	c:\windows\system32\ATIDDC.DLL 
  2009-05-16 03:07 . 2009-05-16 03:07	2987136	----a-w-	c:\windows\system32\ati3duag.dll 
  2009-05-16 02:55 . 2009-05-16 02:55	11423744	----a-w-	c:\windows\system32\atioglxx.dll 
  2009-05-16 02:54 . 2009-05-16 02:54	2122624	----a-w-	c:\windows\system32\ativvaxx.dll 
  2009-05-16 02:54 . 2009-05-16 02:54	887724	----a-w-	c:\windows\system32\ativva6x.dat 
  2009-05-16 02:54 . 2009-05-16 02:54	3	----a-w-	c:\windows\system32\ativva5x.dat 
  2009-05-16 02:51 . 2009-05-16 02:51	311296	----a-w-	c:\windows\system32\atiiiexx.dll 
  2009-05-16 02:38 . 2009-05-16 02:38	49664	----a-w-	c:\windows\system32\atimpc32.dll 
  2009-05-16 02:38 . 2009-05-16 02:38	49664	----a-w-	c:\windows\system32\amdpcom32.dll 
  2009-05-16 02:33 . 2009-05-16 02:33	479232	----a-w-	c:\windows\system32\atikvmag.dll 
  2009-05-16 02:31 . 2009-05-16 02:31	139264	----a-w-	c:\windows\system32\atiadlxx.dll 
  2009-05-16 02:31 . 2009-05-16 02:31	17408	----a-w-	c:\windows\system32\atitvo32.dll 
  2009-05-16 02:30 . 2009-05-16 02:30	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll 
  2009-05-16 02:26 . 2009-05-16 02:26	376832	----a-w-	c:\windows\system32\atiok3x2.dll 
  2009-05-16 02:24 . 2009-05-16 02:24	651264	----a-w-	c:\windows\system32\ati2cqag.dll 
  2009-05-16 01:35 . 2009-05-16 01:35	45056	----a-w-	c:\windows\system32\aticalrt.dll 
  2009-05-16 01:34 . 2009-05-16 01:34	45056	----a-w-	c:\windows\system32\aticalcl.dll 
  2009-05-16 01:33 . 2009-05-16 01:33	3158016	----a-w-	c:\windows\system32\aticaldd.dll 
  2009-05-15 18:05 . 2009-06-18 08:33	593920	------w-	c:\windows\system32\ati2sgag.exe 
  2009-05-13 05:04 . 2008-04-14 06:00	915456	----a-w-	c:\windows\system32\wininet.dll 
  2009-05-07 15:32 . 2008-04-14 06:00	345088	----a-w-	c:\windows\system32\localspl.dll 
  2009-05-05 19:33 . 2009-05-05 19:33	118784	----a-w-	c:\windows\system32\atibtmon.exe 
  2009-07-22 23:11 . 2009-06-18 08:07	134648	----a-w-	c:\program files\mozilla firefox\components\brwsrcmp.dll 
  . 
   
  (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  . 
  *Note* empty entries & legit default entries are not shown  
  REGEDIT4 
   
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] 
  "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960] 
   
  [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 
   
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 
  2009-07-05 13:46	2215960	----a-w-	c:\program files\BS_Player\tbBS_1.dll 
   
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] 
  "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960] 
   
  [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 
   
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] 
  "{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960] 
   
  [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 
   
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-18 133104] 
  "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] 
  "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208] 
  "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] 
  "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] 
  "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984] 
   
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "GEST"="=" [X] 
  "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] 
  "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152] 
  "Domino"="c:\windows\Domino.EXE" [2006-06-28 49152] 
  "AIMP2"="c:\program files\AIMP2\AIMP2.exe" [2008-12-30 358400] 
  "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] 
  "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] 
  "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] 
  "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] 
  "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208] 
  "Windowss"="smsWfi.exe" - c:\windows\smsWfi.exe [2009-06-23 147456] 
   
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] 
  "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] 
   
  [HKEY_LOCAL_MACHINE\software\microsoft\security center] 
  "UpdatesDisableNotify"=dword:00000001 
   
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] 
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"= 
  "%windir%\\system32\\sessmgr.exe"= 
  "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= 
  "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= 
  "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= 
  "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= 
  "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= 
  "c:\\Program Files\\MSN Messenger\\livecall.exe"= 
   
  R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.06.2009 09:57 108289] 
  R3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [05.07.2009 16:08 450944] 
  R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [18.06.2009 11:22 428160] 
  S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\documents and settings\Administrator\Desktop\RealTemp_3.00\WinRing0.sys [26.07.2009 19:30 14416] 
   
  [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] 
  "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP 
  . 
  Contents of the 'Scheduled Tasks' folder 
   
  2009-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1383384898-1177238915-500Core.job 
  - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 07:30] 
   
  2009-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1383384898-1177238915-500UA.job 
  - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 07:30] 
  . 
  . 
  ------- Supplementary Scan ------- 
  . 
  uStart Page = about:blank 
  uInternet Settings,ProxyOverride = local 
  IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 
  TCP: {626F8656-8372-48BB-A7AD-C46E20F35E43} = 127.0.0.1 
  FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4pnj89e2.default\ 
  FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll 
  . 
   
  ************************************************************************** 
   
  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net 
  Rootkit scan 2009-07-26 22:34 
  Windows 5.1.2600 Service Pack 3 NTFS 
   
  scanning hidden processes ...   
   
  scanning hidden autostart entries ...  
   
  scanning hidden files ...   
   
  scan completed successfully 
  hidden files: 0 
   
  ************************************************************************** 
  . 
  --------------------- LOCKED REGISTRY KEYS --------------------- 
   
  [HKEY_USERS\S-1-5-21-2052111302-1383384898-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences] 
  @Denied: (2) (Administrator) 
  "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, 
     d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,47,2b,4b,1a,01,8e,45,96,75,54,\ 
  "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, 
     d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,47,2b,4b,1a,01,8e,45,96,75,54,\ 
  . 
  --------------------- DLLs Loaded Under Running Processes --------------------- 
   
  - - - - - - - > 'winlogon.exe'(952) 
  c:\windows\system32\Ati2evxx.dll 
  . 
  Completion time: 2009-07-26 22:35 
  ComboFix-quarantined-files.txt  2009-07-26 19:35 
  ComboFix2.txt  2009-07-26 16:59 
  ComboFix3.txt  2009-07-26 10:42 
  ComboFix4.txt  2009-07-25 16:49 
   
  Pre-Run: 89.833.467.904 bayt boş 
  Post-Run: 89.881.124.864 bayt boş 
   
  249	--- E O F ---	2009-07-09 04:02





< Bu mesaj bu kişi tarafından değiştirildi 01Mrt -- 28 Temmuz 2009; 22:44:18 >
Bu mesaja 1 cevap geldi.
Donanım Sponsoru: incehesap.com
Yüklenme süresi: 1,934