DH Anasayfa
İndirim Kodu
Ara
Popüler
Foruma Git
Hakkımızda
Destek
Mobil Sürüm
Standart Site Görünümü
Bu Konuda
  • Tüm Forumlar
  • İşletim Sistemleri ve Yazılımlar
  • Yazılım Genel
  • Güvenlik Programları
  • Bu Konuda
Arama butonu
Bağlan:
Facebook
Google+
Twitter
Aşağı Git Tüm Forumlar İşletim Sistemleri ve Yazılımlar Yazılım Genel Güvenlik Programları Bilgisayarımda Virüs var (trojan, malware yada spyware) birçok program bulamıyor... Avira - Nod32
Bu konudaki kullanıcılar: 1 misafir, 1 mobil kullanıcı
40
Cevap 11389
Tıklama 0
Öne Çıkarma
Cevap: Bilgisayarımda Virüs var (trojan, malware yada spyware) birçok program bulamıyor... Avira - Nod32 (2. sayfa)
Cevap Yaz
Konuya Özel
D
Ducard
16 yıl
Yarbay

golovez arkadaşımızın oluşturduğu sil.rar dosyasını denediniz mi?
bu arada antivirüs olarak kaspersky'ı öneririm benim usb mede virüs bulaştı autorun.exe virüsü buldu ve karantinaya attı..ama silemedi ne yazık ki.ama olsun en azından etkisiz hale getirdi daha sonrada flash ı biçimlendirdim zaten





< Bu mesaj bu kişi tarafından değiştirildi Ducard -- 29 Temmuz 2009; 23:26:05 >
Bu mesaja 1 cevap geldi.
0
01Mrt
16 yıl
Yarbay
Konu Sahibi

Fazlaca araştırdım ama denk gelmemiştir, ayrıca key lisans vs gibi durumlardan dolayı avira kullanıyorum...

@tcebeci
Avengerda şöyle bir sorun gözüme çarptı, gizli driver bulunudu diyor bi baksan... 

Logfile of The Avenger Version 2.0, (c) by Swandog46 
 http://swandog46.geekstogo.com 
   
  Platform:  Windows XP 
   
  ******************* 
   
  Script file opened successfully. 
  Script file read successfully. 
   
  Backups directory opened successfully at C:\Avenger 
   
  ******************* 
   
  Beginning to process script file: 
   
  Rootkit scan active. 
   
  Hidden driver "sfycyq" found! 
  ImagePath:  system32\drivers\njvecfha.sys  
  Start Type:  0 (Boot) 
   
  Rootkit scan completed. 
   
   
  Warning:  Invalid contents in ServiceGroupOrder key! 
  There may be a driver loading earlier than Avenger! 
   
  File "c:\windows\smsWfi.exe" deleted successfully. 
   
  Completed script processing. 
   
  ******************* 
   
  Finished!  Terminate. 
   
   
   
  Logfile of The Avenger Version 2.0, (c) by Swandog46 
 http://swandog46.geekstogo.com 
   
  Platform:  Windows XP 
   
  ******************* 
   
  Script file opened successfully. 
  Script file read successfully. 
   
  Backups directory opened successfully at C:\Avenger 
   
  ******************* 
   
  Beginning to process script file: 
   
  Rootkit scan active. 
  No rootkits found! 
   
   
  Error:  file "c:\windows\smsWfi.exe" not found! 
  Deletion of file "c:\windows\smsWfi.exe" failed! 
  Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) 
    --> the object does not exist 
   
   
  Completed script processing. 
   
  ******************* 
   
  Finished!  Terminate.


Bu mesaja 1 cevap geldi.
T
tcebeci
16 yıl
Yarbay

"smsWfi.exe" virüsü silinmiş gözüküyor. Son kez USB disklerde takılıyken combofix ile taratıp, log gönderirmisin


Bu mesaja 1 cevap geldi.
0
01Mrt
16 yıl
Yarbay
Konu Sahibi

En son Combo log... 01/08/2009 
ComboFix 09-07-31.04 - Administrator 01.08.2009 21:33.5.4 - NTFSx86 
  Microsoft Windows XP Professional  5.1.2600.3.1254.90.1055.18.3070.2571 [GMT 3:00] 
  Running from: c:\documents and settings\Administrator\Desktop\Program & Driver\ComboFix.exe 
  AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} 
   * Created a new restore point 
   
  WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! 
  . 
   
  (((((((((((((((((((((((((   Files Created from 2009-07-01 to 2009-08-01  ))))))))))))))))))))))))))))))) 
  . 
   
  2009-07-30 09:13 . 2009-07-30 09:13	--------	d-----w-	c:\windows\Sun 
  2009-07-29 08:52 . 2009-07-29 08:52	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard 
  2009-07-27 19:58 . 2009-07-27 19:59	--------	d-----w-	C:\Downloads 
  2009-07-27 19:44 . 2009-08-01 18:38	--------	d-----w-	c:\program files\FlashGet 
  2009-07-27 19:35 . 2009-07-27 19:34	410984	----a-w-	c:\windows\system32\deploytk.dll 
  2009-07-27 19:34 . 2009-07-27 19:34	--------	d-----w-	c:\program files\Java 
  2009-07-27 19:33 . 2009-07-27 19:33	152576	----a-w-	c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_11\lzma.dll 
  2009-07-27 19:27 . 2009-07-27 19:36	--------	d-----w-	c:\program files\LimeWire 
  2009-07-27 18:57 . 2009-07-27 18:57	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Mininova 
  2009-07-27 18:57 . 2009-07-27 18:58	--------	d-----w-	c:\program files\Mininova 
  2009-07-26 07:35 . 2009-07-26 07:35	--------	d-----w-	c:\program files\MadOnion.com 
  2009-07-25 18:53 . 2009-07-25 18:53	--------	d-----w-	c:\windows\system32\xircom 
  2009-07-25 18:53 . 2009-07-25 18:53	--------	d-----w-	c:\windows\system32\wbem\snmp 
  2009-07-25 18:53 . 2009-07-25 18:53	--------	d-----w-	c:\program files\microsoft frontpage 
  2009-07-25 16:59 . 2009-07-25 16:59	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Malwarebytes 
  2009-07-25 16:58 . 2009-07-13 10:36	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys 
  2009-07-25 16:58 . 2009-07-25 16:59	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware 
  2009-07-25 16:58 . 2009-07-25 16:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes 
  2009-07-25 16:58 . 2009-07-13 10:36	19096	----a-w-	c:\windows\system32\drivers\mbam.sys 
  2009-07-23 19:34 . 2009-07-23 19:34	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\ESET 
  2009-07-23 18:08 . 2009-07-23 18:08	--------	d-----w-	c:\documents and settings\Administrator\Application Data\ESET 
  2009-07-23 18:07 . 2009-07-23 18:07	--------	d-----w-	c:\windows\system32\config\systemprofile\Application Data\ESET 
  2009-07-23 18:06 . 2009-07-23 18:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\ESET 
  2009-07-21 19:53 . 2008-05-21 12:28	7994	----a-w-	C:\yama.vbs 
  2009-07-19 14:46 . 2009-07-19 14:46	--------	d-----w-	c:\documents and settings\Administrator\DoctorWeb 
  2009-07-19 10:50 . 2009-07-19 10:50	--------	d-----w-	c:\program files\Dracula Virüs Temizleyici 3.5 
  2009-07-17 19:38 . 2009-07-21 19:06	--------	d-----w-	c:\program files\Spybot - Search & Destroy 
  2009-07-17 19:38 . 2009-07-21 19:05	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 
  2009-07-17 19:35 . 2009-07-17 19:35	--------	d--h--w-	c:\windows\PIF 
  2009-07-17 17:47 . 2009-08-01 17:57	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Temp 
  2009-07-16 19:59 . 2008-06-19 14:24	28544	----a-w-	c:\windows\system32\drivers\pavboot.sys 
  2009-07-16 19:58 . 2009-07-16 19:58	--------	d-----w-	c:\program files\Panda Security 
  2009-07-12 11:28 . 2009-07-12 11:28	--------	d-----w-	c:\program files\Microsoft Silverlight 
  2009-07-12 09:06 . 2009-07-12 09:06	--------	d-sh--w-	c:\documents and settings\Administrator\IECompatCache 
  2009-07-10 19:51 . 2009-07-10 19:51	--------	d-----w-	c:\program files\Bonjour 
  2009-07-10 19:46 . 2009-07-10 19:46	--------	d-----w-	c:\program files\Common Files\Macrovision Shared 
  2009-07-09 09:20 . 2009-07-09 09:20	--------	d-sh--w-	c:\documents and settings\Administrator\PrivacIE 
  2009-07-09 09:19 . 2009-07-09 09:19	--------	d-sh--w-	c:\documents and settings\Administrator\IETldCache 
  2009-07-09 04:02 . 2009-06-02 10:12	102912	------w-	c:\windows\system32\dllcache\iecompat.dll 
  2009-07-09 04:01 . 2009-07-09 04:01	--------	d-----w-	c:\windows\ie8updates 
  2009-07-09 04:01 . 2009-04-30 21:14	12800	------w-	c:\windows\system32\dllcache\xpshims.dll 
  2009-07-09 04:01 . 2009-04-30 21:14	1985024	------w-	c:\windows\system32\dllcache\iertutil.dll 
  2009-07-09 04:01 . 2009-04-30 21:14	11064832	------w-	c:\windows\system32\dllcache\ieframe.dll 
  2009-07-09 04:01 . 2009-04-30 21:14	246272	------w-	c:\windows\system32\dllcache\ieproxy.dll 
  2009-07-09 04:00 . 2009-07-09 04:01	--------	dc-h--w-	c:\windows\ie8 
  2009-07-05 13:15 . 2009-07-05 18:26	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\BS_Player 
  2009-07-05 13:15 . 2009-07-05 13:15	--------	d-----w-	c:\program files\Conduit 
  2009-07-05 13:15 . 2009-07-05 13:15	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Conduit 
  2009-07-05 13:15 . 2009-07-05 13:46	--------	d-----w-	c:\program files\BS_Player 
  2009-07-05 13:15 . 2009-07-05 13:15	--------	d-----w-	c:\program files\Webteh 
  2009-07-05 13:08 . 2009-07-05 13:08	--------	d-----w-	c:\program files\AirTies 
  2009-07-05 13:08 . 2007-03-16 09:53	450944	----a-w-	c:\windows\system32\drivers\TUSB1150.sys 
  2009-07-05 13:08 . 2006-12-04 12:42	97388	----a-w-	c:\windows\system32\drivers\Fwusb1b.bin 
  2009-07-03 20:45 . 2009-07-12 17:46	158	----a-w-	C:\tw0001.dat 
   
  . 
  ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  2009-07-31 19:37 . 2009-07-27 19:38	--------	d-----w-	c:\documents and settings\Administrator\Application Data\LimeWire 
  2009-07-30 18:20 . 2009-06-18 07:35	--------	d-----w-	c:\program files\MSN Messenger 
  2009-07-26 07:35 . 2009-06-18 06:50	--------	d--h--w-	c:\program files\InstallShield Installation Information 
  2009-07-25 19:20 . 2009-06-18 16:12	--------	d-----w-	c:\program files\Unlocker 
  2009-07-10 19:51 . 2009-06-18 16:18	--------	d-----w-	c:\program files\Common Files\Adobe 
  2009-06-26 19:05 . 2009-06-26 19:05	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Datalayer 
  2009-06-26 19:04 . 2009-06-26 19:04	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Nokia 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\documents and settings\Administrator\Application Data\PC Suite 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\program files\DIFX 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Suite 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\program files\Common Files\Nokia 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\program files\Common Files\PCSuite 
  2009-06-26 19:01 . 2009-06-26 19:01	--------	d-----w-	c:\program files\Nokia 
  2009-06-26 19:00 . 2009-06-26 19:00	--------	d-----w-	c:\documents and settings\All Users\Application Data\Downloaded Installations 
  2009-06-26 16:57 . 2009-06-18 07:41	68456	----a-w-	c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 
  2009-06-23 09:52 . 2001-11-22 15:00	68472	----a-w-	c:\windows\system32\perfc01F.dat 
  2009-06-23 09:52 . 2001-11-22 15:00	383452	----a-w-	c:\windows\system32\perfh01F.dat 
  2009-06-21 14:30 . 2009-06-21 14:30	--------	d-----w-	c:\documents and settings\Administrator\Application Data\GRETECH 
  2009-06-20 17:06 . 2009-06-18 16:51	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Ahead 
  2009-06-18 17:12 . 2009-06-18 17:06	--------	d-----w-	c:\program files\proeWildfire 3.0 
  2009-06-18 17:00 . 2009-06-18 16:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help 
  2009-06-18 16:59 . 2009-06-18 16:59	--------	d-----w-	c:\program files\Microsoft Works 
  2009-06-18 16:58 . 2009-06-18 16:58	--------	d-----w-	c:\program files\MSBuild 
  2009-06-18 16:58 . 2009-06-18 16:58	--------	d-----w-	c:\program files\Microsoft.NET 
  2009-06-18 16:56 . 2009-06-18 16:56	--------	d-----w-	c:\program files\Microsoft Visual Studio 8 
  2009-06-18 16:52 . 2009-06-18 16:51	--------	d-----w-	c:\program files\Common Files\Ahead 
  2009-06-18 16:51 . 2009-06-18 16:51	--------	d-----w-	c:\program files\Nero 
  2009-06-18 16:17 . 2009-06-18 16:17	--------	d-----w-	c:\documents and settings\All Users\Application Data\TechSmith 
  2009-06-18 16:17 . 2009-06-18 16:17	--------	d-----w-	c:\program files\TechSmith 
  2009-06-18 16:12 . 2009-06-18 16:12	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Desktopicon 
  2009-06-18 16:03 . 2009-06-18 16:03	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Media Player Classic 
  2009-06-18 16:02 . 2009-06-18 16:02	--------	d-----w-	c:\program files\K-Lite Codec Pack 
  2009-06-18 15:09 . 2009-06-18 15:09	--------	d-----w-	c:\documents and settings\Administrator\Application Data\vlc 
  2009-06-18 15:08 . 2009-06-18 15:08	--------	d-----w-	c:\program files\VideoLAN 
  2009-06-18 15:04 . 2009-06-18 15:04	--------	d-----w-	c:\program files\HD Tune 
  2009-06-18 13:25 . 2009-06-18 13:25	--------	d-----w-	c:\documents and settings\All Users\Application Data\ATI 
  2009-06-18 13:25 . 2009-06-18 13:25	--------	d-----w-	c:\documents and settings\Administrator\Application Data\ATI 
  2009-06-18 10:27 . 2009-06-18 10:27	--------	d-----w-	c:\program files\AIMP2 
  2009-06-18 08:35 . 2009-06-18 08:35	0	----a-w-	c:\windows\ativpsrm.bin 
  2009-06-18 08:34 . 2009-06-18 08:33	--------	d-----w-	c:\program files\ATI Technologies 
  2009-06-18 08:33 . 2009-06-18 07:45	--------	d-----w-	c:\program files\Common Files\InstallShield 
  2009-06-18 08:22 . 2009-06-18 08:22	--------	d-----w-	c:\program files\Vimicro 
  2009-06-18 08:20 . 2009-06-18 06:49	16608	----a-w-	c:\windows\gdrv.sys 
  2009-06-18 08:18 . 2009-06-18 08:18	319488	----a-w-	c:\windows\HideWin.exe 
  2009-06-18 08:07 . 2009-06-18 08:07	0	----a-w-	c:\windows\nsreg.dat 
  2009-06-18 07:53 . 2009-06-18 06:40	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat 
  2009-06-18 07:53 . 2009-06-18 07:53	12328	----a-w-	c:\documents and settings\beyaz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 
  2009-06-18 07:46 . 2009-06-18 07:46	--------	d-----w-	c:\program files\Intel 
  2009-06-18 07:45 . 2009-06-18 06:50	--------	d-----w-	c:\program files\Realtek 
  2009-06-18 06:57 . 2009-06-18 06:57	--------	d-----w-	c:\program files\Avira 
  2009-06-18 06:57 . 2009-06-18 06:57	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avira 
  2009-06-18 06:50 . 2009-06-18 06:50	--------	d-----w-	c:\documents and settings\Administrator\Application Data\InstallShield 
  2009-06-18 06:39 . 2009-06-18 06:39	21736	----a-w-	c:\windows\system32\emptyregdb.dat 
  2009-05-16 03:58 . 2009-05-16 03:58	4069888	----a-w-	c:\windows\system32\drivers\ati2mtag.sys 
  2009-05-16 03:39 . 2009-05-16 03:39	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll 
  2009-05-16 03:38 . 2009-05-16 03:38	335872	----a-w-	c:\windows\system32\ati2dvag.dll 
  2009-05-16 03:18 . 2009-05-16 03:18	204800	----a-w-	c:\windows\system32\atipdlxx.dll 
  2009-05-16 03:17 . 2009-05-16 03:17	155648	----a-w-	c:\windows\system32\Oemdspif.dll 
  2009-05-16 03:17 . 2009-05-16 03:17	26112	----a-w-	c:\windows\system32\Ati2mdxx.exe 
  2009-05-16 03:17 . 2009-05-16 03:17	43520	----a-w-	c:\windows\system32\ati2edxx.dll 
  2009-05-16 03:17 . 2009-05-16 03:17	155648	----a-w-	c:\windows\system32\ati2evxx.dll 
  2009-05-16 03:15 . 2009-05-16 03:15	602112	----a-w-	c:\windows\system32\ati2evxx.exe 
  2009-05-16 03:14 . 2009-05-16 03:14	53248	----a-w-	c:\windows\system32\ATIDDC.DLL 
  2009-05-16 03:07 . 2009-05-16 03:07	2987136	----a-w-	c:\windows\system32\ati3duag.dll 
  2009-05-16 02:55 . 2009-05-16 02:55	11423744	----a-w-	c:\windows\system32\atioglxx.dll 
  2009-05-16 02:54 . 2009-05-16 02:54	2122624	----a-w-	c:\windows\system32\ativvaxx.dll 
  2009-05-16 02:54 . 2009-05-16 02:54	887724	----a-w-	c:\windows\system32\ativva6x.dat 
  2009-05-16 02:54 . 2009-05-16 02:54	3	----a-w-	c:\windows\system32\ativva5x.dat 
  2009-05-16 02:51 . 2009-05-16 02:51	311296	----a-w-	c:\windows\system32\atiiiexx.dll 
  2009-05-16 02:38 . 2009-05-16 02:38	49664	----a-w-	c:\windows\system32\atimpc32.dll 
  2009-05-16 02:38 . 2009-05-16 02:38	49664	----a-w-	c:\windows\system32\amdpcom32.dll 
  2009-05-16 02:33 . 2009-05-16 02:33	479232	----a-w-	c:\windows\system32\atikvmag.dll 
  2009-05-16 02:31 . 2009-05-16 02:31	139264	----a-w-	c:\windows\system32\atiadlxx.dll 
  2009-05-16 02:31 . 2009-05-16 02:31	17408	----a-w-	c:\windows\system32\atitvo32.dll 
  2009-05-16 02:30 . 2009-05-16 02:30	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll 
  2009-05-16 02:26 . 2009-05-16 02:26	376832	----a-w-	c:\windows\system32\atiok3x2.dll 
  2009-05-16 02:24 . 2009-05-16 02:24	651264	----a-w-	c:\windows\system32\ati2cqag.dll 
  2009-05-16 01:35 . 2009-05-16 01:35	45056	----a-w-	c:\windows\system32\aticalrt.dll 
  2009-05-16 01:34 . 2009-05-16 01:34	45056	----a-w-	c:\windows\system32\aticalcl.dll 
  2009-05-16 01:33 . 2009-05-16 01:33	3158016	----a-w-	c:\windows\system32\aticaldd.dll 
  2009-05-15 18:05 . 2009-06-18 08:33	593920	------w-	c:\windows\system32\ati2sgag.exe 
  2009-05-13 05:04 . 2008-04-14 06:00	915456	----a-w-	c:\windows\system32\wininet.dll 
  2009-05-07 15:32 . 2008-04-14 06:00	345088	----a-w-	c:\windows\system32\localspl.dll 
  2009-05-05 19:33 . 2009-05-05 19:33	118784	----a-w-	c:\windows\system32\atibtmon.exe 
  2009-07-22 23:11 . 2009-06-18 08:07	134648	----a-w-	c:\program files\mozilla firefox\components\brwsrcmp.dll 
  . 
   
  (((((((((((((((((((((((((((((   SnapShot@2009-07-25_16.48.13   ))))))))))))))))))))))))))))))))))))))))) 
  . 
  + 2009-08-01 17:57 . 2009-08-01 17:57	16384              c:\windows\system32\config\systemprofile\Local Settings\temp\Perflib_Perfdata_a08.dat 
  + 2009-07-29 20:06 . 2009-07-29 20:06	29696              c:\windows\Installer\59f6c58.msi 
  + 2009-07-29 20:05 . 2009-07-29 20:05	29926              c:\windows\Installer\{CB7D9F91-E82E-450C-B884-3DB9A7099C73}\MsblIco.Exe 
  - 2009-07-18 17:48 . 2009-07-18 17:48	29926              c:\windows\Installer\{CB7D9F91-E82E-450C-B884-3DB9A7099C73}\MsblIco.Exe 
  + 2009-07-27 19:35 . 2009-07-27 19:34	148888              c:\windows\system32\javaws.exe 
  + 2009-07-27 19:35 . 2009-07-27 19:34	144792              c:\windows\system32\javaw.exe 
  + 2009-07-27 19:35 . 2009-07-27 19:34	144792              c:\windows\system32\java.exe 
  + 2009-07-27 19:34 . 2009-07-27 19:34	562176              c:\windows\Installer\5f1cb6.msi 
  + 2009-07-29 20:05 . 2009-07-29 20:05	732160              c:\windows\Installer\59f6c52.msi 
  . 
  (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  . 
  *Note* empty entries & legit default entries are not shown  
  REGEDIT4 
   
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] 
  "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960] 
  "{f592709f-ff4a-4862-b659-4afabda56312}"= "c:\program files\Mininova\tbMin0.dll" [2009-07-15 2224152] 
   
  [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 
   
  [HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}] 
   
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312}] 
  2009-07-15 07:09	2224152	----a-w-	c:\program files\Mininova\tbMin0.dll 
   
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 
  2009-07-05 13:46	2215960	----a-w-	c:\program files\BS_Player\tbBS_1.dll 
   
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] 
  "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960] 
  "{f592709f-ff4a-4862-b659-4afabda56312}"= "c:\program files\Mininova\tbMin0.dll" [2009-07-15 2224152] 
   
  [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 
   
  [HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}] 
   
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] 
  "{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-05 2215960] 
  "{F592709F-FF4A-4862-B659-4AFABDA56312}"= "c:\program files\Mininova\tbMin0.dll" [2009-07-15 2224152] 
   
  [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 
   
  [HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}] 
   
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-18 133104] 
  "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2009-07-30 5674352] 
  "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208] 
  "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] 
  "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] 
  "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984] 
   
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "GEST"="=" [X] 
  "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] 
  "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152] 
  "Domino"="c:\windows\Domino.EXE" [2006-06-28 49152] 
  "AIMP2"="c:\program files\AIMP2\AIMP2.exe" [2008-12-30 358400] 
  "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] 
  "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] 
  "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] 
  "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] 
  "BigDog303"="c:\windows\VM303_STI.EXE" [BU] 
  "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-27 136600] 
  "Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088] 
  "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208] 
   
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] 
  "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] 
   
  [HKEY_LOCAL_MACHINE\software\microsoft\security center] 
  "UpdatesDisableNotify"=dword:00000001 
   
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] 
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"= 
  "%windir%\\system32\\sessmgr.exe"= 
  "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= 
  "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= 
  "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= 
  "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= 
  "c:\\Program Files\\FlashGet\\FlashGet.exe"= 
  "c:\\Program Files\\LimeWire\\LimeWire.exe"= 
  "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= 
  "c:\\Program Files\\MSN Messenger\\livecall.exe"= 
   
  R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.06.2009 09:57 108289] 
  R3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [05.07.2009 16:08 450944] 
  R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [18.06.2009 11:22 428160] 
  S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\documents and settings\Administrator\Desktop\RealTemp_3.00\WinRing0.sys [26.07.2009 19:30 14416] 
   
  [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] 
  "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP 
  . 
  Contents of the 'Scheduled Tasks' folder 
   
  2009-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1383384898-1177238915-500Core.job 
  - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 07:30] 
   
  2009-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1383384898-1177238915-500UA.job 
  - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-18 07:30] 
  . 
  - - - - ORPHANS REMOVED - - - - 
   
  HKLM-Run-Windowss - smsWfi.exe 
   
   
  . 
  ------- Supplementary Scan ------- 
  . 
  uInternet Settings,ProxyOverride = local 
  IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm 
  IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm 
  IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 
  TCP: {626F8656-8372-48BB-A7AD-C46E20F35E43} = 127.0.0.1 
  FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4pnj89e2.default\ 
  FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll 
  . 
   
  ************************************************************************** 
   
  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net 
  Rootkit scan 2009-08-01 21:40 
  Windows 5.1.2600 Service Pack 3 NTFS 
   
  scanning hidden processes ...   
   
  scanning hidden autostart entries ...  
   
  HKLM\Software\Microsoft\Windows\CurrentVersion\Run 
    BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????  
   
  scanning hidden files ...   
   
  scan completed successfully 
  hidden files: 0 
   
  ************************************************************************** 
  . 
  --------------------- LOCKED REGISTRY KEYS --------------------- 
   
  [HKEY_USERS\S-1-5-21-2052111302-1383384898-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences] 
  @Denied: (2) (Administrator) 
  "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, 
     d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,47,2b,4b,1a,01,8e,45,96,75,54,\ 
  "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, 
     d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,47,2b,4b,1a,01,8e,45,96,75,54,\ 
  . 
  --------------------- DLLs Loaded Under Running Processes --------------------- 
   
  - - - - - - - > 'winlogon.exe'(936) 
  c:\windows\system32\Ati2evxx.dll 
   
  - - - - - - - > 'explorer.exe'(1960) 
  c:\windows\system32\WININET.dll 
  c:\program files\FlashGet\fgmgr.dll 
  c:\windows\system32\webcheck.dll 
  . 
  Completion time: 2009-08-01 21:41 
  ComboFix-quarantined-files.txt  2009-08-01 18:41 
  ComboFix2.txt  2009-07-26 19:35 
  ComboFix3.txt  2009-07-26 16:59 
  ComboFix4.txt  2009-07-26 10:42 
  ComboFix5.txt  2009-08-01 18:32 
   
  Pre-Run: 83.579.682.816 bayt boş 
  Post-Run: 84.943.335.424 bayt boş 
   
  287	--- E O F ---	2009-07-09 04:02


Usbde gizli klasörler artık yok...


Bu mesaja 1 cevap geldi.
T
tcebeci
16 yıl
Yarbay

Temiz görünüyor.
Yanlız şunu belirteyim, işyerindeki bilgisayarada virüs büyük ihtimalle bulaşmıştır. Eğer flash diskini onada takıyorsan dikkat et. Atlayıp tekrar evdeki bilgisayara bulaşmasın.





< Bu mesaj bu kişi tarafından değiştirildi tcebeci -- 1 Ağustos 2009; 22:49:45 >
Bu mesaja 1 cevap geldi.
0
01Mrt
16 yıl
Yarbay
Konu Sahibi

yardımların için çok teşekkür ederim...
birde zararlıların combodan nasıl anlaşıldığını anlatsan tam olacak...


Bu mesaja 1 cevap geldi.
T
tcebeci
16 yıl
Yarbay

quote:

Orijinalden alıntı: 01mrt

yardımların için çok teşekkür ederim...
birde zararlıların combodan nasıl anlaşıldığını anlatsan tam olacak...

çok şey istiyorsun ama
oda sonraya kalsın


Bu mesaja 1 cevap geldi.
K
kingcrimson
16 yıl
Çavuş

Merhaba
Aynı virüsten bizede bulaştı. Combofix ve mbam programlarını indirmeye çalıştım ama verilen linkler çalışmıyor.

Yardımcı olabilirmisiniz?
Teşekkürler


Bu mesaja 1 cevap geldi.
0
01Mrt
16 yıl
Yarbay
Konu Sahibi

mbam için
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

combo için
http://www.gezginler.net/modules/mydownloads/singlefile.php?download=combofix&lid=7011
not: comboyu indirdikten sonra kendisi gerekirse güncelleme yapacaktır...

cevap çok gecikti özür dilerim, işim ve yaşadığım yer değişikliğinden ötürü böyle oldu...


Bu mesaja 1 cevap geldi.
0
01Mrt
16 yıl
Yarbay
Konu Sahibi

@tcebeci
Bu arada yeni bir combo log (başka bir bilgisayara ait)... 

ComboFix 09-09-17.04 - MuRaT 18.09.2009 10:26.1.2 - NTFSx86 
  Microsoft Windows XP Professional  5.1.2600.3.1254.90.1055.18.1791.1119 [GMT 3:00] 
  Running from: c:\documents and settings\MuRaT\Desktop\ComboFix.exe 
  AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} 
   * Created a new restore point 
   
  WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! 
  . 
   
  (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
   
  c:\$recycle.bin\S-1-5-21-1535911280-805724543-1250089438-1001 
  c:\documents and settings\MuRaT\Application Data\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\ARPPRODUCTICON.exe 
  c:\documents and settings\MuRaT\Application Data\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\flatout.exe_853599CE1B5C4FEFB643B8F48F508EDC.exe 
  c:\documents and settings\MuRaT\Application Data\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\flatout.exe1_853599CE1B5C4FEFB643B8F48F508EDC.exe 
  c:\program files\driver 
  c:\windows\Alcmtr.exe 
  c:\windows\Installer\118559.msi 
  c:\windows\system32\scrrntr.dll 
   
  . 
  (((((((((((((((((((((((((   Files Created from 2009-08-18 to 2009-09-18  ))))))))))))))))))))))))))))))) 
  . 
   
  2009-09-18 07:24 . 2009-09-18 07:24	--------	d-----w-	c:\documents and settings\MuRaT\Application Data\Malwarebytes 
  2009-09-18 07:24 . 2009-09-10 11:54	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys 
  2009-09-18 07:24 . 2009-09-18 07:24	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware 
  2009-09-18 07:24 . 2009-09-18 07:24	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes 
  2009-09-18 07:24 . 2009-09-10 11:53	19160	----a-w-	c:\windows\system32\drivers\mbam.sys 
  2009-09-18 07:12 . 2008-03-22 21:37	113896	----a-w-	c:\windows\system32\drivers\keyscrambler.sys 
  2009-09-18 07:12 . 2009-09-18 07:12	--------	d-----w-	c:\program files\KeyScrambler 
   
  . 
  ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  2009-09-18 07:30 . 2009-05-12 21:01	--------	d-----w-	c:\documents and settings\MuRaT\Application Data\Orbit 
  2009-09-18 07:29 . 2009-04-11 16:44	49152	----a-w-	c:\windows\IgorDRV.dll 
  2009-09-18 07:29 . 2009-04-11 16:44	25040	----a-w-	c:\windows\system32\drivers\TVicHW32.sys 
  2009-09-18 07:29 . 2009-05-10 15:08	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP 
  2009-09-18 07:18 . 2009-04-15 08:09	--------	d-----w-	c:\program files\Total Video Converter 
  2009-09-18 06:42 . 2008-04-15 12:00	75218	----a-w-	c:\windows\system32\perfc01F.dat 
  2009-09-18 06:42 . 2008-04-15 12:00	414516	----a-w-	c:\windows\system32\perfh01F.dat 
  2009-09-17 17:54 . 2009-06-15 15:38	--------	d-----w-	c:\documents and settings\MuRaT\Application Data\TeraCopy 
  2009-08-17 12:17 . 2009-03-26 20:51	55656	----a-w-	c:\windows\system32\drivers\avgntflt.sys 
  2009-06-25 08:26 . 2008-04-15 12:00	729600	----a-w-	c:\windows\system32\lsasrv.dll 
  2009-06-25 08:26 . 2008-04-15 12:00	56832	----a-w-	c:\windows\system32\secur32.dll 
  2009-06-25 08:26 . 2008-04-15 12:00	54272	----a-w-	c:\windows\system32\wdigest.dll 
  2009-06-25 08:26 . 2008-04-15 12:00	301568	----a-w-	c:\windows\system32\kerberos.dll 
  2009-06-25 08:26 . 2008-04-15 12:00	147456	----a-w-	c:\windows\system32\schannel.dll 
  2009-06-25 08:26 . 2008-04-15 12:00	136192	----a-w-	c:\windows\system32\msv1_0.dll 
  2009-06-24 11:18 . 2008-04-15 12:00	92928	----a-w-	c:\windows\system32\drivers\ksecdd.sys 
  . 
   
  (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  . 
  *Note* empty entries & legit default entries are not shown  
  REGEDIT4 
   
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] 
  "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] 
  "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-24 203928] 
  "RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784] 
  "Fraps"="c:\program files\FRAPS\FRAPS.EXE" [2008-01-14 913064] 
  "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] 
   
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152] 
  "Domino"="c:\windows\Domino.EXE" [2006-06-28 49152] 
  "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] 
  "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] 
  "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664] 
  "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] 
  "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608] 
  "AIMP2"="c:\program files\AIMP2\AIMP2.exe" [2008-12-30 358400] 
  "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] 
  "MaxBlastMonitor.exe"="c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2008-06-27 1325800] 
  "AcronisTimounterMonitor"="c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe" [2008-06-27 904776] 
  "Maxtor Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2008-06-27 136472] 
  "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-04-04 1822720] 
  "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-10 16126464] 
   
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] 
  "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] 
   
  c:\documents and settings\MuRaT\Start Menu\Programlar\BaŸlang‡\ 
  Girder3.lnk - c:\documents and settings\MuRaT\Desktop\Kumanda\mce-kumanda\girder\Girder.exe [2009-5-2 1576960] 
  RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784] 
  TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536] 
  UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224] 
  Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648] 
   
  c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\ 
  Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-5-13 1690824] 
   
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] 
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"= 
  "%windir%\\system32\\sessmgr.exe"= 
  "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= 
  "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= 
  "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= 
  "c:\\WINDOWS\\system32\\PnkBstrA.exe"= 
  "c:\\WINDOWS\\system32\\PnkBstrB.exe"= 
  "d:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"= 
  "d:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"= 
  "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= 
  "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= 
   
  R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [26.03.2009 23:28 13696] 
  R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26.03.2009 23:51 108289] 
  R2 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [27.06.2008 17:03 431384] 
  R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [18.09.2009 10:12 113896] 
  R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [26.03.2009 23:42 428160] 
  S1 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\documents and settings\MuRaT\Desktop\hw32_240\HWiNFO32.SYS --> c:\documents and settings\MuRaT\Desktop\hw32_240\HWiNFO32.SYS [?] 
  S3 ATHFMWDL;Philips USB Wireless Adapter Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [06.05.2009 15:54 43392] 
  S3 CPWUA6D;Philips  USB Wireless Network Adapter Service;c:\windows\system32\drivers\CPWUA6D1.sys [07.05.2009 11:06 285696] 
  S3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [26.05.2009 12:05 450944] 
  S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [21.04.2004 17:51 16384] 
  . 
  . 
  ------- Supplementary Scan ------- 
  . 
  uStart Page = about:blank 
  IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 
  IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 
  IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 
  IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 
  IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
  FF - ProfilePath - c:\documents and settings\MuRaT\Application Data\Mozilla\Firefox\Profiles\pnw7vyx2.default\ 
  FF - component: c:\documents and settings\MuRaT\Application Data\Mozilla\Firefox\Profiles\pnw7vyx2.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll 
  FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv501.dll 
  . 
  - - - - ORPHANS REMOVED - - - - 
   
  HKLM-Run-BigDog303 - c:\windows\VM303_STI.EXE 
  HKLM-Run-AirTiesWUS-300 - c:\program files\AirTies\AirTiesWUS-300\WUS300.exe 
  AddRemove-Allway Sync 'n' Go_is1 - i:\allway sync 'n' go\unins000.exe 
   
   
   
  ************************************************************************** 
   
  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net 
  Rootkit scan 2009-09-18 10:29 
  Windows 5.1.2600 Service Pack 3 NTFS 
   
  scanning hidden processes ...   
   
  scanning hidden autostart entries ...  
   
  HKLM\Software\Microsoft\Windows\CurrentVersion\Run 
    BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????  
   
  scanning hidden files ...   
   
  scan completed successfully 
  hidden files: 0 
   
  ************************************************************************** 
  . 
  --------------------- DLLs Loaded Under Running Processes --------------------- 
   
  - - - - - - - > 'winlogon.exe'(908) 
  c:\windows\system32\Ati2evxx.dll 
   
  - - - - - - - > 'lsass.exe'(964) 
  c:\windows\system32\relog_ap.dll 
   
  - - - - - - - > 'explorer.exe'(4008) 
  c:\windows\system32\SHDOCVW.dll 
  c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll 
  c:\windows\system32\ntshrui.dll 
  c:\windows\system32\msi.dll 
  c:\windows\system32\ieframe.dll 
  c:\windows\system32\NETSHELL.dll 
  c:\windows\system32\credui.dll 
  . 
  ------------------------ Other Running Processes ------------------------ 
  . 
  c:\windows\system32\ati2evxx.exe 
  c:\windows\system32\ati2evxx.exe 
  c:\program files\Avira\AntiVir Desktop\avguard.exe 
  c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 
  c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe 
  c:\windows\system32\IoctlSvc.exe 
  c:\windows\system32\PnkBstrA.exe 
  c:\program files\Orbitdownloader\orbitnet.exe 
  c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 
  c:\windows\system32\wdfmgr.exe 
  c:\program files\Common Files\Nero\Lib\NMIndexingService.exe 
  . 
  ************************************************************************** 
  . 
  Completion time: 2009-09-18 10:32 - machine was rebooted 
  ComboFix-quarantined-files.txt  2009-09-18 07:31 
   
  Pre-Run: 8.946.614.272 bayt boş 
  Post-Run: 9.750.769.664 bayt boş 
   
  171	--- E O F ---	2009-09-11 18:14


Bu mesaja 1 cevap geldi.
T
tcebeci
16 yıl
Yarbay

baya virüs bulaşmış,
mbam
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

mbam ile gelişmiş tarama yaptıralım, daha sonra combofix ile bir kez daha taratıp her ikisinin log unu gönder. Beni PM ile de uyarırsan iyi olur.


Bu mesaja 1 cevap geldi.
0
01Mrt
16 yıl
Yarbay
Konu Sahibi

Mbam Log 
Malwarebytes' Anti-Malware 1.41 
  Veritabanı sürümü: 2819 
  Windows 5.1.2600 Service Pack 3 
   
  18.09.2009 16:50:15 
  mbam-log-2009-09-18 (16-50-15).txt 
   
  Tarama biçimi: Gelişmiş Tarama (C:\|D:\|E:\|F:\|) 
  Taranan öğeler: 143915 
  Geçen süre: 15 minute(s), 40 second(s) 
   
  Etkilenmiş Hafıza İşlemleri: 0 
  Etkilenmiş Hafıza Modülleri: 0 
  Etkilenmiş Kayıt Anahtarları: 0 
  Etkilenmiş Kayıt Değerleri: 0 
  Etkilenmiş Kayıt Verisi Öğeleri: 0 
  Etkilenmiş Klasörler: 0 
  Etkilenmiş Dosyalar: 0 
   
  Etkilenmiş Hafıza İşlemleri: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Hafıza Modülleri: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Kayıt Anahtarları: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Kayıt Değerleri: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Kayıt Verisi Öğeleri: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Klasörler: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Dosyalar: 
  (Herhangi bir tehlikeli öğe bulunmadı)


Combo Log 
ComboFix 09-09-17.04 - MuRaT 18.09.2009 16:52.2.2 - NTFSx86 
  Microsoft Windows XP Professional  5.1.2600.3.1254.90.1055.18.1791.1117 [GMT 3:00] 
  Running from: c:\documents and settings\MuRaT\Desktop\ComboFix.exe 
  AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} 
   
  WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! 
  . 
   
  (((((((((((((((((((((((((   Files Created from 2009-08-18 to 2009-09-18  ))))))))))))))))))))))))))))))) 
  . 
   
  2009-09-18 07:24 . 2009-09-18 07:24	--------	d-----w-	c:\documents and settings\MuRaT\Application Data\Malwarebytes 
  2009-09-18 07:24 . 2009-09-10 11:54	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys 
  2009-09-18 07:24 . 2009-09-18 07:24	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware 
  2009-09-18 07:24 . 2009-09-18 07:24	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes 
  2009-09-18 07:24 . 2009-09-10 11:53	19160	----a-w-	c:\windows\system32\drivers\mbam.sys 
  2009-09-18 07:12 . 2008-03-22 21:37	113896	----a-w-	c:\windows\system32\drivers\keyscrambler.sys 
  2009-09-18 07:12 . 2009-09-18 07:12	--------	d-----w-	c:\program files\KeyScrambler 
   
  . 
  ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  2009-09-18 13:52 . 2009-05-10 15:08	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP 
  2009-09-18 13:30 . 2008-04-15 12:00	75218	----a-w-	c:\windows\system32\perfc01F.dat 
  2009-09-18 13:30 . 2008-04-15 12:00	414516	----a-w-	c:\windows\system32\perfh01F.dat 
  2009-09-18 13:27 . 2009-05-12 21:01	--------	d-----w-	c:\documents and settings\MuRaT\Application Data\Orbit 
  2009-09-18 13:26 . 2009-04-11 16:44	49152	----a-w-	c:\windows\IgorDRV.dll 
  2009-09-18 13:26 . 2009-04-11 16:44	25040	----a-w-	c:\windows\system32\drivers\TVicHW32.sys 
  2009-09-18 07:49 . 2009-06-15 15:38	--------	d-----w-	c:\documents and settings\MuRaT\Application Data\TeraCopy 
  2009-09-18 07:18 . 2009-04-15 08:09	--------	d-----w-	c:\program files\Total Video Converter 
  2009-08-17 12:17 . 2009-03-26 20:51	55656	----a-w-	c:\windows\system32\drivers\avgntflt.sys 
  2009-06-25 08:26 . 2008-04-15 12:00	729600	----a-w-	c:\windows\system32\lsasrv.dll 
  2009-06-25 08:26 . 2008-04-15 12:00	56832	----a-w-	c:\windows\system32\secur32.dll 
  2009-06-25 08:26 . 2008-04-15 12:00	54272	----a-w-	c:\windows\system32\wdigest.dll 
  2009-06-25 08:26 . 2008-04-15 12:00	301568	----a-w-	c:\windows\system32\kerberos.dll 
  2009-06-25 08:26 . 2008-04-15 12:00	147456	----a-w-	c:\windows\system32\schannel.dll 
  2009-06-25 08:26 . 2008-04-15 12:00	136192	----a-w-	c:\windows\system32\msv1_0.dll 
  2009-06-24 11:18 . 2008-04-15 12:00	92928	----a-w-	c:\windows\system32\drivers\ksecdd.sys 
  . 
   
  (((((((((((((((((((((((((((((   SnapShot@2009-09-18_07.29.50   ))))))))))))))))))))))))))))))))))))))))) 
  . 
  - 2008-04-15 12:00 . 2009-09-18 06:42	66376              c:\windows\system32\perfc009.dat 
  + 2008-04-15 12:00 . 2009-09-18 13:30	66376              c:\windows\system32\perfc009.dat 
  + 2008-04-15 12:00 . 2009-09-18 13:30	427592              c:\windows\system32\perfh009.dat 
  - 2008-04-15 12:00 . 2009-09-18 06:42	427592              c:\windows\system32\perfh009.dat 
  . 
  (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  . 
  *Note* empty entries & legit default entries are not shown  
  REGEDIT4 
   
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] 
  "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] 
  "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-24 203928] 
  "RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784] 
  "Fraps"="c:\program files\FRAPS\FRAPS.EXE" [2008-01-14 913064] 
   
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152] 
  "Domino"="c:\windows\Domino.EXE" [2006-06-28 49152] 
  "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] 
  "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] 
  "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664] 
  "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] 
  "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608] 
  "AIMP2"="c:\program files\AIMP2\AIMP2.exe" [2008-12-30 358400] 
  "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] 
  "MaxBlastMonitor.exe"="c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2008-06-27 1325800] 
  "AcronisTimounterMonitor"="c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe" [2008-06-27 904776] 
  "Maxtor Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2008-06-27 136472] 
  "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] 
  "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-04-04 1822720] 
  "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-10 16126464] 
   
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] 
  "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] 
   
  c:\documents and settings\MuRaT\Start Menu\Programlar\BaŸlang‡\ 
  Girder3.lnk - c:\documents and settings\MuRaT\Desktop\Kumanda\mce-kumanda\girder\Girder.exe [2009-5-2 1576960] 
  RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784] 
  TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536] 
  UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224] 
  Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648] 
   
  c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\ 
  Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-5-13 1690824] 
   
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] 
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"= 
  "%windir%\\system32\\sessmgr.exe"= 
  "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= 
  "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= 
  "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= 
  "c:\\WINDOWS\\system32\\PnkBstrA.exe"= 
  "c:\\WINDOWS\\system32\\PnkBstrB.exe"= 
  "d:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"= 
  "d:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"= 
  "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= 
  "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= 
   
  R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [26.03.2009 23:28 13696] 
  R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26.03.2009 23:51 108289] 
  R2 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [27.06.2008 17:03 431384] 
  R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [18.09.2009 10:12 113896] 
  R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [26.03.2009 23:42 428160] 
  S1 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\documents and settings\MuRaT\Desktop\hw32_240\HWiNFO32.SYS --> c:\documents and settings\MuRaT\Desktop\hw32_240\HWiNFO32.SYS [?] 
  S3 ATHFMWDL;Philips USB Wireless Adapter Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [06.05.2009 15:54 43392] 
  S3 CPWUA6D;Philips  USB Wireless Network Adapter Service;c:\windows\system32\drivers\CPWUA6D1.sys [07.05.2009 11:06 285696] 
  S3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [26.05.2009 12:05 450944] 
  S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [21.04.2004 17:51 16384] 
  . 
  . 
  ------- Supplementary Scan ------- 
  . 
  uStart Page = about:blank 
  IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 
  IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 
  IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 
  IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 
  IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
  FF - ProfilePath - c:\documents and settings\MuRaT\Application Data\Mozilla\Firefox\Profiles\pnw7vyx2.default\ 
  FF - component: c:\documents and settings\MuRaT\Application Data\Mozilla\Firefox\Profiles\pnw7vyx2.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll 
  FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv501.dll 
  . 
   
  ************************************************************************** 
   
  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net 
  Rootkit scan 2009-09-18 16:54 
  Windows 5.1.2600 Service Pack 3 NTFS 
   
  scanning hidden processes ...   
   
  scanning hidden autostart entries ...  
   
  scanning hidden files ...   
   
  scan completed successfully 
  hidden files: 0 
   
  ************************************************************************** 
  . 
  --------------------- DLLs Loaded Under Running Processes --------------------- 
   
  - - - - - - - > 'winlogon.exe'(940) 
  c:\windows\system32\Ati2evxx.dll 
   
  - - - - - - - > 'lsass.exe'(996) 
  c:\windows\system32\relog_ap.dll 
   
  - - - - - - - > 'explorer.exe'(348) 
  c:\windows\system32\SHDOCVW.dll 
  c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll 
  c:\windows\system32\ntshrui.dll 
  c:\windows\system32\msi.dll 
  c:\windows\system32\ieframe.dll 
  c:\windows\system32\NETSHELL.dll 
  c:\windows\system32\credui.dll 
  . 
  Completion time: 2009-09-18 16:56 
  ComboFix-quarantined-files.txt  2009-09-18 13:56 
  ComboFix2.txt  2009-09-18 07:32 
   
  Pre-Run: 9.784.422.400 bayt boş 
  Post-Run: 9.768.878.080 bayt boş 
   
  145	--- E O F ---	2009-09-11 18:14


Bu mesaja 1 cevap geldi.
T
tcebeci
16 yıl
Yarbay

Herhangi bir sorun görünmüyor


Bu mesaja 1 cevap geldi.
0
01Mrt
16 yıl
Yarbay
Konu Sahibi

int. explorer açtığımda birkaç siteye girdiğimde kablosuz bağlantım kesiliyordu...
combofix çalıştırdım şuan bağlantım gitmiyor ama daha öncede yaptığı gibi aimp müzik çalarken takılıyor, sanki bir sorun var gibi...
mozillada takılma yok ie7 de var anlamadım...

loglar 

 
  ComboFix 10-01-11.03 - MuRaT 12.01.2010  15:31:47.3.2 - x86 
  Microsoft Windows XP Professional  5.1.2600.3.1254.90.1055.18.1791.1298 [GMT 2:00] 
  Running from: c:\documents and settings\MuRaT\Desktop\ComboFix.exe 
  AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} 
  . 
   
  (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
   
  c:\windows\system32\ccrpTmr6.dll 
  c:\windows\unins000.dat 
  c:\windows\unins000.exe 
   
  . 
  (((((((((((((((((((((((((   Files Created from 2009-12-12 to 2010-01-12  ))))))))))))))))))))))))))))))) 
  . 
   
  2010-01-12 13:26 . 2010-01-12 13:25	414720	----a-w-	c:\windows\system32\CF13641.exe 
  2010-01-10 10:46 . 2010-01-10 13:48	--------	d-----w-	c:\documents and settings\MuRaT\Application Data\Asterisks Password Viewer 
  2010-01-10 10:40 . 2010-01-10 13:47	--------	d-----w-	c:\program files\ABF software 
  2010-01-10 10:33 . 2010-01-10 10:33	5115824	----a-w-	c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 
  2010-01-10 05:25 . 2010-01-10 05:26	1956528	----a-w-	c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 
  2010-01-10 05:25 . 2010-01-10 09:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\NOS 
  2010-01-10 04:10 . 2009-08-06 17:23	215920	----a-w-	c:\windows\system32\muweb.dll 
  2010-01-10 04:10 . 2009-08-06 17:23	274288	----a-w-	c:\windows\system32\mucltui.dll 
  2010-01-09 12:06 . 2010-01-09 12:06	--------	d-----w-	c:\program files\Microsoft Silverlight 
  2010-01-09 12:06 . 2010-01-09 12:06	--------	d-----w-	c:\program files\Microsoft 
  2010-01-09 12:05 . 2010-01-09 12:05	--------	d-----w-	c:\program files\Windows Live SkyDrive 
  2010-01-05 12:46 . 2010-01-05 12:46	--------	d-----w-	c:\documents and settings\MuRaT\Local Settings\Application Data\Labcenter Electronics 
  2010-01-05 12:44 . 2010-01-05 12:44	--------	d-----w-	c:\program files\Common Files\Labcenter Electronics 
  2010-01-05 12:44 . 2005-10-18 15:36	54784	----a-w-	c:\windows\system32\INETWH32.DLL 
  2010-01-05 12:44 . 2005-10-18 15:36	1048576	----a-w-	c:\windows\system32\ROBOEX32.DLL 
  2010-01-05 12:44 . 2010-01-05 12:44	--------	d-----w-	c:\program files\Labcenter Electronics 
  2009-12-20 13:38 . 2010-01-10 10:46	--------	d-----w-	C:\Downloads 
  2009-12-19 14:32 . 2009-12-19 14:32	--------	d-----w-	C:\Games 
  2009-12-13 14:04 . 2004-07-09 02:26	354816	-c--a-w-	c:\windows\system32\dllcache\psisdecd.dll 
  2009-12-13 14:04 . 2004-07-09 02:26	354816	----a-w-	c:\windows\system32\psisdecd.dll 
  2009-12-13 14:04 . 2004-07-09 02:26	52096	-c--a-w-	c:\windows\system32\dllcache\msdv.sys 
  2009-12-13 14:04 . 2004-07-09 02:26	52096	----a-w-	c:\windows\system32\drivers\msdv.sys 
  2009-12-13 14:04 . 2004-07-09 02:26	15104	-c--a-w-	c:\windows\system32\dllcache\mpe.sys 
  2009-12-13 14:04 . 2004-07-09 02:26	15104	----a-w-	c:\windows\system32\drivers\mpe.sys 
  2009-12-13 14:04 . 2004-07-09 02:26	11392	-c--a-w-	c:\windows\system32\dllcache\bdasup.sys 
  2009-12-13 14:04 . 2004-07-09 02:26	11392	----a-w-	c:\windows\system32\drivers\bdasup.sys 
  2009-12-13 14:04 . 2005-12-05 16:07	63696	----a-w-	c:\windows\system32\dxdllreg.exe 
  2009-12-13 13:44 . 2009-12-13 13:44	554	----a-w-	c:\windows\eReg.dat 
   
  . 
  ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  2010-01-12 13:33 . 2008-04-15 12:00	76428	----a-w-	c:\windows\system32\perfc01F.dat 
  2010-01-12 13:33 . 2008-04-15 12:00	417200	----a-w-	c:\windows\system32\perfh01F.dat 
  2010-01-12 13:29 . 2009-11-09 20:34	--------	d-----w-	c:\documents and settings\LocalService\Application Data\VMware 
  2010-01-12 13:29 . 2009-11-09 20:33	--------	d-----w-	c:\documents and settings\All Users\Application Data\VMware 
  2010-01-12 13:27 . 2009-05-12 21:01	--------	d-----w-	c:\documents and settings\MuRaT\Application Data\Orbit 
  2010-01-12 13:26 . 2009-05-10 15:08	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP 
  2010-01-12 12:50 . 2009-06-15 15:38	--------	d-----w-	c:\documents and settings\MuRaT\Application Data\TeraCopy 
  2010-01-10 12:16 . 2009-09-18 07:24	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware 
  2010-01-10 09:17 . 2009-03-26 20:51	56816	----a-w-	c:\windows\system32\drivers\avgntflt.sys 
  2010-01-09 12:06 . 2009-03-26 20:27	18440	----a-w-	c:\documents and settings\MuRaT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 
  2010-01-09 12:05 . 2009-03-27 19:53	--------	d-----w-	c:\program files\Windows Live 
  2010-01-09 09:05 . 2009-03-26 20:29	--------	d--h--w-	c:\program files\InstallShield Installation Information 
  2010-01-07 14:07 . 2009-09-18 07:24	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys 
  2010-01-07 14:07 . 2009-09-18 07:24	19160	----a-w-	c:\windows\system32\drivers\mbam.sys 
  2009-12-14 12:31 . 2009-11-09 20:37	--------	d-----w-	c:\documents and settings\MuRaT\Application Data\VMware 
  2009-11-30 13:56 . 2009-11-30 13:56	376832	----a-w-	c:\windows\system32\AegisI5Installer.exe 
  2009-11-15 13:42 . 2009-11-15 13:42	--------	d-----w-	c:\program files\Croteam 
  2009-11-08 16:22 . 2009-04-11 16:44	49152	----a-w-	c:\windows\IgorDRV.dll 
  2009-11-08 16:22 . 2009-04-11 16:44	25040	----a-w-	c:\windows\system32\drivers\TVicHW32.sys 
  . 
   
  ------- Sigcheck ------- 
   
  [-] 2008-04-15 . BDF500F38016C7E1DD490E00DA28CD30 . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe 
  [-] 2008-04-15 . BDF500F38016C7E1DD490E00DA28CD30 . 976384 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe 
  . 
  (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  . 
  *Note* empty entries & legit default entries are not shown  
  REGEDIT4 
   
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] 
  "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] 
  "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-24 203928] 
  "RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784] 
  "Fraps"="c:\program files\FRAPS\FRAPS.EXE" [2008-01-14 913064] 
   
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "SkyTel"="SkyTel.EXE" [2007-04-04 1822720] 
  "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152] 
  "Domino"="c:\windows\Domino.EXE" [2006-06-28 49152] 
  "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] 
  "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] 
  "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464] 
  "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664] 
  "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] 
  "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608] 
  "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] 
  "MaxBlastMonitor.exe"="c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2008-06-27 1325800] 
  "AcronisTimounterMonitor"="c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe" [2008-06-27 904776] 
  "Maxtor Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2008-06-27 136472] 
  "AIMP2"="c:\program files\AIMP2\AIMP2.exe" [2008-12-30 358400] 
  "VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2008-09-18 64048] 
  "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000] 
   
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] 
  "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] 
   
  c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang�‡\ 
  Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-5-12 1690824] 
  Update Scheduler for Proteus Professional 7.lnk - c:\program files\Labcenter Electronics\Proteus 7 Professional\BIN\UDSCHED.EXE [2010-1-5 66076] 
   
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] 
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"= 
  "%windir%\\system32\\sessmgr.exe"= 
  "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= 
  "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= 
  "c:\\WINDOWS\\system32\\PnkBstrA.exe"= 
  "c:\\WINDOWS\\system32\\PnkBstrB.exe"= 
  "d:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"= 
  "d:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"= 
  "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= 
  "c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"= 
  "c:\\Documents and Settings\\MuRaT\\Desktop\\WiFi\\airwin\\bin\\buddy-ng.exe"= 
  "d:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"= 
  "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= 
  "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= 
   
  R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [26.03.2009 22:28 13696] 
  R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26.03.2009 22:51 108289] 
  R2 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [27.06.2008 16:03 431384] 
  R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [18.09.2008 23:06 54960] 
  R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [18.09.2009 09:12 113896] 
  R3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [26.05.2009 11:05 450944] 
  R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [26.03.2009 22:42 428160] 
  S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07.06.2009 13:08 717296] 
  S1 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\documents and settings\MuRaT\Desktop\hw32_240\HWiNFO32.SYS --> c:\documents and settings\MuRaT\Desktop\hw32_240\HWiNFO32.SYS [?] 
  S3 ATHFMWDL;Philips USB Wireless Adapter Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [06.05.2009 14:54 43392] 
  S3 CPWUA6D;Philips  USB Wireless Network Adapter Service;c:\windows\system32\drivers\CPWUA6D1.sys [07.05.2009 10:06 285696] 
  S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [08.11.2009 12:22 332928] 
  S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [21.04.2004 16:51 16384] 
  . 
  . 
  ------- Supplementary Scan ------- 
  . 
  uStart Page = about:blank 
  IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 
  IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 
  IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 
  IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 
  IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
  LSP: c:\program files\VMware\VMware Player\vsocklib.dll 
  TCP: {4E32316D-2AB0-408F-97F3-0BC5A95CF30A} = 4.2.2.1,4.2.2.2 
  FF - ProfilePath - c:\documents and settings\MuRaT\Application Data\Mozilla\Firefox\Profiles\pnw7vyx2.default\ 
  FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tr 
  FF - component: c:\documents and settings\MuRaT\Application Data\Mozilla\Firefox\Profiles\pnw7vyx2.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll 
  FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll 
  FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv501.dll 
  . 
  - - - - ORPHANS REMOVED - - - - 
   
  HKLM-Run-BigDog303 - c:\windows\VM303_STI.EXE 
  AddRemove-RecoveryDisk6281_is1 - c:\windows\unins000.exe 
   
   
   
  ************************************************************************** 
  scanning hidden processes ...   
   
  scanning hidden autostart entries ...  
   
  HKLM\Software\Microsoft\Windows\CurrentVersion\Run 
    BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????  
   
  scanning hidden files ...   
   
  scan completed successfully 
  hidden files:  
   
  ************************************************************************** 
  . 
  --------------------- LOCKED REGISTRY KEYS --------------------- 
   
  [HKEY_USERS\S-1-5-21-1085031214-879983540-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A6A5BFD-47FA-B036-172A-3DBB72293D79}*] 
  @Allowed: (Read) (RestrictedCode) 
  @Allowed: (Read) (RestrictedCode) 
  . 
  --------------------- DLLs Loaded Under Running Processes --------------------- 
   
  - - - - - - - > 'winlogon.exe'(1268) 
  c:\windows\system32\Ati2evxx.dll 
   
  - - - - - - - > 'lsass.exe'(1324) 
  c:\windows\system32\relog_ap.dll 
  . 
  Completion time: 2010-01-12  15:35:13 
  ComboFix-quarantined-files.txt  2010-01-12 13:35 
   
  Pre-Run: 6.904.332.288 bayt boş 
  Post-Run: 7.281.844.224 bayt boş 
   
  WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe 
  [boot loader] 
  timeout=2 
  default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS 
  [operating systems] 
  c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 
  multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT /USEPMTIMER 
  multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 
   
  - - End Of File - - 963F37558C882F0D16362B1FC8539B0D 
   
  


 
  Malwarebytes' Anti-Malware 1.44 
  Veritabanı sürümü: 3510 
  Windows 5.1.2600 Service Pack 3 
  Internet Explorer 7.0.5730.13 
   
  12.01.2010 15:24:16 
  mbam-log-2010-01-12 (15-24-16).txt 
   
  Tarama biçimi: Gelişmiş Tarama (C:\|D:\|E:\|F:\|G:\|) 
  Taranan öğeler: 220795 
  Geçen süre: 39 minute(s), 35 second(s) 
   
  Etkilenmiş Hafıza İşlemleri: 0 
  Etkilenmiş Hafıza Modülleri: 0 
  Etkilenmiş Kayıt Anahtarları: 0 
  Etkilenmiş Kayıt Değerleri: 0 
  Etkilenmiş Kayıt Verisi Öğeleri: 0 
  Etkilenmiş Klasörler: 0 
  Etkilenmiş Dosyalar: 1 
   
  Etkilenmiş Hafıza İşlemleri: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Hafıza Modülleri: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Kayıt Anahtarları: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Kayıt Değerleri: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Kayıt Verisi Öğeleri: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Klasörler: 
  (Herhangi bir tehlikeli öğe bulunmadı) 
   
  Etkilenmiş Dosyalar: 
  G:\E'deki\Program\wrar371tr\Unipatch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.





< Bu mesaj bu kişi tarafından değiştirildi 01Mrt -- 12 Ocak 2010; 16:50:28 >
Bu mesaja 1 cevap geldi.
T
tcebeci
16 yıl
Yarbay

Norman malware cleaner programını indirip
flash diskleride ekleyip taratın, sonra Combofix le taratın

Her ikisininde loglarını gönderin.

Edit: bir hayli virüs bulaşmış





< Bu mesaj bu kişi tarafından değiştirildi tcebeci -- 12 Ocak 2010; 17:06:33 >
Bu mesaja 1 cevap geldi.
0
01Mrt
16 yıl
Yarbay
Konu Sahibi

loglar 

 
   
  ComboFix 10-01-11.03 - MuRaT 12.01.2010  18:36:43.4.2 - x86 
  Microsoft Windows XP Professional  5.1.2600.3.1254.90.1055.18.1791.1391 [GMT 2:00] 
  Running from: c:\documents and settings\MuRaT\Desktop\ComboFix.exe 
  AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} 
  . 
   
  (((((((((((((((((((((((((   Files Created from 2009-12-12 to 2010-01-12  ))))))))))))))))))))))))))))))) 
  . 
   
  2010-01-12 13:26 . 2010-01-12 13:25	414720	----a-w-	c:\windows\system32\CF13641.exe 
  2010-01-10 10:46 . 2010-01-10 13:48	--------	d-----w-	c:\documents and settings\MuRaT\Application Data\Asterisks Password Viewer 
  2010-01-10 10:40 . 2010-01-10 13:47	--------	d-----w-	c:\program files\ABF software 
  2010-01-10 10:33 . 2010-01-10 10:33	5115824	----a-w-	c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 
  2010-01-10 05:25 . 2010-01-10 05:26	1956528	----a-w-	c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 
  2010-01-10 05:25 . 2010-01-10 09:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\NOS 
  2010-01-10 04:10 . 2009-08-06 17:23	215920	----a-w-	c:\windows\system32\muweb.dll 
  2010-01-10 04:10 . 2009-08-06 17:23	274288	----a-w-	c:\windows\system32\mucltui.dll 
  2010-01-09 12:06 . 2010-01-09 12:06	--------	d-----w-	c:\program files\Microsoft Silverlight 
  2010-01-09 12:06 . 2010-01-09 12:06	--------	d-----w-	c:\program files\Microsoft 
  2010-01-09 12:05 . 2010-01-09 12:05	--------	d-----w-	c:\program files\Windows Live SkyDrive 
  2010-01-05 12:46 . 2010-01-05 12:46	--------	d-----w-	c:\documents and settings\MuRaT\Local Settings\Application Data\Labcenter Electronics 
  2010-01-05 12:44 . 2010-01-05 12:44	--------	d-----w-	c:\program files\Common Files\Labcenter Electronics 
  2010-01-05 12:44 . 2005-10-18 15:36	54784	----a-w-	c:\windows\system32\INETWH32.DLL 
  2010-01-05 12:44 . 2005-10-18 15:36	1048576	----a-w-	c:\windows\system32\ROBOEX32.DLL 
  2010-01-05 12:44 . 2010-01-05 12:44	--------	d-----w-	c:\program files\Labcenter Electronics 
  2009-12-20 13:38 . 2010-01-10 10:46	--------	d-----w-	C:\Downloads 
  2009-12-19 14:32 . 2009-12-19 14:32	--------	d-----w-	C:\Games 
   
  . 
  ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  2010-01-12 16:40 . 2008-04-15 12:00	76428	----a-w-	c:\windows\system32\perfc01F.dat 
  2010-01-12 16:40 . 2008-04-15 12:00	417200	----a-w-	c:\windows\system32\perfh01F.dat 
  2010-01-12 16:36 . 2009-11-09 20:34	--------	d-----w-	c:\documents and settings\LocalService\Application Data\VMware 
  2010-01-12 16:36 . 2009-11-09 20:33	--------	d-----w-	c:\documents and settings\All Users\Application Data\VMware 
  2010-01-12 16:34 . 2009-05-12 21:01	--------	d-----w-	c:\documents and settings\MuRaT\Application Data\Orbit 
  2010-01-12 16:34 . 2009-05-10 15:08	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP 
  2010-01-12 12:50 . 2009-06-15 15:38	--------	d-----w-	c:\documents and settings\MuRaT\Application Data\TeraCopy 
  2010-01-10 12:16 . 2009-09-18 07:24	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware 
  2010-01-10 09:17 . 2009-03-26 20:51	56816	----a-w-	c:\windows\system32\drivers\avgntflt.sys 
  2010-01-09 12:06 . 2009-03-26 20:27	18440	----a-w-	c:\documents and settings\MuRaT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 
  2010-01-09 12:05 . 2009-03-27 19:53	--------	d-----w-	c:\program files\Windows Live 
  2010-01-09 09:05 . 2009-03-26 20:29	--------	d--h--w-	c:\program files\InstallShield Installation Information 
  2010-01-07 14:07 . 2009-09-18 07:24	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys 
  2010-01-07 14:07 . 2009-09-18 07:24	19160	----a-w-	c:\windows\system32\drivers\mbam.sys 
  2009-12-14 12:31 . 2009-11-09 20:37	--------	d-----w-	c:\documents and settings\MuRaT\Application Data\VMware 
  2009-12-13 13:44 . 2009-12-13 13:44	554	----a-w-	c:\windows\eReg.dat 
  2009-11-30 13:56 . 2009-11-30 13:56	376832	----a-w-	c:\windows\system32\AegisI5Installer.exe 
  2009-11-15 13:42 . 2009-11-15 13:42	--------	d-----w-	c:\program files\Croteam 
  2009-11-08 16:22 . 2009-04-11 16:44	49152	----a-w-	c:\windows\IgorDRV.dll 
  2009-11-08 16:22 . 2009-04-11 16:44	25040	----a-w-	c:\windows\system32\drivers\TVicHW32.sys 
  . 
   
  ------- Sigcheck ------- 
   
  [-] 2008-04-15 . BDF500F38016C7E1DD490E00DA28CD30 . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe 
  [-] 2008-04-15 . BDF500F38016C7E1DD490E00DA28CD30 . 976384 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe 
  . 
  (((((((((((((((((((((((((((((   SnapShot@2010-01-12_13.34.39   ))))))))))))))))))))))))))))))))))))))))) 
  . 
  + 2010-01-12 16:36 . 2010-01-12 16:36	16384              c:\windows\temp\Perflib_Perfdata_9fc.dat 
  + 2008-04-15 12:00 . 2010-01-12 16:40	67586              c:\windows\system32\perfc009.dat 
  - 2008-04-15 12:00 . 2010-01-12 13:33	67586              c:\windows\system32\perfc009.dat 
  + 2008-04-15 12:00 . 2010-01-12 16:40	430276              c:\windows\system32\perfh009.dat 
  - 2008-04-15 12:00 . 2010-01-12 13:33	430276              c:\windows\system32\perfh009.dat 
  . 
  (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  . 
  *Note* empty entries & legit default entries are not shown  
  REGEDIT4 
   
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] 
  "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] 
  "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-24 203928] 
  "RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784] 
  "Fraps"="c:\program files\FRAPS\FRAPS.EXE" [2008-01-14 913064] 
   
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "SkyTel"="SkyTel.EXE" [2007-04-04 1822720] 
  "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152] 
  "Domino"="c:\windows\Domino.EXE" [2006-06-28 49152] 
  "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] 
  "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] 
  "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464] 
  "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664] 
  "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] 
  "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608] 
  "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] 
  "MaxBlastMonitor.exe"="c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2008-06-27 1325800] 
  "AcronisTimounterMonitor"="c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe" [2008-06-27 904776] 
  "Maxtor Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2008-06-27 136472] 
  "AIMP2"="c:\program files\AIMP2\AIMP2.exe" [2008-12-30 358400] 
  "VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2008-09-18 64048] 
   
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] 
  "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] 
   
  c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\ 
  Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-5-12 1690824] 
  Update Scheduler for Proteus Professional 7.lnk - c:\program files\Labcenter Electronics\Proteus 7 Professional\BIN\UDSCHED.EXE [2010-1-5 66076] 
   
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] 
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"= 
  "%windir%\\system32\\sessmgr.exe"= 
  "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= 
  "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= 
  "c:\\WINDOWS\\system32\\PnkBstrA.exe"= 
  "c:\\WINDOWS\\system32\\PnkBstrB.exe"= 
  "d:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"= 
  "d:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"= 
  "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= 
  "c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"= 
  "c:\\Documents and Settings\\MuRaT\\Desktop\\WiFi\\airwin\\bin\\buddy-ng.exe"= 
  "d:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"= 
  "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= 
  "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= 
   
  R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [26.03.2009 22:28 13696] 
  R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26.03.2009 22:51 108289] 
  R2 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [27.06.2008 16:03 431384] 
  R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [18.09.2008 23:06 54960] 
  R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [18.09.2009 09:12 113896] 
  S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07.06.2009 13:08 717296] 
  S1 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\documents and settings\MuRaT\Desktop\hw32_240\HWiNFO32.SYS --> c:\documents and settings\MuRaT\Desktop\hw32_240\HWiNFO32.SYS [?] 
  S3 ATHFMWDL;Philips USB Wireless Adapter Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [06.05.2009 14:54 43392] 
  S3 CPWUA6D;Philips  USB Wireless Network Adapter Service;c:\windows\system32\drivers\CPWUA6D1.sys [07.05.2009 10:06 285696] 
  S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [08.11.2009 12:22 332928] 
  S3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [26.05.2009 11:05 450944] 
  S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [26.03.2009 22:42 428160] 
  S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [21.04.2004 16:51 16384] 
  . 
  . 
  ------- Supplementary Scan ------- 
  . 
  uStart Page = about:blank 
  IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 
  IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 
  IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 
  IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 
  IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
  LSP: c:\program files\VMware\VMware Player\vsocklib.dll 
  TCP: {4E32316D-2AB0-408F-97F3-0BC5A95CF30A} = 4.2.2.1,4.2.2.2 
  FF - ProfilePath - c:\documents and settings\MuRaT\Application Data\Mozilla\Firefox\Profiles\pnw7vyx2.default\ 
  FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tr 
  FF - component: c:\documents and settings\MuRaT\Application Data\Mozilla\Firefox\Profiles\pnw7vyx2.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll 
  FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll 
  FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv501.dll 
  . 
   
  ************************************************************************** 
   
  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net 
  Rootkit scan 2010-01-12 18:54 
  Windows 5.1.2600 Service Pack 3 NTFS 
   
  scanning hidden processes ...   
   
  scanning hidden autostart entries ...  
   
  scanning hidden files ...   
   
  scan completed successfully 
  hidden files: 0 
   
  ************************************************************************** 
  . 
  --------------------- LOCKED REGISTRY KEYS --------------------- 
   
  [HKEY_USERS\S-1-5-21-1085031214-879983540-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A6A5BFD-47FA-B036-172A-3DBB72293D79}*] 
  @Allowed: (Read) (RestrictedCode) 
  @Allowed: (Read) (RestrictedCode) 
  . 
  --------------------- DLLs Loaded Under Running Processes --------------------- 
   
  - - - - - - - > 'winlogon.exe'(1184) 
  c:\windows\system32\Ati2evxx.dll 
   
  - - - - - - - > 'lsass.exe'(1240) 
  c:\windows\system32\relog_ap.dll 
  . 
  Completion time: 2010-01-12  18:55:30 
  ComboFix-quarantined-files.txt  2010-01-12 16:55 
  ComboFix2.txt  2010-01-12 13:35 
   
  Pre-Run: 7.113.007.104 bayt boş 
  Post-Run: 7.186.632.704 bayt boş 
   
  - - End Of File - - 710981457CED903F0B1A4C37F7FC817B 
   
  


 
   
  Norman Malware Cleaner 
  Version 1.6.2 
  Copyright © 1990 - 2009, Norman ASA. Built 2010/01/12 10:16:01 
   
  Norman Scanner Engine Version: 6.04.03 
  Nvcbin.def Version: 6.04.00, Date: 2010/01/12 10:16:01, Variants: 4681230 
   
  Scan started: 12/01/2010 17:48:34 
   
  Running pre-scan cleanup routine: 
  Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3 
  Logged on user: MRT\MuRaT 
   
  Removed registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> SFCScan = 0x00000000 
  Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS =  -> "" 
  Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000 
  Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000 
  Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000 
   
  Scanning bootsectors... 
   
  Number of sectors found: 0 
  Number of sectors scanned: 0 
  Number of sectors not scanned: 0 
  Number of infections found: 0 
  Number of infections removed: 0 
  Total scanning time: 0s 
   
   
  Scanning running processes and process memory... 
   
  Number of processes/threads found: 5636 
  Number of processes/threads scanned: 5636 
  Number of processes/threads not scanned: 0 
  Number of infected processes/threads terminated: 0 
  Total scanning time: 1m 42s 
   
   
  Scanning file system... 
   
  Scanning: prescan 
   
  Scanning: C:\*.* 
   
  C:\Documents and Settings\MuRaT\Desktop\usb\MRT\11-Klite.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  C:\Documents and Settings\MuRaT\Desktop\usb\pro\BSplayer.Pro.2.50.built.1011.rar/BSplayer.Pro.2.50.built.1011\bsplayer_pro250.1011.exe/noname.nsis/file29/fsback.bmp (Error whilst scanning file: I/O Error (0x00220005)) 
   
  C:\Documents and Settings\MuRaT\Desktop\usb\pro\BSplayer.Pro.2.50.built.1011.rar/BSplayer.Pro.2.50.built.1011\bsplayer_pro250.1011.exe/noname.nsis/file30 (Error whilst scanning file: I/O Error (0x00220005)) 
   
  C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AxSrvUACHlper.exe (Infected with W32/Suspicious_Gen2.dam) 
  Deleted file 
   
  C:\Program Files\Labcenter Electronics\Proteus 7 Professional\BIN\SDFGEN.EXE (Infected with W32/Stration.MNK) 
  Deleted file 
   
  C:\Program Files\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img/root.img (Error whilst scanning file: I/O Error (0x0022000A)) 
  C:\Program Files\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img (Possible archive bomb) 
   
  Scanning: D:\*.* 
   
  Scanning: E:\*.* 
   
  E:\Film\Arşiv\Lost\Arşiv\Sezon 4\Altyazı\Lost.4x06......TR_ALtyazi..........The_Other_Woman.PROPER.HDTV_XviD-FoV.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\Film\Arşiv\Lost\Arşiv\Sezon 4\Altyazı\lost.s04e05.hdtv.xvid-0tv_-_TR_-_Altyazi.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\Film\Arşiv\Lost\Lost Sezon 5\Lost s05e01\Y.i.t.i.k.s05b01.TRaltyazi.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\Program\AdbeRdr90_tr_TR.exe (Infected with W32/Smalltroj.LUCH) 
  Deleted file 
   
  E:\Program\Adobe_Photoshop_CS3_Extended_Portable.rar/Adobe Photoshop CS3 Extended Portable\Photoshop Cs3.exe (Infected with W32/Perfloger.APS) 
  Deleted file 
   
  E:\Program\Babylon_Portable_7.0.3.23.exe (Infected with W32/Agent.GYYJ) 
  Deleted file 
   
  E:\Program\Oyun\speed.exe (Infected with W32/Agent.JCIX) 
  Deleted file 
   
  E:\Program\Oyun\Turt1x.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\Program\Portable_K-Lite_Codec_Pack_5.0.5_Full.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\Program\WinXP_USB\SSS6690_USB_Flash_Sorting_v4.002.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\Program\WinXP_USB\SSS6690_USB_Flash_Sorting_v4.002.rar/RR (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\Program\WinXP_USB\UT165_UFDUtility_v3.2.4.0.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\Program\WinXP_USB\UT165_UFDUtility_v3.2.4.0.rar/RR (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\Program\WinXP_USB\v1.96.00.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\Program\WinXP_USB\Yeni Klasör\ChipGenius_v3.0.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\Program\WinXP_USB\Yeni Klasör\ChipGenius_v3.0.rar/RR (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\Program\WinXP_USB\Yeni Klasör\SK6211_20090227_BA.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\Program\WinXP_USB\Yeni Klasör\SK6211_20090227_BA.rar/RR (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\Program\WinXP_USB\Yeni Klasör\UsbIDCheck.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\Program\WinXP_USB\Yeni Klasör\UsbIDCheck.rar/RR (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\Program\WLMUniversalPatcherPlusPlus101.exe (Infected with Suspicious_Gen2.ALAQ) 
  Deleted file 
   
  E:\w810i\Pacth\large_lcd_font_for_hours_in_sleep_mode_v1.1_w810_r4ea031.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\w810i\Pacth\W810i 031 CID49 Patch (268 tane)\Java Başlatılıyor Mesajını Silme Patchi.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\w810i\Pacth\W810i 031 CID49 Patch (268 tane)\saat fontu büyütme.rar/saat fontu bytme\saat_fontu_w810_r4ea031.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\w810i\Pacth\W810i 031 CID49 Patch (268 tane)\Tel Hafızasındaki Diger Klasörüne Atılan GFX Dosyasının Pacthi.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\w810i\Pacth\W810i 031 CID49 Patch (268 tane)\Yazıları İnceltme Patchi.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\w810i\Rarlar\açılan\Blue_Radioactive_SysGfx_Icons_by_PM5k.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\w810i\Rarlar\açılan\Icons_Complite.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\w810i\Rarlar\açılan\iPhoneBattery_V3_by_michlantecuhtli.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\w810i\Rarlar\açılan\iPhoneBlue_signal_icons_by_michlantecuhtli.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\w810i\Rarlar\açılan\iPhoneBlue_v2_battery_icon_pac_by_michlantecuhtli.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\w810i\Rarlar\açılan\iSuiteX_folder_gfx_by_michlantecuhtli.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\w810i\Rarlar\açılan\Mac_OSx_filesystem.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\w810i\Rarlar\açılan\SX_Signal_and_Battery_gfx_edited_by_Denim-610.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\w810i\Rarlar\açılan\Sysgfx_Icons_by_ARMhaker.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\w810i\Rarlar\açılan\SysGfx_Icons_Pack_DB2020_by_PM5k.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\w810i\Rarlar\açılan\TopMegaMod_Icons.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\w810i\Rarlar\açılan\W610_Icons_Pack.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\w810i\Rarlar\açılan\W610_Mega_Icons.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  E:\Yedek\Adobe Photoshop CS3 Extended Portable\Photoshop Cs3.exe (Infected with W32/Perfloger.APS) 
  Deleted file 
   
  Scanning: F:\*.* 
   
  Scanning: G:\*.* 
   
  G:\E'deki\Film\Arşiv\Lost\Arşiv\Sezon 4\Altyazı\Lost.4x06......TR_ALtyazi..........The_Other_Woman.PROPER.HDTV_XviD-FoV.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\Film\Arşiv\Lost\Arşiv\Sezon 4\Altyazı\lost.s04e05.hdtv.xvid-0tv_-_TR_-_Altyazi.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\Film\Lost Sezon 5\Lost s05e01\Y.i.t.i.k.s05b01.TRaltyazi.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\Program\AdbeRdr90_tr_TR.exe (Infected with W32/Smalltroj.LUCH) 
  Deleted file 
   
  G:\E'deki\Program\Adobe_Photoshop_CS3_Extended_Portable.rar/Adobe Photoshop CS3 Extended Portable\Photoshop Cs3.exe (Infected with W32/Perfloger.APS) 
  Deleted file 
   
  G:\E'deki\Program\Babylon_Portable_7.0.3.23.exe (Infected with W32/Agent.GYYJ) 
  Deleted file 
   
  G:\E'deki\Program\Oyun\speed.exe (Infected with W32/Agent.JCIX) 
  Deleted file 
   
  G:\E'deki\Program\Oyun\Turt1x.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\Program\WinXP_USB\SSS6690_USB_Flash_Sorting_v4.002.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\Program\WinXP_USB\SSS6690_USB_Flash_Sorting_v4.002.rar/RR (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\Program\WinXP_USB\UT165_UFDUtility_v3.2.4.0.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\Program\WinXP_USB\UT165_UFDUtility_v3.2.4.0.rar/RR (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\Program\WinXP_USB\v1.96.00.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\Program\WLMUniversalPatcherPlusPlus101.exe (Infected with Suspicious_Gen2.ALAQ) 
  Deleted file 
   
  G:\E'deki\w810i\Pacth\large_lcd_font_for_hours_in_sleep_mode_v1.1_w810_r4ea031.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\w810i\Pacth\W810i 031 CID49 Patch (268 tane)\Java Başlatılıyor Mesajını Silme Patchi.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\w810i\Pacth\W810i 031 CID49 Patch (268 tane)\saat fontu büyütme.rar/saat fontu bytme\saat_fontu_w810_r4ea031.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\w810i\Pacth\W810i 031 CID49 Patch (268 tane)\Tel Hafızasındaki Diger Klasörüne Atılan GFX Dosyasının Pacthi.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\w810i\Pacth\W810i 031 CID49 Patch (268 tane)\Yazıları İnceltme Patchi.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\w810i\Rarlar\açılan\Blue_Radioactive_SysGfx_Icons_by_PM5k.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\w810i\Rarlar\açılan\Icons_Complite.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\w810i\Rarlar\açılan\iPhoneBattery_V3_by_michlantecuhtli.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\w810i\Rarlar\açılan\iPhoneBlue_signal_icons_by_michlantecuhtli.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\w810i\Rarlar\açılan\iPhoneBlue_v2_battery_icon_pac_by_michlantecuhtli.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\w810i\Rarlar\açılan\iSuiteX_folder_gfx_by_michlantecuhtli.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\w810i\Rarlar\açılan\Mac_OSx_filesystem.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\w810i\Rarlar\açılan\SX_Signal_and_Battery_gfx_edited_by_Denim-610.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\w810i\Rarlar\açılan\Sysgfx_Icons_by_ARMhaker.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\w810i\Rarlar\açılan\SysGfx_Icons_Pack_DB2020_by_PM5k.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\w810i\Rarlar\açılan\TopMegaMod_Icons.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\w810i\Rarlar\açılan\W610_Icons_Pack.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\w810i\Rarlar\açılan\W610_Mega_Icons.rar/CMT (Error whilst scanning file: I/O Error (0x00220000)) 
   
  G:\E'deki\Yedek\Adobe Photoshop CS3 Extended Portable\Photoshop Cs3.exe (Infected with W32/Perfloger.APS) 
  Deleted file 
   
  G:\Need for Speed Most Wanted\speed.exe (Infected with W32/Agent.JCIX) 
  Deleted file 
   
  Scanning: H:\*.* 
   
  H:\usb\pro\BSplayer.Pro.2.50.built.1011.rar/BSplayer.Pro.2.50.built.1011\bsplayer_pro250.1011.exe/noname.nsis/file29/fsback.bmp (Error whilst scanning file: I/O Error (0x00220005)) 
   
  H:\usb\pro\BSplayer.Pro.2.50.built.1011.rar/BSplayer.Pro.2.50.built.1011\bsplayer_pro250.1011.exe/noname.nsis/file30 (Error whilst scanning file: I/O Error (0x00220005)) 
   
  Scanning: I:\*.* 
   
  Scanning: E:\System Volume Information\*.* 
   
  Scanning: postscan 
   
   
  Running post-scan cleanup routine: 
   
  Number of files found: 248286 
  Number of archives unpacked: 3701 
  Number of files scanned: 248194 
  Number of files not scanned: 92 
  Number of files skipped due to exclude list: 0 
  Number of infected files found: 16 
  Number of infected files repaired/deleted: 15 
  Number of infections removed: 15 
  Total scanning time: 43m 18s


Bu mesaja 1 cevap geldi.
T
tcebeci
16 yıl
Yarbay

http://www.guvenlikuzmanim.com/dosyalar/avenger.exe

programında pencere içine;


Files to delete:
c:\windows\system32\CF13641.exe


yazıp ,programı çalıştırın, işlem bittikten sonra birde "hjackthis" programını kullanıp hiçbir şeyi fix lemeden log dosyasını gönderin


Bu mesaja 1 cevap geldi.
0
01Mrt
16 yıl
Yarbay
Konu Sahibi

avenger için verdiğiniz adres çalışmıyor bende burdan indirdim...
aslında daha önce indirmiştim vardı ama...
http://swandog46.geekstogo.com/avenger2/download.php 

 
   
  Logfile of The Avenger Version 2.0, (c) by Swandog46 
 http://swandog46.geekstogo.com 
   
  Platform:  Windows XP 
   
  ******************* 
   
  Script file opened successfully. 
  Script file read successfully. 
   
  Backups directory opened successfully at C:\Avenger 
   
  ******************* 
   
  Beginning to process script file: 
   
  Rootkit scan active. 
  No rootkits found! 
   
  File "c:\windows\system32\CF13641.exe" deleted successfully. 
   
  Completed script processing. 
   
  ******************* 
   
  Finished!  Terminate. 
   
  



 
   
  Logfile of Trend Micro HijackThis v2.0.2 
  Scan saved at 15:16:07, on 13.01.2010 
  Platform: Windows XP SP3 (WinNT 5.01.2600) 
  MSIE: Internet Explorer v7.00 (7.00.5730.0013) 
  Boot mode: Normal 
   
  Running processes: 
  C:\WINDOWS\System32\smss.exe 
  C:\WINDOWS\system32\winlogon.exe 
  C:\WINDOWS\system32\services.exe 
  C:\WINDOWS\system32\lsass.exe 
  C:\WINDOWS\system32\Ati2evxx.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\WINDOWS\System32\svchost.exe 
  C:\WINDOWS\system32\Ati2evxx.exe 
  C:\WINDOWS\system32\spoolsv.exe 
  C:\Program Files\Avira\AntiVir Desktop\sched.exe 
  C:\WINDOWS\Explorer.EXE 
  C:\WINDOWS\VMSnap3.EXE 
  C:\WINDOWS\Domino.EXE 
  C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 
  C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe 
  C:\WINDOWS\RTHDCPL.EXE 
  C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe 
  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 
  C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe 
  C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe 
  C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe 
  C:\Program Files\AIMP2\AIMP2.exe 
  C:\Program Files\VMware\VMware Player\hqtray.exe 
  C:\Program Files\Avira\AntiVir Desktop\avguard.exe 
  C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe 
  C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe 
  C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe 
  C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe 
  C:\WINDOWS\system32\ctfmon.exe 
  C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 
  C:\PROGRAM FILES\FRAPS\FRAPS.EXE 
  C:\Program Files\Orbitdownloader\orbitdm.exe 
  C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe 
  C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe 
  C:\Program Files\Orbitdownloader\orbitnet.exe 
  C:\WINDOWS\system32\IoctlSvc.exe 
  C:\WINDOWS\system32\PnkBstrA.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\WINDOWS\system32\vmnat.exe 
  C:\WINDOWS\system32\vmnetdhcp.exe 
  C:\Program Files\VMware\VMware Player\vmware-authd.exe 
  C:\WINDOWS\system32\wuauclt.exe 
  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe 
  C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 
  C:\Program Files\Mozilla Firefox\firefox.exe 
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe 
   
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar 
  O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll 
  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll 
  O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll 
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll 
  O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
  O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE 
  O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE 
  O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE 
  O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min 
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" 
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE 
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe 
  O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" 
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" 
  O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun 
  O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe 
  O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe 
  O4 - HKLM\..\Run: [Maxtor Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" 
  O4 - HKLM\..\Run: [AIMP2] C:\Program Files\AIMP2\AIMP2.exe 
  O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe" 
  O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background 
  O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount 
  O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" 
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 
  O4 - HKCU\..\Run: [Fraps] C:\PROGRAM FILES\FRAPS\FRAPS.EXE 
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
  O4 - Startup: Girder3.lnk = C:\Documents and Settings\MuRaT\Desktop\Kumanda\mce-kumanda\girder\Girder.exe 
  O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe 
  O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe 
  O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe 
  O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe 
  O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe 
  O4 - Global Startup: Update Scheduler for Proteus Professional 7.lnk = ? 
  O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 
  O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 
  O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 
  O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 
  O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll 
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll 
  O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll 
  O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll 
  O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL 
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
  O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll 
  O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll 
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab 
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab 
  O17 - HKLM\System\CCS\Services\Tcpip\..\{4E32316D-2AB0-408F-97F3-0BC5A95CF30A}: NameServer = 4.2.2.1,4.2.2.2 
  O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe 
  O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe 
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe 
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe 
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 
  O23 - Service: Maxtor Scheduler2 Service (MaxSch2Svc) - Maxtor - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe 
  O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 
  O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe 
  O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe 
  O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 
  O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe 
  O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe 
  O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe 
  O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe 
   
  -- 
  End of file - 10192 bytes


Bu mesaja 1 cevap geldi.
T
tcebeci
16 yıl
Yarbay

quote:

Orijinalden alıntı: 01mrt 


 
   
   
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar 
  O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll 
  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll 
  O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll 
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll 
  O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
  O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 
  O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 
  O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 
  O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 
  O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll 
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll 
  O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll 
  O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll 
  O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL 
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


Yukarıdaki satırları fix leyin, bunun dışında sorun görünmüyor


Bu mesaja 1 cevap geldi.
C
Cyberranger27
15 yıl
Er

bakın arkadaşlar bu olay benim başıma 50 kez geldi diyebilirim ben eskiden internet cafe sahibiydim ve bu virüsler trojenler yüzünden kafayı yemek üzereydimki bi antivirüs programı bunun üstesinden gelmeyi başardı belki 50 tane antivirüs kullandım ve inanın hiç biri fayda etmedi bu virüs bilgisayarınozda hangi program veya windowsun kendi güvenlik duvarı olursa olsun takmıyor tınlamıyor eğer bu tehlikeli yazılımın ömür boyu bilgisayarınıza girmesini istemiyorsanız şu antivirüs testleri varya oraya pek takmayın ben onların dediklerinin zerresine inanmıyorum pandayı kullanacaksın pandanın öyle bir güvenlik duvarı varki sen çalışıyormu çalışmıyormu diye anlayamazsın bile ama işini yapıyor isterseniz kolay yoldan kendiniz test ediniz bu virüs bilgisayarınıza bulaşmışsa kasperi nod32 norton aklınıza hangi antivirüs gelirse gelsin deneyin bir şey yapmayacaktır emin olun sileceği bi kaç virüstür ama bu olay devam edecektir birde pandayı yükleyin o zaman neler yaptığını göreceksiniz. pandayı hala kullanırım ağır bir programdır ama ne zaman pandayı kullandımsa gerçekten pcye ne virüs bulaşmıştır nede virüs kalmıştır cafe zamanımdada 20 bilgisayara 1 yılda bir virüs dahi girememişti.





< Bu mesaj bu kişi tarafından değiştirildi Cyberranger27 -- 31 Ağustos 2010; 3:30:27 >

Donanım Sponsoru: incehesap.com
Yüklenme süresi: 2,007