Teknoloji Haberleri
Aşağı Git
Tüm Forumlar
İşletim Sistemleri ve Yazılımlar
Yazılım Genel
Güvenlik Programları
HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+
Bu konudaki kullanıcılar: 2 misafir, 1 mobil kullanıcı
9876
Cevap 1251456
Tıklama 0
Öne Çıkarma
Cevap 1251456
Tıklama 0
Öne Çıkarma
-
Cevap: HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (281. sayfa)
|
serji combofix logu: ilgilendigin için sagol. ComboFix 08-10-26.01 - admi 2008-10-27 18:55:29.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1254.1.1055.18.715 [GMT 2:00] * Created a new restore point [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\awtttrqn.dll C:\WINDOWS\system32\geBtSIyW.dll C:\WINDOWS\system32\hocufnvq.dll C:\WINDOWS\system32\nqrtttwa.ini C:\WINDOWS\system32\nqrtttwa.ini2 C:\WINDOWS\system32\onkqcbye.dll C:\WINDOWS\system32\oweutloe.exe C:\WINDOWS\system32\qrsohisx.dll C:\WINDOWS\system32\tuvTjIcd.dll C:\WINDOWS\system32\vgitpand.ini C:\WINDOWS\system32\vvtigtdp.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 ))))))))))))))))))))))))))))))) . 2008-10-27 00:46 . 2008-10-27 00:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\XL Delete 2008-10-27 00:45 . 2008-10-27 00:45 <DIR> d-------- C:\Program Files\XL Delete 2008-10-27 00:43 . 2008-10-27 00:45 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{94FB5242-4A3E-4443-BB8D-C9E397CC6528} 2008-10-27 00:28 . 2008-10-27 00:28 <DIR> d-------- C:\Program Files\VS Revo Group 2008-10-26 01:28 . 2008-10-26 01:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\KONAMI 2008-10-26 01:09 . 2008-10-26 01:09 <DIR> d-------- C:\Program Files\KONAMI 2008-10-25 23:40 . 2008-10-26 23:59 81,984 --a------ C:\WINDOWS\system32\bdod.bin 2008-10-25 23:39 . 2008-10-27 00:34 121 --a------ C:\WINDOWS\bdagent.INI 2008-10-25 20:44 . 2008-10-25 20:46 <DIR> d-------- C:\Pes2009110VitalityCrack 2008-10-25 20:10 . 2008-10-25 20:10 472,576 --a------ C:\WINDOWS\uninstall.exe 2008-10-25 20:10 . 2008-10-25 20:10 69,712 --a------ C:\WINDOWS\uninstall.dat 2008-10-25 20:10 . 2008-10-25 20:10 4,310 --a------ C:\WINDOWS\uninstall.xml 2008-10-25 13:39 . 2008-10-27 00:31 <DIR> d-------- C:\Program Files\BitDefender 2008-10-25 13:38 . 2008-10-25 13:39 <DIR> d-------- C:\Program Files\Common Files\BitDefender 2008-10-25 00:58 . 2008-10-25 01:37 <DIR> d-------- C:\Pro_Evolution_Soccer_2009_CLONEDVD-PROCYON 2008-10-23 13:43 . 2008-10-23 14:12 <DIR> d-------- C:\medieval 2008-10-19 14:33 . 2008-10-19 14:37 92,106,964 --a------ C:\19 Matsuda.amv 2008-10-18 11:56 . 2008-10-18 11:56 <DIR> d-------- C:\Program Files\DAEMON Tools Toolbar 2008-10-18 11:56 . 2008-10-18 11:56 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-10-18 00:48 . 2008-10-18 00:48 <DIR> d-------- C:\Documents and Settings\admi\Application Data\DAEMON Tools 2008-10-17 22:50 . 2008-10-17 22:50 <DIR> d-------- C:\VundoFix Backups 2008-10-17 21:05 . 2008-10-17 21:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-17 21:05 . 2008-10-17 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-17 21:05 . 2008-10-17 21:05 <DIR> d-------- C:\Documents and Settings\admi\Application Data\Malwarebytes 2008-10-17 21:05 . 2008-10-16 19:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-17 21:05 . 2008-10-16 19:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-17 15:13 . 2008-10-17 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-10-17 15:12 . 2008-10-17 15:12 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-10-17 15:12 . 2008-10-17 15:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-10-17 15:12 . 2008-10-17 15:12 <DIR> d-------- C:\Documents and Settings\admi\Application Data\SUPERAntiSpyware.com 2008-10-16 21:39 . 2008-10-17 15:05 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-10-15 17:36 . 2007-03-06 15:33 12,336 --a------ C:\WINDOWS\system32\PGUNNT.EXE 2008-10-15 17:07 . 2008-10-15 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-10-15 16:39 . 2008-10-16 02:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\hmhktwxc 2008-10-15 16:38 . 2008-10-15 13:01 364,544 --a------ C:\WINDOWS\grfxbanoxvd.dll.XXX 2008-10-15 16:38 . 2008-10-15 13:01 266,240 --a------ C:\WINDOWS\qrbgltos.dll.XXX 2008-10-15 16:38 . 2008-10-15 13:01 225,280 --a------ C:\WINDOWS\ngwstxfd.dll.XXX 2008-10-15 16:38 . 2008-10-15 13:01 212,992 --a------ C:\WINDOWS\rosqxvmn.dll.XXX 2008-10-15 16:38 . 2008-10-15 13:01 94,208 --a------ C:\WINDOWS\efgv.exe.XXX 2008-10-15 16:33 . 2005-02-08 14:12 2,670,592 --------- C:\WINDOWS\UNNMP.exe 2008-10-15 16:33 . 2005-07-27 11:08 49,655 --------- C:\WINDOWS\UNNMP.cfg 2008-10-15 16:31 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-10-15 16:30 . 2008-10-15 16:30 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-10-15 16:30 . 2004-11-17 23:29 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2008-10-15 16:30 . 2004-11-17 23:29 38,912 --a------ C:\WINDOWS\system32\picn20.dll 2008-10-12 12:15 . 2008-10-12 12:15 <DIR> d-------- C:\Program Files\BearShare Applications 2008-10-12 12:15 . 2008-10-12 13:01 <DIR> d-------- C:\Documents and Settings\admi\Application Data\BearShare 2008-10-12 12:15 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx 2008-10-09 21:18 . 2008-10-09 21:18 279,712 --a------ C:\WINDOWS\system32\drivers\atksgt.sys 2008-10-09 21:18 . 2008-10-09 21:18 25,888 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys 2008-10-09 21:16 . 2008-05-30 13:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll 2008-10-09 21:16 . 2008-05-30 13:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll 2008-10-09 21:16 . 2008-05-30 13:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll 2008-10-09 21:16 . 2008-05-30 13:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll 2008-10-09 21:14 . 2008-10-09 21:14 <DIR> d-------- C:\WINDOWS\Logs 2008-10-09 11:39 . 2008-10-09 11:39 1 --a------ C:\WINDOWS\system32\SI.bin 2008-10-02 12:37 . 2008-10-02 12:37 <DIR> d-------- C:\Program Files\uTorrent . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-25 23:41 --------- d-----w C:\Documents and Settings\admi\Application Data\uTorrent 2008-10-24 20:41 --------- d-----w C:\Program Files\Warcraft III 2008-10-23 01:08 --------- d-----w C:\Program Files\TRKY-DnsAyar 2008-10-21 18:17 --------- d-----w C:\Program Files\Turksportal Masaüstü 2008 2008-10-17 22:48 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-10-17 21:15 --------- d-----w C:\Program Files\Panda Security 2008-10-17 21:13 --------- d-----w C:\Program Files\VideoLAN 2008-10-17 21:12 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-17 21:08 --------- d-----w C:\Program Files\Total Video Converter 2008-10-17 21:08 --------- d-----w C:\Program Files\RipIt4Me 2008-10-17 21:08 --------- d-----w C:\Documents and Settings\admi\Application Data\RipIt4Me 2008-10-17 15:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-15 18:17 --------- d-----w C:\Program Files\Common Files\Panda Software 2008-10-15 14:44 --------- d-----w C:\Program Files\Winamp 2008-10-15 14:44 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-10-15 14:34 --------- d-----w C:\Program Files\Nero 2008-10-15 14:33 --------- d-----w C:\Program Files\Ahead 2008-10-15 11:55 --------- d-----w C:\Program Files\HP 2008-10-15 00:36 --------- d-----w C:\Program Files\Ares 2008-10-15 00:29 --------- d-----w C:\Program Files\DAEMON Tools 2008-10-14 23:15 --------- d-----w C:\Program Files\Common Files\Nero 2008-10-12 18:00 --------- d-----w C:\Program Files\MessengerDiscovery 2008-10-12 16:30 --------- d-----w C:\Program Files\SiberSozluk 2008-10-11 17:18 --------- d-----w C:\Program Files\Macromedia 2008-10-11 17:13 --------- d-----w C:\Program Files\Common Files\Macromedia 2008-10-11 17:11 --------- d-----w C:\Program Files\Turksportal Football Manager 2007 Türkçe 2008-10-11 09:53 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT 2008-10-10 16:22 --------- d-----w C:\Program Files\LimeWire 2008-10-10 16:18 --------- d-----w C:\Documents and Settings\admi\Application Data\Lavasoft 2008-10-07 15:16 --------- d-----w C:\Program Files\3D Photo Browser 2008-10-02 22:55 --------- d-----w C:\Documents and Settings\admi\Application Data\LimeWire 2008-09-23 12:38 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-09-13 17:19 --------- d-----w C:\Documents and Settings\admi\Application Data\Mootools 2008-09-13 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters 2008-09-09 19:59 --------- d-----w C:\Program Files\Sun 2008-09-09 19:59 --------- d-----w C:\Program Files\Java 2008-09-01 18:30 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-09-01 18:25 22,328 ----a-w C:\Documents and Settings\admi\Application Data\PnkBstrK.sys 2008-08-29 16:15 --------- d-----w C:\Documents and Settings\admi\Application Data\My Battle for Middle-earth(tm) II Files 2008-08-28 16:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2006-12-11 14:38 81,920 ----a-w C:\Documents and Settings\admi\Application Data\ezpinst.exe 2006-12-11 14:38 47,360 ----a-w C:\Documents and Settings\admi\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((( snapshot@2008-10-16_12.56.28.23 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-09 19:15:43 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll + 2008-10-25 09:34:23 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll - 2008-10-09 19:15:43 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll + 2008-10-25 09:34:24 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll - 2008-10-09 19:15:44 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll + 2008-10-25 09:34:25 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll - 2008-10-09 19:15:37 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-10-25 23:12:02 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-10-09 19:15:38 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-10-25 09:34:07 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-10-09 19:15:39 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-10-25 09:34:09 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-10-09 19:15:39 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-10-25 09:34:10 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-10-09 19:15:40 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-10-25 09:34:11 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-10-09 19:15:40 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-10-25 09:34:13 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-10-09 19:15:41 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-10-25 09:34:15 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-10-09 19:15:41 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-10-25 09:34:17 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-10-09 19:15:42 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-10-25 09:34:19 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-10-09 19:15:44 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-10-25 09:34:26 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-10-09 19:15:44 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll + 2008-10-25 09:34:27 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll - 2008-10-09 19:15:44 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll + 2008-10-25 09:34:28 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll - 2008-10-09 19:15:44 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll + 2008-10-25 09:34:29 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll - 2008-10-09 19:15:45 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll + 2008-10-25 09:34:30 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll - 2008-10-09 19:15:42 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll + 2008-10-25 09:34:22 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll + 2008-10-16 19:39:37 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll + 2008-10-16 19:39:40 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll + 2008-10-16 19:39:41 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll + 2008-10-16 19:39:50 102,400 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll + 2008-01-09 12:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll + 2008-01-09 12:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll + 2008-10-16 19:39:54 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll + 2008-10-16 19:39:43 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll + 2008-01-09 12:01:48 53,248 ----a-w C:\WINDOWS\bdoscandel.exe + 2008-01-09 12:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll + 2008-01-09 12:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll - 2005-10-20 17:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE - 2005-10-20 17:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE + 2008-08-31 02:32:46 22,549,832 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\A116BD8AE08DD054586FA3DC1D46EB13\1.0.0\pes2009.exe + 2008-10-25 23:38:05 38,943 ----a-r C:\WINDOWS\Installer\{A8DB611A-D80E-450D-85F6-3ACDD164BE31}\ARPPRODUCTICON.exe + 2008-10-25 23:38:06 81,920 ----a-r C:\WINDOWS\Installer\{A8DB611A-D80E-450D-85F6-3ACDD164BE31}\Shortcut_PES2009_E_19E2C126E9A346458082E1106EC36033.exe + 2008-10-25 23:38:05 86,016 ----a-r C:\WINDOWS\Installer\{A8DB611A-D80E-450D-85F6-3ACDD164BE31}\Shortcut_SETTINGS__E16DFE45D7AC4FBF87BBB412D05EFC15.exe + 2008-10-17 13:13:01 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2008-10-17 13:13:01 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe - 2000-08-31 05:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe + 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe - 2000-08-31 05:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe + 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe - 2008-10-15 21:12:45 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-10-16 17:55:16 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-10-15 21:12:45 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-10-16 17:55:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-10-15 21:12:45 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-10-16 17:55:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2004-09-29 09:38:58 2,676,224 ----a-w C:\WINDOWS\system32\DirectX\DXB9.tmp\microsoft.directx.direct3dx.dll - 2006-09-23 15:35:07 19,713 ----a-w C:\WINDOWS\system32\Lang\Arabic.bin + 2008-10-16 17:50:05 19,713 ----a-w C:\WINDOWS\system32\Lang\Arabic.bin - 2006-09-23 15:35:07 22,372 ----a-w C:\WINDOWS\system32\Lang\Danish.bin + 2008-10-16 17:50:05 22,372 ----a-w C:\WINDOWS\system32\Lang\Danish.bin - 2006-09-23 15:35:07 23,657 ----a-w C:\WINDOWS\system32\Lang\Dutch.bin + 2008-10-16 17:50:05 23,657 ----a-w C:\WINDOWS\system32\Lang\Dutch.bin - 2006-09-23 15:35:07 20,429 ----a-w C:\WINDOWS\system32\Lang\English.bin + 2008-10-16 17:50:05 20,429 ----a-w C:\WINDOWS\system32\Lang\English.bin - 2006-09-23 15:35:07 25,175 ----a-w C:\WINDOWS\system32\Lang\French.bin + 2008-10-16 17:50:05 25,175 ----a-w C:\WINDOWS\system32\Lang\French.bin - 2006-09-23 15:35:07 23,724 ----a-w C:\WINDOWS\system32\Lang\German.bin + 2008-10-16 17:50:05 23,724 ----a-w C:\WINDOWS\system32\Lang\German.bin - 2006-09-23 15:35:07 22,982 ----a-w C:\WINDOWS\system32\Lang\Greek.bin + 2008-10-16 17:50:05 22,982 ----a-w C:\WINDOWS\system32\Lang\Greek.bin - 2006-09-23 15:35:07 25,297 ----a-w C:\WINDOWS\system32\Lang\Italian.bin + 2008-10-16 17:50:05 25,297 ----a-w C:\WINDOWS\system32\Lang\Italian.bin - 2006-09-23 15:35:07 22,506 ----a-w C:\WINDOWS\system32\Lang\Japanese.bin + 2008-10-16 17:50:05 22,506 ----a-w C:\WINDOWS\system32\Lang\Japanese.bin - 2006-09-23 15:35:07 18,617 ----a-w C:\WINDOWS\system32\Lang\Korean.bin + 2008-10-16 17:50:05 18,617 ----a-w C:\WINDOWS\system32\Lang\Korean.bin - 2006-09-23 15:35:07 22,098 ----a-w C:\WINDOWS\system32\Lang\Polish.bin + 2008-10-16 17:50:05 22,098 ----a-w C:\WINDOWS\system32\Lang\Polish.bin - 2006-09-23 15:35:07 23,011 ----a-w C:\WINDOWS\system32\Lang\Portuguese(Brazil).bin + 2008-10-16 17:50:05 23,011 ----a-w C:\WINDOWS\system32\Lang\Portuguese(Brazil).bin - 2006-09-23 15:35:07 24,139 ----a-w C:\WINDOWS\system32\Lang\Portuguese.bin + 2008-10-16 17:50:05 24,139 ----a-w C:\WINDOWS\system32\Lang\Portuguese.bin - 2006-09-23 15:35:07 24,205 ----a-w C:\WINDOWS\system32\Lang\Russian.bin + 2008-10-16 17:50:05 24,205 ----a-w C:\WINDOWS\system32\Lang\Russian.bin - 2006-09-23 15:35:07 15,224 ----a-w C:\WINDOWS\system32\Lang\SimChin.bin + 2008-10-16 17:50:05 15,224 ----a-w C:\WINDOWS\system32\Lang\SimChin.bin - 2006-09-23 15:35:07 25,526 ----a-w C:\WINDOWS\system32\Lang\Spanish.bin + 2008-10-16 17:50:05 25,526 ----a-w C:\WINDOWS\system32\Lang\Spanish.bin - 2006-09-23 15:35:07 22,252 ----a-w C:\WINDOWS\system32\Lang\SWEDISH.bin + 2008-10-16 17:50:05 22,252 ----a-w C:\WINDOWS\system32\Lang\SWEDISH.bin - 2006-09-23 15:35:07 20,305 ----a-w C:\WINDOWS\system32\Lang\Thai.bin + 2008-10-16 17:50:05 20,305 ----a-w C:\WINDOWS\system32\Lang\Thai.bin - 2006-09-23 15:35:07 16,105 ----a-w C:\WINDOWS\system32\Lang\TradChin.bin + 2008-10-16 17:50:05 16,105 ----a-w C:\WINDOWS\system32\Lang\TradChin.bin - 2001-11-22 11:00:00 112,128 ----a-w C:\WINDOWS\system32\mapi32.dll + 2004-03-31 10:28:00 131,072 ----a-w C:\WINDOWS\system32\mapi32.dll - 2002-01-05 14:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll + 2002-01-05 00:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll + 2002-01-05 00:36:38 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll + 2002-01-05 00:38:38 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll - 2002-01-05 13:40:18 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll + 2002-01-05 00:40:20 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll - 2003-03-18 18:14:52 499,712 ----a-w C:\WINDOWS\system32\MSVCP71.DLL + 2003-03-18 17:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll - 2002-01-06 03:37:26 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll + 2002-01-04 23:37:28 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll - 2003-02-21 17:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll + 2003-02-21 01:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll - 2008-10-15 16:15:48 64,508 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-10-26 14:13:07 64,508 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-10-15 16:15:48 74,876 ----a-w C:\WINDOWS\system32\perfc01F.dat + 2008-10-26 14:13:07 74,876 ----a-w C:\WINDOWS\system32\perfc01F.dat - 2008-10-15 16:15:48 409,368 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-10-26 14:13:07 409,368 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-10-15 16:15:48 397,884 ----a-w C:\WINDOWS\system32\perfh01F.dat + 2008-10-26 14:13:07 397,884 ----a-w C:\WINDOWS\system32\perfh01F.dat - 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-01 19:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll - 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-01 19:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll - 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll + 2006-12-01 19:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll - 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2006-12-01 21:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll - 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll + 2006-12-01 21:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll - 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2006-12-01 21:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll - 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll + 2006-12-01 21:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll - 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2006-12-01 21:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll - 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll + 2006-12-01 21:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll - 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll + 2006-12-01 21:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll - 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2006-12-01 21:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll - 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll + 2006-12-01 21:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll - 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll + 2006-12-01 21:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll - 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll + 2006-12-01 21:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll - 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2006-12-01 21:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll - 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll + 2006-12-01 21:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-07-23 5724184] "PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" [2005-02-26 212992] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-21 35328] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "BigDog303"="C:\WINDOWS\VM303_STI.EXE" [2005-10-25 61440] "High Definition Audio Özellik Sayfası Kısayolu"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe] C:\Documents and Settings\admi\Start Menu\Programlar\BaŸlang‡\ HDD temperature.lnk - C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe [2004-11-24 657920] Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-05-15 479232] C:\Documents and Settings\admi\Start Menu\Programlar\BaŸlang‡\ HDD temperature.lnk - C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe [2004-11-24 657920] Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-05-15 479232] C:\Documents and Settings\admi\Start Menu\Programlar\BaŸlang‡\ HDD temperature.lnk - C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe [2004-11-24 657920] Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-05-15 479232] C:\Documents and Settings\All Users\Start Menu\Programlar\BaŸlang‡\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 15:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Program Files\\Warcraft III\\war3.exe"= "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7096:TCP"= 7096:TCP:BitComet 7096 TCP "7096:UDP"= 7096:UDP:BitComet 7096 UDP "12242:TCP"= 12242:TCP:BitComet 12242 TCP "12242:UDP"= 12242:UDP:BitComet 12242 UDP "17192:TCP"= 17192:TCP:BitComet 17192 TCP "17192:UDP"= 17192:UDP:BitComet 17192 UDP "19518:TCP"= 19518:TCP:BitComet 19518 TCP "19518:UDP"= 19518:UDP:BitComet 19518 UDP "12364:TCP"= 12364:TCP:BitComet 12364 TCP "12364:UDP"= 12364:UDP:BitComet 12364 UDP "23232:TCP"= 23232:TCP:BitComet 23232 TCP "23232:UDP"= 23232:UDP:BitComet 23232 UDP "4662:TCP"= 4662:TCP:emule "4672:UDP"= 4672:UDP:emule "58023:TCP"= 58023:TCP:Pando P2P TCP Listening Port "58023:UDP"= 58023:UDP:Pando P2P UDP Listening Port R2 878TVCard;Bt878 TV Card - Video Capture;C:\WINDOWS\system32\drivers\Bt878.sys [2005-09-05 214692] R2 878TVTuner;Bt878 TV Card - TV Tuner;C:\WINDOWS\system32\drivers\BtTuner.sys [2005-09-05 11392] R2 878Xbar;Bt878 TV Card - Crossbar;C:\WINDOWS\system32\drivers\BtXbar.sys [2005-09-05 8448] R2 HDDTService;HDD Temperature;C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe [2004-11-24 384512] S3 dTVdrvNT;dTVdrvNT;C:\WINDOWS\system32\dTVdrvNT.sys [2001-02-20 12188] S3 XDva136;XDva136;C:\WINDOWS\system32\XDva136.sys [ ] . - - - - ORPHANS REMOVED - - - - BHO-{056CDAF5-A56B-4C80-946E-FF0B96B02503} - C:\WINDOWS\system32\qrsohisx.dll BHO-{0AD9B5EB-A56B-4C80-946E-FF0B96B02503} - C:\WINDOWS\system32\qrsohisx.dll BHO-{56CDAF5D-A56B-4C80-946E-FF0B96B02503} - C:\WINDOWS\system32\qrsohisx.dll BHO-{7c6aafc9-ce4f-4622-8b1a-678d2bfcb80b} - C:\WINDOWS\system32\axdwqo.dll BHO-{85DD4E0D-2B01-4D4D-9E66-3A165AB6EDA4} - C:\WINDOWS\system32\geBtSIyW.dll BHO-{9419BC7E-2349-496A-8E7A-AF127C12B799} - C:\WINDOWS\system32\awtttrqn.dll ShellExecuteHooks-{85DD4E0D-2B01-4D4D-9E66-3A165AB6EDA4} - C:\WINDOWS\system32\geBtSIyW.dll . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\admi\Application Data\Mozilla\Firefox\Profiles\tip8itxk.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daemon-search.com/startpage . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net Rootkit scan 2008-10-27 19:01:53 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDDTService] "ImagePath"="C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe /startedbyscm:916B11C7-40E287F3-HDDTService" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\WINDOWS\system32\taskmgr.exe . ************************************************************************** . Completion time: 2008-10-27 19:08:12 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-27 17:08:09 ComboFix2.txt 2008-10-16 09:57:03 Pre-Run: 8,403,935,232 bayt boş Post-Run: 8,590,479,360 bayt boş 421 --- E O F --- 2008-09-10 17:02:05 |
Bu mesaja 1 cevap geldi.
Rica ederim linkin_park. Malwarebytes Antimalware adlı programı indirin. http://www.guvenlikuzmanim.com/dosyalar/mbam-setup.exe * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun. * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın. * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir. * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın. * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun. * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın. * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın. * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.) * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin. NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın. * Bilgisayarınızı taramak için Bitdefender Çevrimiçi Tarama açın. http://www.bitdefender.com/scan8/ie.html * I agree ve sonra da Scan tıklayın. (Ayarları değiştirmeyin) * Tarama bittikten sonra Detected Problems sekmesini tıklayın ve Click here to export the scan report. * Raporu HTML olarak kaydettikten sonra mesajınıza ekleyerek bize gönderin. |
Bu mesaja 1 cevap geldi.
|
Malwarebytes' Anti-Malware 1.29 Veritabanı versiyonu: 1279 Windows 5.1.2600 Service Pack 3 27.10.2008 21:32:42 mbam-log-2008-10-27 (21-32-41).txt Tarama şekli: Derin Tarama (C:\|D:\|) Taranmış nesneler: 148110 Geçen zaman: 37 minute(s), 55 second(s) Etkilenmiş Hafıza İşlemleri: 0 Etkilenmiş Hafıza Modülleri: 0 Etkilenmiş Kayıt Anahtarları: 0 Etkilenmiş Kayıt Değerleri: 0 Etkilenmiş Kayıt Veri Dosyaları: 0 Etkilenmiş Klasörler: 0 Etkilenmiş Dosyalar: 0 Etkilenmiş Hafıza İşlemleri: (Tehlikeli nesne bulunmadı) Etkilenmiş Hafıza Modülleri: (Tehlikeli nesne bulunmadı) Etkilenmiş Kayıt Anahtarları: (Tehlikeli nesne bulunmadı) Etkilenmiş Kayıt Değerleri: (Tehlikeli nesne bulunmadı) Etkilenmiş Kayıt Veri Dosyaları: (Tehlikeli nesne bulunmadı) Etkilenmiş Klasörler: (Tehlikeli nesne bulunmadı) Etkilenmiş Dosyalar: (Tehlikeli nesne bulunmadı) |
Bu mesaja 1 cevap geldi.
|
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:44:32, on 27.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ASUS\ATK Media\DMEDIA.EXE C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\WINDOWS\system32\ACEngSvr.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\SetPoint\SetPoint.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\AmmoCihe1\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://www.asus.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [High Definition Audio Özellik Sayfası Kısayolu] HDAShCut.exe O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Başlık Reklamı Engelleyicisi ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Ağ trafiği koruma istatistikleri - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220999555421 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 O17 - HKLM\System\CCS\Services\Tcpip\..\{68C2319D-F2DB-40D3-9BD4-27BEC2356404}: NameServer = 195.175.39.39 195.175.39.40 O17 - HKLM\System\CS1\Services\Tcpip\..\{68C2319D-F2DB-40D3-9BD4-27BEC2356404}: NameServer = 195.175.39.39 195.175.39.40 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 10783 bytes iyi geceler serji yardımcı olursan sevinirim |
Bu mesaja 1 cevap geldi.
2.5 saatlik taramanın ardından bitdefender raporu http://r apidshare.com/files/158157808/bitdefender_scan.html |
Bu mesaja 1 cevap geldi.
Simdi sno bir kez HJT logu gonder. Sorun yok gibi 
Tabi ki. Iste liste R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank |
Bu mesaja 1 cevap geldi.
|
HJT raporu: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:13, on 28.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\VM303_STI.EXE C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe D:\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM\..\Run: [High Definition Audio Özellik Sayfası Kısayolu] HDAShCut.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - S-1-5-18 Startup: HDD temperature.lnk = C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: Nikon Monitor.lnk = ? (User 'SYSTEM') O4 - .DEFAULT Startup: HDD temperature.lnk = C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe (User 'Default user') O4 - .DEFAULT Startup: Nikon Monitor.lnk = ? (User 'Default user') O4 - Startup: HDD temperature.lnk = C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe O4 - Startup: Nikon Monitor.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.04\AMVConverter\grab.html O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.04\MediaManager\grab.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -http://linkinpark972.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -http://cid-cb9aaab6c308a3d4.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) -http://www.live365.com/players/play365.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) -http://www.flatcast.com/de/download/NpFv415.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{1056ED04-F5B7-4236-B645-513B70EE815D}: NameServer = 212.57.1.17,144.122.199.90,212.175.13.115 O17 - HKLM\System\CCS\Services\Tcpip\..\{22110FD4-E560-4CC7-B3F9-CA9A6A8590FB}: NameServer = 212.57.1.17,144.122.199.90,212.175.13.115 O17 - HKLM\System\CCS\Services\Tcpip\..\{967B224A-EDFC-458A-8FBF-7AD55ED27F89}: NameServer = 212.57.1.17,144.122.199.90,212.175.13.115 O17 - HKLM\System\CS1\Services\Tcpip\..\{1056ED04-F5B7-4236-B645-513B70EE815D}: NameServer = 212.57.1.17,144.122.199.90,212.175.13.115 O17 - HKLM\System\CS2\Services\Tcpip\..\{1056ED04-F5B7-4236-B645-513B70EE815D}: NameServer = 212.57.1.17,212.57.1.18,212.175.13.116 O17 - HKLM\System\CS3\Services\Tcpip\..\{1056ED04-F5B7-4236-B645-513B70EE815D}: NameServer = 212.57.1.17,144.122.199.90,212.175.13.115 O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 8202 bytes |
Bu mesaja 2 cevap geldi.
| serji yardımın için çok sağol gerçekten eskiye göre fark var.EMEĞİNE SAĞLIK |
Bu mesaja 1 cevap geldi.
Tmaamdir. Tertemiz
Tesekkurler cihan. Kolay gelsin. |
|
bende'de arada takılmalar oluyor sebebini anlamış değilim (sistem anlık olarak 5 10 saniye donuyor) rapor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:39:49, on 28.10.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16757) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Steve.Steve-J-PC\Desktop\CryptLoad_1.1.4\RouterClient.exe C:\Users\Steve.Steve-J-PC\Desktop\CryptLoad_1.1.4\CryptLoad.exe C:\Windows\system32\wuauclt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\Creative\MEDIAS~1\CTCMS.exe C:\Windows\System32\CTXFISPI.EXE C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\PROGRA~1\Creative\MEDIAS~2\CTCMSU.exe C:\PROGRA~1\Creative\MEDIAS~2\CtDetctu.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Steve.Steve-J-PC\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB O4 - HKCU\..\Run: [CryptLoad] C:\Users\Steve.Steve-J-PC\Desktop\CryptLoad_1.1.4\RouterClient.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O13 - Gopher Prefix: O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) -http://download.speakyweb.com/speakyldr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{ADDEEE52-98CE-4E44-85B1-E64438B6ADDD}: NameServer = 4.2.2.4,4.2.2.3 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 5493 bytes |
Bu mesaja 2 cevap geldi.
|
merhaba serji hocam, Benim sisteme de bi yardim edersen cok sevinirim. Bu trojan ve keyloggerlardan dün wowdaki hesabimin hacklenmesiyle benim de dilim yandi:( Dün ATF-Cleaner , Ad-Aware, Spybot - Search & Destroy, Malwarebytes' Anti-Malware ve Bit Defenderla yoğun bir temizlik yaptim. Simdi de birazdan Hijackthisin 2.0.2 versiyonuyla taraticagim. Yardimci olman icin neler yapabilirim? Simdiden çok teşekkür ederim. |
Bu mesaja 1 cevap geldi.
Merhaba sistemimin temiz olduğundan şüphelerim var. Log dosyası şu şekilde ilgilenirseniz şimdiden teşekkürler. Logfile of Trend Micro HijackThis v2.0.2 |
Bu mesaja 1 cevap geldi.
|
Bilgisayarda 2 gün önce 8 tane virüs tespit ettim. Birşey kalmış mı diye merak ettim. Yardımcı olursan çok sevinirim. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:25:44, on 28.10.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Canberk\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S398.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Canberk\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4590 bytes |
Bu mesaja 2 cevap geldi.
Bunları internet tarayıcım açıkken çıkarttırdım. Bi sakıncası olurmu? |
Bu mesaja 1 cevap geldi.
|
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:40:58, on 28.10.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\tuEagles\EagleSvr.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\tuEagles\EaglePrx.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE c:\program files\winamp toolbar\WinampTbServer.exe C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe C:\AKINSOFT\CafePlus7\Server\CafePlus.exe C:\Documents and Settings\user\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IE Plugin Class - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\Program Files\BPK1\bpk1wb.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: (no name) - {3FE5FCC5-E2E1-4DB0-9CEA-4965DF29F2F0} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [EagleEye] C:\PROGRA~1\tuEagles\EagleSvr.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: HP Kırpma Defteri - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Akıllı Seçim - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O24 - Desktop Component 0: (no name) -http://www.pembemp3.com/41original.gif -- End of file - 4846 bytes ana diskiçerisinde oldugunu bıldıgım fakat wındowsta hıc bır sekılde goremedıgım jix9a.bat vb 1 kaç dosya var ve bunlar hdd lerımın tumunun root dızınıne bulastı ve avo.exe ckvo.exe kavo.exe dıye dosyalar olusturuyor systemın run kısmada eklıor system32 nın ıcınde gozukuoyor exe olanlar ancak oylebı dosyayı bulamıyorum bu lanet vırus ınternetımın baglatısını kesınce baglanmaya calısıor sanırım trojen olldugunu sanıyorum hocam bı yardım et 500gb arsıvımı formatlayamıorum |
Bunlari bir fixlemeyi dene bakalim. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 |
rica ederim. Bir sorun olursa buradayim
Bu mesaja 1 cevap geldi. Cevapları Gizle