|
| |||||||
 |
 |
| | Konu Araçları |
|
#1
23 Haziran 2009, 10:38
| |||
| |||
| MultiPacked.Multi.Generic Kötü Amaçlı Yazılım ile Infected! Kısa bir tema uygulama indirilebilir. Yükleme üzerine, Kaspersky istenir bir uyarı bilgisayar MultiPacked.Multi.Generic kötü amaçlı yazılım bulaşmış olduğunu söyledi. Benim Kaspersky çalışma durduruldu ve windows'umun tema gitmiş-Windows klasik sıkışıp yaşıyorum. Lütfen yardım edin! |
|
#2
23 Haziran 2009, 11:25
| |||
| |||
| MultiPacked.Multi.Generic Kötü Amaçlı Yazılım ile Infected! Bana herhangi günlüklerinin elde deneyin yapabilirsiniz buradan. http://www.computer-juice.com/forums...-posting-7476/
__________________  |
|
#3
24 Haziran 2009, 11:44
| |||
| |||
| MultiPacked.Multi.Generic Kötü Amaçlı Yazılım ile Infected! Forum gibi bir aksaklık vardı. Lütfen bu DDS sonrası girer. Yükleme DDS gelen | BURADA | veya | BURADA | veya | BURADA | ve masaüstünüze kaydedin. Vista kullanıcıları Sağ tıklayın DDS ve Yönetici olarak çalıştır'ı (siz UAC, bu izin) lütfen istemi alırsınız * XP kullanıcıları Çift tıklayın DDS çalıştırmak için. * Eğer bir virüsten koruma veya güvenlik duvarı sonra DDS engellemek için deneyin çalışmasına izin lütfen. * Ne zaman DDS (2) günlüklerinin iki açılacaktır tamamladı. 1) DDS.txt 2) Attach.txt Masaüstünüze iki günlükleri Kaydet *. * Lütfen kopyalamak ve gelecek cevap her iki günlüklerinin tüm içeriğini yapıştırın. Not: DDS size ek olarak Attach.txt giriş göndermek için talimat olacak. Lütfen sadece yazı olarak da kopyalamak istediğiniz diğer giriş ve cevap yapıştırmayı.
__________________ |
|
#4
24 Haziran 2009, 13:55
| |||
| |||
| MultiPacked.Multi.Generic Kötü Amaçlı Yazılım ile Infected! DDS (Ver_09-05-14/01) - NTFSx86 Çalıştır'ı Fare ile 16:53:23.36 at 06/24/2009 Çarşamba tarihinde Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1294 [GMT -4:00] AV: Kaspersky Internet Security * On-access tarama özürlü * (Güncelleme) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * * (2C4D4BC6-0793-4956-A9F9-E252435469C0) etkin ============== Çalışan süreçleri =============== C: \ WINDOWS \ system32 \ Svchost-k DcomLaunch svchost.exe C: \ WINDOWS \ System32 \ svchost.exe-k netsvcs C: \ WINDOWS \ system32 \ svchost.exe-k WudfServiceGroup svchost.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ WINDOWS \ Explorer.EXE C: \ WINDOWS \ system32 \ CTHELPER.EXE C: \ WINDOWS \ system32 \ CTXFIHLP.EXE C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe C: \ WINDOWS \ system32 \ Rundll32.exe C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ WINDOWS \ SYSTEM32 \ CTXFISPI.EXE C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe C: \ progra ~ 1 \ intern mikro ~ 4 \ rapimgr.exe svchost.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe C: \ WINDOWS \ system32 \ nvsvc32.exe C: \ WINDOWS \ system32 \ PnkBstrA.exe C: \ WINDOWS \ System32 \ svchost.exe-k imgsvc C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Eğlence Merkezi \ EAXLoadr.exe C: \ Program Files \ görüş \ Common \ ViewpointService.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ WINDOWS \ System32 \ svchost.exe-k HTTPFilter C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ Program Files \ LimeWire \ LimeWire.exe C: \ Documents and Settings \ Mouse \ Desktop \ dds.com ============== Psödo HJT Rapor =============== uStart Sayfa = hxxp: / / google.com / uInternet Ayarlar, ProxyOverride = *. yerel BHO: Adobe PDF Reader Link Helper: (06849e9f-c8d7-4d59-b87d-784b7d6be0b3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll BHO: Skype eklemek-(beyin): (22bf413b-c6d2-4d91-82a9-a0f997ba588c) - C: \ Program Files \ Skype \ araç çubukları \ Internet Explorer \ SkypeIEPlugin.dll üzerinde BHO: IEVkbdBHO Sınıf: (59273ab4-e7d3-40f9-a1a8-6fa9cca1862c) - C: \ Program Files \ Kaspersky laboratuvar \ Kaspersky Internet Security 2009 \ ievkbd.dll BHO: Java (tm) Plug-in 2 SSV Helper: (dbc80044-a445-435b-bc74-9c25c1c588a9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll olarak BHO: JQSIEStartDetectorImpl Sınıf: (e7e6f031-17ce-4c07-bc86-eabfe594f69c) - C: \ Program Files \ Java \ jre6 \ lib '\ dağıtmak \ jqs \ yani \ jqs_plugin.dll TB: YouTube Tarayıcı Eklentisi: (d0943516-5076-4020-a3b5-aefaf26ab263) - C: \ Program Files \ Veoh ağlar \ Veoh \ plugin \ reg \ VeohToolbar.dll EB: (32683183-48a0-441b-a342-7c2a440a9478) - Hayır Dosya Ürün: [ctfmon.exe] c: \ windows \ system32 \ ctfmon.exe Ürün: [H / PC Connection Agent] "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" mRun: [NvCplDaemon] Rundll32.exe C: \ Windows \ system32 \ NvCpl.dll, NvStartup mRun: [CTHelper] CTHELPER.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [CTDVDDET] "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ dvdaudio \ CTDVDDET.EXE" mRun: [RCSystem] "C: \ Program Files \ Creative \ dosyaları paylaşılan \ modül yükleyici \ DLLML.exe" RCSystem *-Başlangıç mRun: [AudioDrvEmulator] "C: \ Program Files \ Creative \ dosyaları paylaşılan \ modül yükleyici \ dllml.exe" -1 audiodrvemulator "C: \ Program Files \ Creative \ \ modül yükleyici \ ses öykünücüsü \ AudDrvEm.dll" dosyaları paylaşılan mRun: [VolPanel] "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ ses paneli \ VolPanlu.exe" / r mRun: [NvMediaCenter] Rundll32.exe C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit mRun: [AVP] "C: \ Program Files \ Kaspersky laboratuvar \ Kaspersky Internet Security 2009 \ avp.exe" mRun: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime mRun: [AppleSyncNotifier] C: \ Program Files \ Common Files \ Apple \ mobil cihaz desteği \ bin \ AppleSyncNotifier.exe mRun: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" IE: Afiş Reklam Engelleyicisi için - C: \ Program Files \ Kaspersky laboratuvar \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm ekle IE: E & Microsoft Excel - c: \ progra ~ 1 \ mikro ~ 2 \ Office10 \ EXCEL.EXE/3000 için xport IE: (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe IE: (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe IE: (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - (85E0B171-04FA-11D1-B7DA-00A0C90348D6) - C: \ Program Files \ Kaspersky laboratuvar \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll IE: (2EAF5BB1-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - c: \ progra ~ 1 \ mikro ~ 4 \ INetRepl.dll IE: (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - c: \ progra ~ 1 \ mikro ~ 4 \ INetRepl.dll IE: (77BF5300-1474-4EC7-9980-D32B190E9B07) - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Program Files \ Skype \ araç çubukları \ Internet Explorer \ SkypeIEPlugin.dll DPF: Microsoft XML Parser for Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (17492023-C23A-453E-A040-C7C580BBF700) - hxxp: / / go.microsoft.com / /? = 39204 linkid fwlink DPF: (45B69029-F3AB-4204-92DE-D5140C3E8E74) - hxxps: / / portal.apogentech.com / vdesk / terminali / InstallerControl.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll DPF: (57C76689-F052-487B-A19F-855AFDDF28EE) - hxxps: / / portal.apogentech.com/vdesk/terminal/f5InspectionHost.cab # version = 6030,2008,0904,1939 DPF: (8AD9C840-044E-11D1-B3E9-00805F499D93) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D) - hxxps: / / portal.apogentech.com/policy/download_binary.php/win32/f5syschk.cab # Version = 6030,2008,0904,1947 Handler: CDO - (CD00020A-8B95-11D1-82DB-00C04FB1625D) - C: \ Program Files \ Common Files \ Microsoft Shared \ web klasörler \ PKMCDO.DLL Handler: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - c: \ progra ~ 1 \ Common ~ 1 \ Skype \ SKYPE4 ~ 1.DLL Notify:! SASWinLogon - C: \ Program Files \ superantispyware \ SASWINLO.DLL Notify: klogon - c: \ windows \ system32 \ klogon.dll AppInit_DLLs: c: \ progra ~ 1 \ Kasper ~ 1 \ Kasper ~ 1 \, c mzvkbd.dll: \ progra ~ 1 \ Kasper ~ 1 \ Kasper ~ 1 \, c adialhk.dll: \ progra ~ 1 \ kaspe R ~ 1 \ Kasper ~ 1 \ kloehk.dll SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - c: \ windows \ system32 \ WPDShServiceObj.dll Seh: SABShellExecuteHook Sınıf: (5ae067d3-9afb-48e0-853a-ebb7f4a000da) - C: \ Program Files \ superantispyware \ SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath -- ============= HİZMETLER / SÜRÜCÜLER =============== R0 kl1; Kl1 c: \ windows \ system32 \ drivers \ kl1.sys [2007-10-31 112144] R0 klbg; Kaspersky Lab Boot Guard Sürücü c: \ windows \ system32 \ drivers \ klbg.sys [2008/1/29 33808] R1 klif; Kaspersky Lab Sürücü c: \ windows \ system32 \ drivers \ klif.sys [2008/4/18 213520] R1 SASKUTIL; SASKUTIL c: \ Program Files \ superantispyware \ SASKUTIL.SYS [2008/2/29 55024] R1 UGURU; UGURU c: \ windows \ system32 \ drivers \ uGuru.sys [2008/5/12 14592] R2 AVP; Kaspersky Internet Security, c: \ Program Files \ Kaspersky laboratuvar \ Kaspersky Internet Security 2009 \ avp.exe-R -> C: \ Program Files \ Kaspersky laboratuvar \ Kaspersky Internet Security 2009 \ avp.exe-r [? ] R2 bakış Müdürü Servis; bakış Müdürü Servisi, c: \ Program Files \ görüş \ Common \ ViewpointService.exe [2008/12/7 24652] R3 KLFLTDEV; Kaspersky Lab KLFltDev c: \ windows \ system32 \ drivers \ klfltdev.sys [2008/3/13 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter c: \ windows \ system32 \ drivers \ klim5.sys [2007-12-13 24592] R3 SASENUM; SASENUM c: \ Program Files \ superantispyware \ SASENUM.SYS [2006/2/16 4096] S1 SASDIFSV; SASDIFSV c: \ Program Files \ superantispyware \ SASDIFSV.SYS [2008/2/29 9968] S2 Cubase32; Cubase32 c: \ windows \ system32 \ drivers \ Küba se32.sys [2009/4/5 11808] S3 IlvMoneyDRIVER53; IlvMoneyDRIVER53 c: \ windows \ syste M32 \ drivers \ IlvMoney1215.sys [2008/8/21 30080] =============== Created Son 30 ================ 2009/06/17 13:58 <DIR> - D ----- C: \ Program Files \ LSoft Teknolojileri 2009/06/13 12:32 <DIR> - D ----- C: \ Program Files \ iPod 2009/06/13 12:32 <DIR> - D ----- C: \ Program Files \ iTunes ==================== Find3M ==================== ============= FİNİŞ: 16:54:12.42 =============== ÖZELLİKLE talimat, DON'T POST THIS LOG sürece. TALEP EĞER Posta IT UP ve ekleyin DDS (Ver_09-05-14/01) Microsoft Windows XP Professional Boot Device: \ Device \ HarddiskVolume1 Yükleme Tarihi: 5/12/2008 2:38:20 Sistem Uptime: 6/24/2009 12:33:35 (4 saat önce) Anakart: http://www.abit.com.tw/ | | IP35 PRO (P35 + ICH9R) İşlemci: Intel (R) Pentium (R) 4 CPU 2.80GHz | Soket 775 | 3024/216mhz ==== Disk Partitions ========================= C: çıkarılabilir C: SABİT (NTFS) ise - 128 Cebelitarık toplam 60,146 Cebelitarık ücretsiz. D: SABİT (NTFS) ise - 69 Cebelitarık toplam 60,479 Cebelitarık ücretsiz. E: CD-ROM (CDFS) olduğunu F: CDROM (CDFS) olduğunu G: SABİT (NTFS) ise - 245 Cebelitarık toplam 138,326 Cebelitarık ücretsiz. H: CDROM ise () I: CD-ROM ise () J: CDROM ise () K: CDROM ise () ==== Engelli Aygıt Yöneticisi Öğeler ============= Sınıf GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Açıklama: Realtek RTL8169/8110 Aile Gigabit Ethernet NIC Aygıt Kimliği: PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Üretici: Realtek Semiconductor Corp Adı: Realtek RTL8169/8110 Aile Gigabit Ethernet NIC # 3 PNP Aygıt Kimliği: PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Servis: RTL8023xp Sınıf GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Açıklama: MAC Köprüsü Miniport Aygıt Kimliği: ROOT \ MS_BRIDGEMP \ 0000 Üretici: Microsoft Adı: MAC Köprüsü Miniport PNP Aygıt Kimliği: ROOT \ MS_BRIDGEMP \ 0000 Servis: BridgeMP ==== Sistem Geri Yükleme Noktaları =================== RP202: 3/26/2009 6:14:01 - Sistem Denetim RP203: 3/27/2009 9:06:08 - Sistem Denetim RP204: 3/30/2009 12:43:20 - Sistem Denetim RP205: 4/1/2009 5:11:23 - Sistem Denetim RP206: 4/3/2009 3:31:49 - Sistem Denetim RP207: 4/6/2009 11:30:33 - Sistem Denetim RP208: 4/8/2009 1:48:55 - MapleStory GL kaldırıldı. RP209: 4/8/2009 1:49:05 - Yüklü MapleStory. RP210: 4/8/2009 2:00:33 - MapleStory Kaldırıldı. RP211: 4/8/2009 2:12:11 - Yüklü MapleStory. RP212: 4/9/2009 1:53:58 - Sistem Denetim RP213: 4/11/2009 6:22:36 - Sistem Denetim RP214: 4/14/2009 11:18:28 - Sistem Denetim RP215: 4/15/2009 5:50:23 - Yazılım Dağıtım Hizmeti 3,0 RP216: 4/18/2009 1:32:37 - Sistem Denetim RP217: 4/21/2009 2:37:36 - Sistem Denetim RP218: 4/22/2009 5:07:27 - Sistem Denetim RP219: 4/24/2009 2:41:28 - Sistem Denetim RP220: 4/25/2009 10:07:27 - Sistem Denetim RP221: 4/28/2009 6:48:10 - Yüklü Java (TM) 6 Update 13 RP222: 5/2/2009 7:23:06 - Sistem Denetim RP223: 5/3/2009 11:36:18 - Sistem Denetim RP224: 5/5/2009 2:29:10 - Sistem Denetim RP225: 5/6/2009 8:29:33 - Sistem Denetim RP226: 5/7/2009 3:00:17 - Yazılım Dağıtım Hizmeti 3,0 RP227: 5/7/2009 11:16:03 - Windows XP WgaNotify yüklenir. RP228: 5/9/2009 11:12:42 - Sistem Denetim RP229: 5/10/2009 5:10:12 - Sistem Denetim RP230: 5/11/2009 9:02:07 - Sistem Denetim RP231: 5/13/2009 12:26:07 - Yazılım Dağıtım Hizmeti 3,0 RP232: 5/14/2009 2:28:00 - ZU Kaldırılan-ONLINE RP233: 5/15/2009 2:47:49 - Sistem Denetim RP234: 5/17/2009 1:28:31 - Sistem Denetim RP235: 5/17/2009 4:58:00 - sürücü LG USB modem RP236: 5/19/2009 11:34:48 - Sistem Denetim RP237: 5/20/2009 12:47:48 - Sistem Denetim RP238: 5/23/2009 10:08:08 - Sistem Denetim RP239: 6/1/2009 10:03:10 - Sistem Denetim RP240: 6/2/2009 10:03:30 - Sistem Denetim RP241: 6/3/2009 11:47:56 - Sistem Denetim RP242: 6/5/2009 11:10:53 - Sistem Denetim RP243: 6/7/2009 2:46:24 - Sistem Denetim RP244: 6/9/2009 11:32:41 - Sistem Denetim RP245: 6/10/2009 5:52:30 - Sistem Denetim RP246: 6/10/2009 11:00:09 - Yazılım Dağıtım Hizmeti 3,0 RP247: 6/12/2009 12:14:34 - Sistem Denetim RP248: 6/13/2009 1:12:33 - Sistem Denetim RP249: 6/14/2009 9:20:14 - Sistem Denetim RP250: 6/15/2009 9:53:46 - Sistem Denetim RP251: 6/17/2009 12:27:01 - Sistem Denetim RP252: 6/21/2009 7:28:06 - Sistem Denetim RP253: 6/22/2009 8:08:50 - Sistem Denetim RP254: 6/23/2009 2:54:41 - Garmin Şehir Rehberi Kuzey Amerika NT 2009 Güncelleştirmesi Kaldırıldı RP255: 6/23/2009 2:58:20 - palmOne Kaldırıldı RP256: 6/24/2009 3:58:18 - Sistem Denetim ==== ====================== Programları Yüklendi ==== Olay Görüntüleyicisi Mesajlar Son Hafta Gönderen ======== ==== Dosya sonu =========================== |
|
#5
24 Haziran 2009, 14:05
| |||
| |||
| MultiPacked.Multi.Generic Kötü Amaçlı Yazılım ile Infected! Download ComboFix © subs tarafından birini bağlantılar altı. Be üst emin için kaydedin Masaüstü. Bağlantı # 1 Bağlantı # 2 ** Not: Bu doğrudan Masaüstü kaydedilir önemlidir DON'T henüz çalıştırın! Not: talimatları altında özellikle bu kullanıcı için oluşturulmuştur. Bu kullanıcı değilseniz DON'T gibi sisteminizin çalışmalarına zarar verebilir bu yönergeleri izleyin Bu dosyaları sil / klasörler aşağıdaki gibidir: 1. Git Başlatmak > Çalıştırmak > Türü Notepad.exe tıklayın Tamam Not Defteri'nde açın. O zorunlu Not Defteri, Wordpad olmaz. 2. Kod kutusu altındaki tüm metin ve basılarak vurgulayarak olarak metin kopyalama Ctrl + C Kodu: Killall:: DDS:: uInternet Ayarlar, ProxyOverride = *. yerel EB: (32683183-48a0-441b-a342-7c2a440a9478) - Hayır Dosya IE: (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll Sürücü:: bakış Müdürü Servis Folder:: C: \ Program Files \ bakış 4. Sonra Dosya > Kaydetmek 5. Adı dosya CFScript.txt - Masaüstü için dosyayı kaydedin 6. Sonra sürükleyin CFScript sırasında dosya sürükleyerek () sol fare tuşunu basılı tutun ve (sol fare düğmesini bırakın bırakın) ComboFix.exe doğru aşağıdaki ekran görüntüsünde görebilirsiniz. Önemli: Dikkatle talimat gerçekleştirin!  ComboFix çalıştırmak için, sadece istemleri takip başlar. Yeniden doğmuş sonra (bu yeniden başlatma ister durumda), bu sizin için bir giriş oluşturur. Yazı o (Combofix.txt) sonraki cevap giriş. Not: Süre Çalışıyorsa ComboFix pencere mouseclick etmeyin. Bu dondurma için sistem neden olabilir
__________________ |
|
#6
25 Haziran 2009, 08:45
| |||
| |||
| MultiPacked.Multi.Generic Kötü Amaçlı Yazılım ile Infected! ComboFix 09-06-23.01 - Fare 06/24/2009 17:18.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1452 [GMT -4:00] Koşturuyorlar: C: \ Documents and Settings \ Mouse \ Desktop \ ComboFix.exe Komuta kullanılan anahtarlar:: c: \ Documents and Settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * On-access tarama özürlü * (Güncelleme) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * * (2C4D4BC6-0793-4956-A9F9-E252435469C0) etkin . ((((((((((((((((((((((((((((((((((((((( Diğer Deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Program Files \ bakış c: \ geri dönüşüm \ S-1-5-21-1957994488-1801674531-1177238915-1004 c: \ geri dönüşüm \ S-1-5-21-789336058-2025429265-1644491937-1003 c: \ windows \ system32 \ drivers \ kl1.sys C: \ Program Files \ Messenger \ msmsgs.exe C: \ Program Files \ görüş \ Common \ ViewpointService.exe C: \ Program Files \ görüş \ Common \ VistaBoot.sdll C: \ Program Files \ görüş \ bakış Media Player \ AxMetaStream.dll C: \ Program Files \ görüş \ bakış Media Player \ ClassIDs.ini C: \ Program Files \ görüş \ bakış Media Player \ ComponentMgr.dll C: \ Program Files \ görüş \ bakış Media Player \ MetaStreamID.ini C: \ Program Files \ görüş \ bakış Media Player \ MtsAxInstaller.exe C: \ Program Files \ görüş \ bakış Media Player \ NewComponents \ AOLUserShell.dll C: \ Program Files \ görüş \ bakış Media Player \ NewComponents \ Cursors.dll C: \ Program Files \ görüş \ bakış Media Player \ NewComponents \ JpegReader.dll C: \ Program Files \ görüş \ bakış Media Player \ NewComponents \ Mts3Reader.dll C: \ Program Files \ görüş \ bakış Media Player \ NewComponents \ SceneComponent.dll C: \ Program Files \ görüş \ bakış Media Player \ NewComponents \ SreeDMMX.dll C: \ Program Files \ görüş \ bakış Media Player \ NewComponents \ SWFView.dll C: \ Program Files \ görüş \ bakış Media Player \ NewComponents \ VETScriptInterpreter.dll C: \ Program Files \ görüş \ bakış Media Player \ NewComponents \ VMPSpeech.dll C: \ Program Files \ görüş \ bakış Media Player \ NewComponents \ VMPVideo2.dll C: \ Program Files \ görüş \ bakış Media Player \ npViewpoint.dll C: \ Program Files \ görüş \ bakış Media Player \ npViewpoint.xpt c: \ geri dönüşüm \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ Desktop.ini c: \ geri dönüşüm \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ INFO2 c: \ geri dönüşüm \ S-1-5-21-789336058-2025429265-1644491937-1003 \ Desktop.ini c: \ geri dönüşüm \ S-1-5-21-789336058-2025429265-1644491937-1003 \ INFO2 c: \ windows \ emMON.exe c: \ windows \ system32 \ Codec \ 7zAES.dll c: \ windows \ system32 \ Codec \ AES.dll c: \ windows \ system32 \ Codec \ Branch.dll c: \ windows \ system32 \ Codec \ BZip2.dll c: \ windows \ system32 \ Codec \ Copy.dll c: \ windows \ system32 \ Codec \ Deflate.dll c: \ windows \ system32 \ Codec \ LZMA.dll c: \ windows \ system32 \ Codec \ PPMd.dll c: \ windows \ system32 \ Codec \ Rar29.dll c: \ windows \ system32 \ Codec \ Swap.dll c: \ windows \ system32 \ drivers \ ctoss2k.sys c: \ windows \ system32 \ Formatlar \ 7z.dll . ((((((((((((((((((((((((((((((((((((((( Sürücüler / Hizmetler )))))))) ))))))))))))))))))))))))))))))))))))))))) . ------- \ Legacy_ILVMONEYDRIVER53 ------- \ Legacy_VIEWPOINT_MANAGER_SERVICE ------- \ Service_IlvMoneyDRIVER53 ------- \ Service_Viewpoint Müdürü Servisi ------- \ Legacy_ossrv ------- \ Service_ossrv ((((((((((((((((((((((((( Dosyalar 2009/05/24 için 2009/06/24 ))))))))))) kimden Oluşturuldu )))))))))))))))))))) . 2009-06-23 18:47. 2009/06/24 16:37 117760 ---- aw-c: \ Documents and Settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- D ----- w-C: \ Program Files \ LSoft Teknolojiler 2009-06-13 16:32. 2009-06-13 16:32 -------- D ----- w-C: \ Program Files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- D ----- w-C: \ Program Files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- D ----- w-C: \ Program Files \ QuickTime 2009-06-13 16:23. 2009/06/13 16:23 75048 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Önbellek \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001/08/18 02:36 462848-c - aw-c: \ windows \ System32 \ Dllcache \ a3dapi.dll 2009-06-10 23:14. 2001/08/18 02:36 462848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- D ----- w-C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- D ----- w-C: \ Oyunlar 2009-06-10 20:13. 2009/05/07 15:32 345600-c ---- w-c: \ windows \ System32 \ Dllcache \ Localspl.dll 2009-06-10 20:13. 2009/04/15 14:51 585216-c ---- w-c: \ windows \ System32 \ Dllcache \ Rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapor )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-24 23:25. 2008-05-16 03:35 -------- D ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-24 21:26. 2008/05/16 03:35 761888 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-24 21:26. 2008/05/16 03:35 64388 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-24 21:26. 2008/05/16 03:35 4571424 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-24 21:26. 2008/05/16 03:35 29696 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-24 21:09. 2008-05-17 00:25 -------- D ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- D ----- w-C: \ Program Files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- D ----- w-C: \ Program Files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 -------- D ----- w-C: \ Program Files \ palmOne 2009/06/21 23:00. 2009/02/09 03:50 138184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009/06/21 23:00. 2009/02/09 03:50 183112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- D ----- w-C: \ Program Files \ Diablo II 2009/06/18 22:31. 2008-06-02 00:09 -------- D --- Aw-c: \ Documents and Settings \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 -------- D ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- D ----- w-C: \ Program Files \ Common Files \ Apple 2009-05-20 16:16. 2008/05/16 03:36 94643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009-05-20 16:16. 2008/05/16 03:36 105395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009-05-17 20:58. 2009-05-17 20:58 -------- D ----- w-C: \ Program Files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-C: \ Program Files \ InstallShield Yükleme Bilgileri 2009-05-17 20:57. 2008-05-12 09:20 -------- D ----- w-C: \ Program Files \ Common Files \ InstallShield 2009-05-07 15:32. 2003/03/31 12:00 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003/03/31 12:00 666624 ---- aw-c: \ windows \ system32 \ Wininet.dll 2009-04-29 04:46. 2008/05/16 21:18 81920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- D ----- w-C: \ Program Files \ Java 2009-04-28 10:47. 2009/04/28 10:47 152576 ---- aw-c: \ Documents and Settings \ Mouse \ Application Data \ Pazar \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-26 01:13. 2009-04-26 00:43 -------- D ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ Ağları Taşı 2009-04-17 12:26. 2003/03/31 12:00 1.847.168 ---- aw-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003/03/31 12:00 585216 ---- aw-c: \ windows \ system32 \ Rpcrt4.dll 2009-04-08 06:13. 2009/04/08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009/04/08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009/04/08 06:13 10134 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009/04/05 23:39. 2008/05/16 02:24 23032 ---- aw-c: \ Documents and Settings \ Mouse \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009/04/05 23:28 5.433.520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Puan )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Not * boş girişler ve yasal varsayılan girişler gösterilir değildir REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "ctfmon.exe" = "c: \ windows \ system32 \ ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008/05/03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Vb" [2008-05-03 86016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2009/01/01 04:29 356352 ---- aw-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro L \ safeboot \ Minimal \ Wdf01000.sys] @ = "Sürücü" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programlar ^ Başlangıç ^ Adobe Gamma Loader.lnk] path = c: \ Documents and Settings \ All Users \ Start Menu \ Programlar \ Başlangıç \ Adobe Gamma Loader.lnk yedek = c: \ windows \ PSS \ Adobe Gamma Loader.lnkCommon Başlangıç [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programlar ^ Başlangıç ^ HOTSYNCSHORTCUTNAME.lnk] path = c: \ Documents and Settings \ All Users \ Start Menu \ Programlar \ Başlangıç \ HOTSYNCSHORTCUTNAME.lnk yedek = c: \ windows \ PSS \ HOTSYNCSHORTCUTNAME.lnkCommo n Başlangıç [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programlar ^ Başlangıç ^ Microsoft Office.lnk] path = c: \ Documents and Settings \ All Users \ Start Menu \ Programlar \ Başlangıç \ Microsoft Office.lnk yedek = c: \ windows \ PSS \ Microsoft Office.lnkCommon Başlangıç [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ araçlar \ MSCONFIG \ hizmetler] paylaşılan "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Servisi" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "Hizmet" = 3 (0x3) iPod "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ Listesi] "% windir% \ \ system32 \ \" = Sessmgr.exe "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ \ YouTube \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \" = xfire.exe "c: \ \ Program Files \ \ Ubisoft \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ ingilizce \ \ setup.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Etkin: ActiveSync RAPI Müdürü "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Etkin: ActiveSync Bağlantı Yöneticisi "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Etkin: ActiveSync Uygulama "% windir% \ \ Network Diagnostic \ \" = xpnetdiag.exe "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Serisi \ \" = aolload.exe "c: \ \ Program Files \ \ AIM6 \ \" = aim6.exe "c: \ \ Program Files \ \ Bonjour \ \" = mDNSResponder.exe "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ Listesi] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Etkin: ActiveSync Servisi "58398: TCP" = 58398: TCP: Pando Medya Yükseltici "58398: UDP" = 58398: UDP: Pando Medya Yükseltici R0 klbg; Kaspersky Lab Boot Guard Sürücü c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 33808] R1 SASDIFSV; SASDIFSV c: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 9968] R1 SASKUTIL; SASKUTIL c: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 55024] R1 UGURU; UGURU c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter c: \ windows \ system32 \ drivers \ klim5.sys [12/13/2007 1:28 24592] S2 Cubase32; Cubase32 c: \ windows \ system32 \ drivers \ Küba se32.sys [4/5/2009 7:02 11808] S3 SASENUM; SASENUM c: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 4096] --- Diğer Hizmetler / Sürücüler hafızasına --- * NewlyCreated * - SASDIFSV . The 'Zamanlanmış Görevler' klasörüne İçerikleri 2009/06/13 c: \ windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009/06/24 c: \ windows \ Görevler \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . - - - - Yetimler Kaldırıldı - - - -- Safeboot-AVG Anti-Spyware Sürücü Safeboot-AVG Anti-Spyware Guard . ------- Supplementary Scan ------- . uStart Sayfa = hxxp: / / google.com / IE: Afiş Reklam Engelleyicisi için - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm ekle IE: E & Microsoft Excel - c: \ progra ~ 1 \ mikro ~ için xport 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - Rootkit / gizli kötü amaçlı yazılım dedektör Gmer tarafından, http://www.gmer.net Rootkit 2009/06/24 19:25 tarama 5/1/2600 Windows Service Pack 3 NTFS'ye gizli işlemler tarama ... Gizli kayıtları otomatik tarama ... Gizli dosya tarama ... başarıyla tamamlandı tarama Gizli dosya: 0 ************************************************** ************************ . --------------------- Kilitli kayıt defteri anahtarlarını --------------------- [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, e1, 00, EB, 16,2 b, de, FF, 66,8 f, 81, d1, 34, D2, D9, C8, 28,51, af, b0, 29, a3, 98, A9, c3, a8, 8a, 5e, d3, 39,87, e2, 63,26, f1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, C2, C2, DC E4, a8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa E9, a8, 42, 2f, c4, 6a, 9c, D6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, ec, 7e, 55,20, c9, 26, EB, a7, df, 4d, 25, C2, 62,83,25, da, ec, 7e, 55,20, c9, 26, a3, f2, 65, ed, 80,3 e, E4, F6, FF, 7c, 85, E0, 43, D4, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, E0, 57,5 a, 93,61, f2, a1, b4, 61,82, BB, AB, d5, 3e, 1e, 9e, E0, 57,5 a, 93,61,6 f, 0e, 5c, ae, ec, 4F, e7, 8d, 86,8 c, 21,01, 91 olması, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd 44, B9, a6, 33,6 c, cd, 91, d7, 7a, 29,97, cd C7, 40,4 b, cd, 44, cd, B9, a6, 33,6 c, cd, 49,19,95,11,6 f,, AC 43,68, f5, 1d, 4d, 73, a8, 13, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "" = hex: df, 20,58,62, 78,6 b, CF, C8, 7e, 4a, d5, 24,8 d, a4a1bcf2cc2b8bc3716b74b2b4522f5d 3a, 49, c4, b0, 18, ed, a7, 3f, 8d, 37, a4, 29, B5, 53,9 a, d3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, e1, ba, b1, f8, 68,02,09, D4, 0b, f3, 53, , 62,26,31,77, e1, ba, b1, f8, 68,02,77, c3, de, C6, 98,79, 54,2 BC c, FB, a7, 78, E6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "" = Hex: 01,3 a, 48, E8, 04,4 a, f1, df, 00, d5, 43, FC FF, 1d68fe701cdea33e477eb204b76f993d f8, 0f, f3, 83,6 c, 56,8 b, a0, 85,96, ab, d5, 19,39,90, da, 30, 2a, 05,01,3 a, 48, FC, E8, 04, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0f, 4e, 58, 98,5 b, 89, c9, 6a, EA, f8, c4, 82, 1a, 7f, d8, 51, FA, 6e, 91,28,9 e, 14, CC, 82, AC, 7a, 83, EB, 90, 81, C6, F6, 0f, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, EA, 26, 2d, 45, AA, 78,0 b, Lisans, 41,78,8 a, c9, 90,04, b1, cd, 45,5 a, a8, c4, f8, B9, 6b, C6, A2, 44,8 d, 59, a6, f5, 3d, CE, EA, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, b7, CC, B5, B9, 7f, 41, e7, 5d, 45,06,19,5 e, 30,20, E6, e3, 0e, 66, d5, EB, M.Ö., 2f, 6b, e1, 69,31, ac, gg, Lisans, 7f, 02,2 a, b7, CC, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "8a8aec57dd6508a385616fbc86791ec2" = hex: FA, EA, 66,7 f, D4, 3b, 6b, 70, A5, 97,0 a, 6e, 8a, CF, 52,73, FA, EA, 66,7 f, D4, 3b, 6b, 70,30,24, EA, 79, a1, 7b, 08,64,6 c, 43,2 d, 1e, AA, 22, \ [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen kı \ h-€ | yyyy ¤ • € | ù • A ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLL Yüklü çalışan süreçleri altında --------------------- - - - - - - -> 'Winlogon.exe' (1028) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> 'Explorer.exe' (3748) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Diğer çalışan süreçleri ----------------------- -- . C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe c: \ progra ~ 1 \ mikro ~ 4 \ rapimgr.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Eğlence Merkezi \ EAXLoadr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ wscntfy.exe c: \ windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Tamamlanma süresi: 2009/06/24 19:29 - makine yeniden başlatılması oldu ComboFix-karantinaya-files.txt 2009/06/24 23:29 ComboFix2.txt 2008/05/20 17:05 Ön Çalıştır'ı: 65511231488 bayt boş Post-Run: 67799437312 bayt boş WindowsXP-KB310994-SP2-Pro-Bootdisk-TRK.exe [boot loader] timeout = 2 default = multi (0) disk (0) rdisk (1) partition (1) \ WINDOW S [operating systems] c: \ Cmdcons \ BOOTSECT.DAT = "Microsoft Windows Kurtarma Konsolu" / cmdcons multi (0) disk (0) rdisk (1) partition (1) \ WINDOWS = "Micro yumuşak, Windows XP Professional" / noexecute = OptIn / fastdetect multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro yumuşak, Windows XP Professional" / fastdetect / noexecute = OptIn Güncel = 3 Varsayılan = 3 Başarısız = 1 LastKnownGood = 4 Kümelerine = 1,2,3,4 335 --- EOF --- 2009-06-11 03:03 |
|
#7
25 Haziran 2009, 09:58
| |||
| |||
| MultiPacked.Multi.Generic Kötü Amaçlı Yazılım ile Infected! Bu dosyaları sil / klasörler aşağıdaki gibidir: 1. Git Başlatmak > Çalıştırmak > Türü Notepad.exe tıklayın Tamam Not Defteri'nde açın. O zorunlu Not Defteri, Wordpad olmaz. 2. Kod kutusu altındaki tüm metin ve basılarak vurgulayarak olarak metin kopyalama Ctrl + C Kodu: Killall:: RegLock:: [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C - D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98 - D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B - 3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B - 37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073 - C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D - 1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen kı \ h-€ | yyyy ¤ • € | ù • A ~ *] 4. Sonra Dosya > Kaydetmek 5. Adı dosya CFScript.txt - Masaüstü için dosyayı kaydedin 6. Sonra sürükleyin CFScript sırasında dosya sürükleyerek () sol fare tuşunu basılı tutun ve (sol fare düğmesini bırakın bırakın) ComboFix.exe doğru aşağıdaki ekran görüntüsünde görebilirsiniz. Önemli: Dikkatle talimat gerçekleştirin! ComboFix çalıştırmak için, sadece istemleri takip başlar. Yeniden doğmuş sonra (bu yeniden başlatma ister durumda), bu sizin için bir giriş oluşturur. Yazı o (Combofix.txt) sonraki cevap giriş. Not: Süre Çalışıyorsa ComboFix pencere mouseclick etmeyin. Bu dondurma için sistem neden olabilir ---------- Ayrıca nasıl bilgisayar şimdi çalışan bildirin. .
__________________ |
|
#8
25 Haziran 2009, 16:17
| |||
| |||
| MultiPacked.Multi.Generic Kötü Amaçlı Yazılım ile Infected! ComboFix 09-06-23.01 - Fare 06/25/2009 19:04.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1597 [GMT -4:00] Koşturuyorlar: C: \ Documents and Settings \ Mouse \ Desktop \ ComboFix.exe Komuta kullanılan anahtarlar:: c: \ Documents and Settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * On-access tarama özürlü * (Güncelleme) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * (2C4D4BC6-0793-4956-A9F9-E252435469C0) engelli * . ((((((((((((((((((((((((((((((((((((((( Diğer Deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ drivers \ kl1.sys . ((((((((((((((((((((((((( Dosyalar 2009/05/25 için 2009/06/25 ))))))))))) kimden Oluşturuldu )))))))))))))))))))) . 2009-06-24 23:28. 2009-06-24 23:28 -------- DC ---- w-c: \ windows \ System32 \ Dllcache \ önbellek 2009-06-23 18:47. 2009/06/24 16:37 117760 ---- aw-c: \ Documents and Settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- D ----- w-C: \ Program Files \ LSoft Teknolojiler 2009-06-13 16:32. 2009-06-13 16:32 -------- D ----- w-C: \ Program Files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- D ----- w-C: \ Program Files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- D ----- w-C: \ Program Files \ QuickTime 2009-06-13 16:23. 2009/06/13 16:23 75048 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Önbellek \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001/08/18 02:36 462848-c - aw-c: \ windows \ System32 \ Dllcache \ a3dapi.dll 2009-06-10 23:14. 2001/08/18 02:36 462848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- D ----- w-C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- D ----- w-C: \ Oyunlar 2009-06-10 20:13. 2009/05/07 15:32 345600-c ---- w-c: \ windows \ System32 \ Dllcache \ Localspl.dll 2009-06-10 20:13. 2009/04/15 14:51 585216-c ---- w-c: \ windows \ System32 \ Dllcache \ Rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapor )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-25 23:11. 2008-05-16 03:35 -------- D ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009/06/25 23:09. 2008/05/16 03:35 761888 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009/06/25 23:09. 2008/05/16 03:35 64388 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009/06/25 23:09. 2008/05/16 03:35 4571424 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009/06/25 23:09. 2008/05/16 03:35 29696 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-24 23:59. 2008/01/29 22:29 33808 ---- aw-c: \ windows \ system32 \ drivers \ klbg.sys 2009-06-24 23:59. 2009/02/05 00:58 33808 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009-06-24 23:59. 2008/05/16 03:36 94643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009-06-24 23:59. 2008/05/16 03:36 105395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009-06-24 23:59. 2008/07/17 23:08 213520 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009-06-24 23:59. 2008/07/17 23:08 861448 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009-06-24 21:09. 2008-05-17 00:25 -------- D ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- D ----- w-C: \ Program Files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- D ----- w-C: \ Program Files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 -------- D ----- w-C: \ Program Files \ palmOne 2009/06/21 23:00. 2009/02/09 03:50 138184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009/06/21 23:00. 2009/02/09 03:50 183112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- D ----- w-C: \ Program Files \ Diablo II 2009/06/18 22:31. 2008-06-02 00:09 -------- D --- Aw-c: \ Documents and Settings \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 -------- D ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- D ----- w-C: \ Program Files \ Common Files \ Apple 2009-05-17 20:58. 2009-05-17 20:58 -------- D ----- w-C: \ Program Files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-C: \ Program Files \ InstallShield Yükleme Bilgileri 2009-05-17 20:57. 2008-05-12 09:20 -------- D ----- w-C: \ Program Files \ Common Files \ InstallShield 2009-05-07 15:32. 2003/03/31 12:00 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003/03/31 12:00 666624 ---- aw-c: \ windows \ system32 \ Wininet.dll 2009-04-29 04:46. 2008/05/16 21:18 81920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- D ----- w-C: \ Program Files \ Java 2009-04-28 10:47. 2009/04/28 10:47 152576 ---- aw-c: \ Documents and Settings \ Mouse \ Application Data \ Pazar \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-17 12:26. 2003/03/31 12:00 1.847.168 ---- aw-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003/03/31 12:00 585216 ---- aw-c: \ windows \ system32 \ Rpcrt4.dll 2009-04-08 06:13. 2009/04/08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009/04/08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009/04/08 06:13 10134 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009/04/05 23:39. 2008/05/16 02:24 23032 ---- aw-c: \ Documents and Settings \ Mouse \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009/04/05 23:28 5.433.520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008-03-26 00:07. 2008/03/26 00:07 24592 C: \ Windows \ system32 \ drivers \ klim5.sys - 2007-12-13 17:28. 2008/03/26 00:07 24592 C: \ Windows \ system32 \ drivers \ klim5.sys + 2009/06/24 23:28. 2008/10/16 19:09 51224 C: \ Windows \ System32 \ Dllcache \ önbellek \ wuauclt.exe + 2009/06/24 23:28. 2008/04/14 00:12 82432 C: \ Windows \ System32 \ Dllcache \ önbellek \ ws2_32.dll + 2009/06/24 23:28. 2008/04/14 00:12 26112 C: \ Windows \ System32 \ Dllcache \ önbelleğini \ userinit.exe + 2009/06/24 23:28. 2008/04/14 00:12 14336 C: \ Windows \ System32 \ Dllcache \ önbellek \ svchost.exe + 2009/06/24 23:28. 2008/04/14 00:12 57856 C: \ Windows \ System32 \ Dllcache \ önbelleğini \ spoolsv.exe + 2009/06/24 23:28. 2008/04/14 00:12 17408 C: \ Windows \ System32 \ Dllcache \ önbellek \ powrprof.dll + 2009/06/24 23:28. 2008/04/14 00:12 13312 C: \ Windows \ System32 \ Dllcache \ önbellek \ lsass.exe + 2009/06/24 23:28. 2008/04/13 18:39 24576 C: \ Windows \ System32 \ Dllcache \ önbellek \ kbdclass.sys + 2009/06/24 23:28. 2008/04/13 18:53 36608 C: \ Windows \ System32 \ Dllcache \ önbellek \ ip6fw.sys + 2009/06/24 23:28. 2008/04/14 00:12 15360 C: \ Windows \ System32 \ Dllcache \ önbelleğini \ ctfmon.exe - 2008-04-18 17:53. 2009/02/05 00:58 213520 C: \ Windows \ system32 \ drivers \ klif.sys + 2008-04-18 17:53. 2009/06/24 23:59 213520 C: \ Windows \ system32 \ drivers \ klif.sys + 2009/06/24 23:28. 2008-04-14 00:12 507904 C: \ Windows \ System32 \ Dllcache \ önbelleğini \ winlogon.exe + 2009/06/24 23:28. 2009/04/29 04:46 666624 C: \ Windows \ System32 \ Dllcache \ önbelleğini \ Wininet.dll + 2009/06/24 23:28. 2008-04-14 00:12 578560 C: \ Windows \ System32 \ Dllcache \ önbelleğini \ user32.dll + 2009/06/24 23:28. 2008-04-14 00:12 295424 C: \ Windows \ System32 \ Dllcache \ önbelleğini \ Termsrv.dll + 2009/06/24 23:28. 2008-06-20 11:51 361600 C: \ Windows \ System32 \ Dllcache \ önbelleğini \ Tcpip.sys + 2009/06/24 23:28. 2009/02/06 11:11 110592 C: \ Windows \ System32 \ Dllcache \ önbelleğini \ Services.exe + 2009/06/24 23:28. 2008-04-13 19:20 182656 C: \ Windows \ System32 \ Dllcache \ önbellek \ ndis.sys + 2009/06/24 23:28. 2009/03/21 14:06 989696 C: \ Windows \ System32 \ Dllcache \ önbellek \ kernel32.dll + 2009/06/24 23:28. 2008-04-14 00:11 110080 C: \ Windows \ System32 \ Dllcache \ önbellek \ imm32.dll + 2009/06/24 23:28. 2008-04-14 00:11 167936 C: \ Windows \ System32 \ Dllcache \ önbellek \ appmgmts.dll + 2009/06/24 23:28. 2008-04-14 00:12 1614848 C: \ Windows \ System32 \ Dllcache \ önbellek \ sfcfiles.dll + 2009/06/24 23:28. 2009-02-06 11:06 2145280 C: \ Windows \ System32 \ Dllcache \ önbellek \ Ntoskrnl.exe + 2009/06/24 23:28. 2009-02-06 10:32 2023936 C: \ Windows \ System32 \ Dllcache \ önbellek \ ntkrnlpa.exe + 2009/06/24 23:28. 2008-04-14 00:12 1033728 C: \ Windows \ System32 \ Dllcache \ önbelleğini \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Puan )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Not * boş girişler ve yasal varsayılan girişler gösterilir değildir REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "ctfmon.exe" = "c: \ windows \ system32 \ ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008/05/03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Vb" [2008-05-03 86016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2009/01/01 04:29 356352 ---- aw-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro L \ safeboot \ Minimal \ Wdf01000.sys] @ = "Sürücü" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programlar ^ Başlangıç ^ Adobe Gamma Loader.lnk] path = c: \ Documents and Settings \ All Users \ Start Menu \ Programlar \ Başlangıç \ Adobe Gamma Loader.lnk yedek = c: \ windows \ PSS \ Adobe Gamma Loader.lnkCommon Başlangıç [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programlar ^ Başlangıç ^ HOTSYNCSHORTCUTNAME.lnk] path = c: \ Documents and Settings \ All Users \ Start Menu \ Programlar \ Başlangıç \ HOTSYNCSHORTCUTNAME.lnk yedek = c: \ windows \ PSS \ HOTSYNCSHORTCUTNAME.lnkCommo n Başlangıç [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programlar ^ Başlangıç ^ Microsoft Office.lnk] path = c: \ Documents and Settings \ All Users \ Start Menu \ Programlar \ Başlangıç \ Microsoft Office.lnk yedek = c: \ windows \ PSS \ Microsoft Office.lnkCommon Başlangıç [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ araçlar \ MSCONFIG \ hizmetler] paylaşılan "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Servisi" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "Hizmet" = 3 (0x3) iPod "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ Listesi] "% windir% \ \ system32 \ \" = Sessmgr.exe "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ \ YouTube \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \" = xfire.exe "c: \ \ Program Files \ \ Ubisoft \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ ingilizce \ \ setup.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Etkin: ActiveSync RAPI Müdürü "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Etkin: ActiveSync Bağlantı Yöneticisi "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Etkin: ActiveSync Uygulama "% windir% \ \ Network Diagnostic \ \" = xpnetdiag.exe "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Serisi \ \" = aolload.exe "c: \ \ Program Files \ \ AIM6 \ \" = aim6.exe "c: \ \ Program Files \ \ Bonjour \ \" = mDNSResponder.exe "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ Listesi] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Etkin: ActiveSync Servisi "58398: TCP" = 58398: TCP: Pando Medya Yükseltici "58398: UDP" = 58398: UDP: Pando Medya Yükseltici R0 klbg; Kaspersky Lab Boot Guard Sürücü c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 33808] R1 SASDIFSV; SASDIFSV c: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 9968] R1 SASKUTIL; SASKUTIL c: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 55024] R1 UGURU; UGURU c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter c: \ windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 24592] S2 Cubase32; Cubase32 c: \ windows \ system32 \ drivers \ Küba se32.sys [4/5/2009 7:02 11808] S3 SASENUM; SASENUM c: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 4096] . The 'Zamanlanmış Görevler' klasörüne İçerikleri 2009/06/13 c: \ windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009/06/25 c: \ windows \ Görevler \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . . ------- Supplementary Scan ------- . uStart Sayfa = hxxp: / / google.com / IE: Afiş Reklam Engelleyicisi için - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm ekle IE: E & Microsoft Excel - c: \ progra ~ 1 \ mikro ~ için xport 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - Rootkit / gizli kötü amaçlı yazılım dedektör Gmer tarafından, http://www.gmer.net Rootkit 2009/06/25 19:11 tarama 5/1/2600 Windows Service Pack 3 NTFS'ye gizli işlemler tarama ... Gizli kayıtları otomatik tarama ... Gizli dosya tarama ... başarıyla tamamlandı tarama Gizli dosya: 0 ************************************************** ************************ . --------------------- Kilitli kayıt defteri anahtarlarını --------------------- [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, e1, 00, EB, 16,2 b, de, FF, 66,8 f, 81, d1, 34, D2, D9, C8, 28,51, af, b0, 29, a3, 98, A9, c3, a8, 8a, 5e, d3, 39,87, e2, 63,26, f1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, C2, C2, DC E4, a8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa E9, a8, 42, 2f, c4, 6a, 9c, D6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, ec, 7e, 55,20, c9, 26, EB, a7, df, 4d, 25, C2, 62,83,25, da, ec, 7e, 55,20, c9, 26, a3, f2, 65, ed, 80,3 e, E4, F6, FF, 7c, 85, E0, 43, D4, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, E0, 57,5 a, 93,61, f2, a1, b4, 61,82, BB, AB, d5, 3e, 1e, 9e, E0, 57,5 a, 93,61,6 f, 0e, 5c, ae, ec, 4F, e7, 8d, 86,8 c, 21,01, 91 olması, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd 44, B9, a6, 33,6 c, cd, 91, d7, 7a, 29,97, cd C7, 40,4 b, cd, 44, cd, B9, a6, 33,6 c, cd, 49,19,95,11,6 f,, AC 43,68, f5, 1d, 4d, 73, a8, 13, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "" = hex: df, 20,58,62, 78,6 b, CF, C8, 7e, 4a, d5, 24,8 d, a4a1bcf2cc2b8bc3716b74b2b4522f5d 3a, 49, c4, b0, 18, ed, a7, 3f, 8d, 37, a4, 29, B5, 53,9 a, d3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, e1, ba, b1, f8, 68,02,09, D4, 0b, f3, 53, , 62,26,31,77, e1, ba, b1, f8, 68,02,77, c3, de, C6, 98,79, 54,2 BC c, FB, a7, 78, E6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "" = Hex: 01,3 a, 48, E8, 04,4 a, f1, df, 00, d5, 43, FC FF, 1d68fe701cdea33e477eb204b76f993d f8, 0f, f3, 83,6 c, 56,8 b, a0, 85,96, ab, d5, 19,39,90, da, 30, 2a, 05,01,3 a, 48, FC, E8, 04, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0f, 4e, 58, 98,5 b, 89, c9, 6a, EA, f8, c4, 82, 1a, 7f, d8, 51, FA, 6e, 91,28,9 e, 14, CC, 82, AC, 7a, 83, EB, 90, 81, C6, F6, 0f, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, EA, 26, 2d, 45, AA, 78,0 b, Lisans, 41,78,8 a, c9, 90,04, b1, cd, 45,5 a, a8, c4, f8, B9, 6b, C6, A2, 44,8 d, 59, a6, f5, 3d, CE, EA, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, b7, CC, B5, B9, 7f, 41, e7, 5d, 45,06,19,5 e, 30,20, E6, e3, 0e, 66, d5, EB, M.Ö., 2f, 6b, e1, 69,31, ac, gg, Lisans, 7f, 02,2 a, b7, CC, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "8a8aec57dd6508a385616fbc86791ec2" = hex: FA, EA, 66,7 f, D4, 3b, 6b, 70, A5, 97,0 a, 6e, 8a, CF, 52,73, FA, EA, 66,7 f, D4, 3b, 6b, 70,30,24, EA, 79, a1, 7b, 08,64,6 c, 43,2 d, 1e, AA, 22, \ [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen kı \ h-€ | yyyy ¤ • € | ù • A ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLL Yüklü çalışan süreçleri altında --------------------- - - - - - - -> 'Winlogon.exe' (1028) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> 'Explorer.exe' (212) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Diğer çalışan süreçleri ----------------------- -- . C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Eğlence Merkezi \ EAXLoadr.exe c: \ progra ~ 1 \ mikro ~ 4 \ rapimgr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ CTxfispi.exe c: \ windows \ system32 \ wscntfy.exe . ************************************************** ************************ . Tamamlanma süresi: 2009/06/25 19:14 - makine yeniden başlatılması oldu ComboFix-karantinaya-files.txt 2009/06/25 23:14 ComboFix2.txt 2009/06/24 23:29 ComboFix3.txt 2008/05/20 17:05 Ön Çalıştır'ı: 67819319296 bayt boş Post-Run: 67883995136 bayt boş Güncel = 3 Varsayılan = 3 Başarısız = 1 LastKnownGood = 4 Kümelerine = 1,2,3,4 310 --- EOF --- 2009-06-11 03:03 |
|
#9
25 Haziran 2009, 18:13
| |||
| |||
| MultiPacked.Multi.Generic Kötü Amaçlı Yazılım ile Infected! Bir şey çok üzgünüm. Bu dosyaları sil / klasörler aşağıdaki gibidir: 1. Git Başlatmak > Çalıştırmak > Türü Notepad.exe tıklayın Tamam Not Defteri'nde açın. O zorunlu Not Defteri, Wordpad olmaz. 2. Kod kutusu altındaki tüm metin ve basılarak vurgulayarak olarak metin kopyalama Ctrl + C Kodu: Killall:: RegLock:: [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (47629D4B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (604BB98A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (684373FB-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (74554CCD-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (7EB537F9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (948395E8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (DE5654CA-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (E39C35E8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (EACAFCE5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ software \ Classes \ CLSID \ (F8F02ADD-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (FEE45DE2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Installer \ UserData \ LocalSystem \ Bileşenleri \ h-€ | yyyy ¤ • € | ù • A ~ *] 4. Sonra Dosya > Kaydetmek 5. Adı dosya CFScript.txt - Masaüstü için dosyayı kaydedin 6. Sonra sürükleyin CFScript sırasında dosya sürükleyerek () sol fare tuşunu basılı tutun ve (sol fare düğmesini bırakın bırakın) ComboFix.exe doğru aşağıdaki ekran görüntüsünde görebilirsiniz. Önemli: Dikkatle talimat gerçekleştirin! ComboFix çalıştırmak için, sadece istemleri takip başlar. Yeniden doğmuş sonra (bu yeniden başlatma ister durumda), bu sizin için bir giriş oluşturur. Yazı o (Combofix.txt) sonraki cevap giriş. Not: Süre Çalışıyorsa ComboFix pencere mouseclick etmeyin. Bu dondurma için sistem neden olabilir ---------- Ayrıca nasıl bilgisayar şimdi çalışan bildirin. .
__________________ |
|
#10
26 Haziran 2009, 00:59
| |||
| |||
| MultiPacked.Multi.Generic Kötü Amaçlı Yazılım ile Infected! ComboFix 09-06-23.01 - Fare 06/26/2009 3:47.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1564 [GMT -4:00] Koşturuyorlar: C: \ Documents and Settings \ Mouse \ Desktop \ ComboFix.exe Komuta kullanılan anahtarlar:: c: \ Documents and Settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * On-access tarama özürlü * (Güncelleme) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * (2C4D4BC6-0793-4956-A9F9-E252435469C0) engelli * . ((((((((((((((((((((((((((((((((((((((( Diğer Deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ drivers \ kl1.sys . ((((((((((((((((((((((((( Dosyalar 2009/05/26 için 2009/06/26 ))))))))))) kimden Oluşturuldu )))))))))))))))))))) . 2009-06-24 23:28. 2009-06-24 23:28 -------- DC ---- w-c: \ windows \ System32 \ Dllcache \ önbellek 2009-06-23 18:47. 2009/06/24 16:37 117760 ---- aw-c: \ Documents and Settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 -------- D ----- w-C: \ Program Files \ LSoft Teknolojiler 2009-06-13 16:32. 2009-06-13 16:32 -------- D ----- w-C: \ Program Files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 -------- D ----- w-C: \ Program Files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 -------- D ----- w-C: \ Program Files \ QuickTime 2009-06-13 16:23. 2009/06/13 16:23 75048 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Önbellek \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001/08/18 02:36 462848-c - aw-c: \ windows \ System32 \ Dllcache \ a3dapi.dll 2009-06-10 23:14. 2001/08/18 02:36 462848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 -------- D ----- w-C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 -------- D ----- w-C: \ Oyunlar 2009-06-10 20:13. 2009/05/07 15:32 345600-c ---- w-c: \ windows \ System32 \ Dllcache \ Localspl.dll 2009-06-10 20:13. 2009/04/15 14:51 585216-c ---- w-c: \ windows \ System32 \ Dllcache \ Rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapor )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009/06/26 07:54. 2008-05-16 03:35 -------- D ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-26 07:52. 2008/05/16 03:35 761888 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-26 07:52. 2008/05/16 03:35 64388 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-26 07:52. 2008/05/16 03:35 4571424 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-26 07:52. 2008/05/16 03:35 29696 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-25 23:24. 2008/01/29 22:29 33808 ---- aw-c: \ windows \ system32 \ drivers \ klbg.sys 2009-06-25 23:24. 2008/05/16 03:36 94643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009-06-25 23:24. 2008/05/16 03:36 105395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009-06-25 23:24. 2009/02/05 00:58 33808 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009-06-25 23:24. 2008/07/17 23:08 213520 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009-06-25 23:24. 2008/07/17 23:08 861448 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009-06-24 21:09. 2008-05-17 00:25 -------- D ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 -------- D ----- w-C: \ Program Files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 -------- D ----- w-C: \ Program Files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 -------- D ----- w-C: \ Program Files \ palmOne 2009/06/21 23:00. 2009/02/09 03:50 138184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009/06/21 23:00. 2009/02/09 03:50 183112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 -------- D ----- w-C: \ Program Files \ Diablo II 2009/06/18 22:31. 2008-06-02 00:09 -------- D --- Aw-c: \ Documents and Settings \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 -------- D ----- w-c: \ Documents and Settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 -------- D ----- w-C: \ Program Files \ Common Files \ Apple 2009-05-17 20:58. 2009-05-17 20:58 -------- D ----- w-C: \ Program Files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-C: \ Program Files \ InstallShield Yükleme Bilgileri 2009-05-17 20:57. 2008-05-12 09:20 -------- D ----- w-C: \ Program Files \ Common Files \ InstallShield 2009-05-07 15:32. 2003/03/31 12:00 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003/03/31 12:00 666624 ---- aw-c: \ windows \ system32 \ Wininet.dll 2009-04-29 04:46. 2008/05/16 21:18 81920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 -------- D ----- w-C: \ Program Files \ Java 2009-04-28 10:47. 2009/04/28 10:47 152576 ---- aw-c: \ Documents and Settings \ Mouse \ Application Data \ Pazar \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-17 12:26. 2003/03/31 12:00 1.847.168 ---- aw-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003/03/31 12:00 585216 ---- aw-c: \ windows \ system32 \ Rpcrt4.dll 2009-04-08 06:13. 2009/04/08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009/04/08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009/04/08 06:13 10134 ---- ar-c: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009/04/05 23:39. 2008/05/16 02:24 23032 ---- aw-c: \ Documents and Settings \ Mouse \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009/04/05 23:28 5.433.520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008-03-26 00:07. 2008/03/26 00:07 24592 C: \ Windows \ system32 \ drivers \ klim5.sys - 2007-12-13 17:28. 2008/03/26 00:07 24592 C: \ Windows \ system32 \ drivers \ klim5.sys + 2009/06/24 23:28. 2008/10/16 19:09 51224 C: \ Windows \ System32 \ Dllcache \ önbellek \ wuauclt.exe + 2009/06/24 23:28. 2008/04/14 00:12 82432 C: \ Windows \ System32 \ Dllcache \ önbellek \ ws2_32.dll + 2009/06/24 23:28. 2008/04/14 00:12 26112 C: \ Windows \ System32 \ Dllcache \ önbelleğini \ userinit.exe + 2009/06/24 23:28. 2008/04/14 00:12 14336 C: \ Windows \ System32 \ Dllcache \ önbellek \ svchost.exe + 2009/06/24 23:28. 2008/04/14 00:12 57856 C: \ Windows \ System32 \ Dllcache \ önbelleğini \ spoolsv.exe + 2009/06/24 23:28. 2008/04/14 00:12 17408 C: \ Windows \ System32 \ Dllcache \ önbellek \ powrprof.dll + 2009/06/24 23:28. 2008/04/14 00:12 13312 C: \ Windows \ System32 \ Dllcache \ önbellek \ lsass.exe + 2009/06/24 23:28. 2008/04/13 18:39 24576 C: \ Windows \ System32 \ Dllcache \ önbellek \ kbdclass.sys + 2009/06/24 23:28. 2008/04/13 18:53 36608 C: \ Windows \ System32 \ Dllcache \ önbellek \ ip6fw.sys + 2009/06/24 23:28. 2008/04/14 00:12 15360 C: \ Windows \ System32 \ Dllcache \ önbelleğini \ ctfmon.exe - 2008-04-18 17:53. 2009/02/05 00:58 213520 C: \ Windows \ system32 \ drivers \ klif.sys + 2008-04-18 17:53. 2009/06/25 23:24 213520 C: \ Windows \ system32 \ drivers \ klif.sys + 2009/06/24 23:28. 2008-04-14 00:12 507904 C: \ Windows \ System32 \ Dllcache \ önbelleğini \ winlogon.exe + 2009/06/24 23:28. 2009/04/29 04:46 666624 C: \ Windows \ System32 \ Dllcache \ önbelleğini \ Wininet.dll + 2009/06/24 23:28. 2008-04-14 00:12 578560 C: \ Windows \ System32 \ Dllcache \ önbelleğini \ user32.dll + 2009/06/24 23:28. 2008-04-14 00:12 295424 C: \ Windows \ System32 \ Dllcache \ önbelleğini \ Termsrv.dll + 2009/06/24 23:28. 2008-06-20 11:51 361600 C: \ Windows \ System32 \ Dllcache \ önbelleğini \ Tcpip.sys + 2009/06/24 23:28. 2009/02/06 11:11 110592 C: \ Windows \ System32 \ Dllcache \ önbelleğini \ Services.exe + 2009/06/24 23:28. 2008-04-13 19:20 182656 C: \ Windows \ System32 \ Dllcache \ önbellek \ ndis.sys + 2009/06/24 23:28. 2009/03/21 14:06 989696 C: \ Windows \ System32 \ Dllcache \ önbellek \ kernel32.dll + 2009/06/24 23:28. 2008-04-14 00:11 110080 C: \ Windows \ System32 \ Dllcache \ önbellek \ imm32.dll + 2009/06/24 23:28. 2008-04-14 00:11 167936 C: \ Windows \ System32 \ Dllcache \ önbellek \ appmgmts.dll + 2009/06/24 23:28. 2008-04-14 00:12 1614848 C: \ Windows \ System32 \ Dllcache \ önbellek \ sfcfiles.dll + 2009/06/24 23:28. 2009-02-06 11:06 2145280 C: \ Windows \ System32 \ Dllcache \ önbellek \ Ntoskrnl.exe + 2009/06/24 23:28. 2009-02-06 10:32 2023936 C: \ Windows \ System32 \ Dllcache \ önbellek \ ntkrnlpa.exe + 2009/06/24 23:28. 2008-04-14 00:12 1033728 C: \ Windows \ System32 \ Dllcache \ önbelleğini \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Puan )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Not * boş girişler ve yasal varsayılan girişler gösterilir değildir REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "ctfmon.exe" = "c: \ windows \ system32 \ ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008/05/03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Vb" [2008-05-03 86016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2009/01/01 04:29 356352 ---- aw-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro L \ safeboot \ Minimal \ Wdf01000.sys] @ = "Sürücü" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programlar ^ Başlangıç ^ Adobe Gamma Loader.lnk] path = c: \ Documents and Settings \ All Users \ Start Menu \ Programlar \ Başlangıç \ Adobe Gamma Loader.lnk yedek = c: \ windows \ PSS \ Adobe Gamma Loader.lnkCommon Başlangıç [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programlar ^ Başlangıç ^ HOTSYNCSHORTCUTNAME.lnk] path = c: \ Documents and Settings \ All Users \ Start Menu \ Programlar \ Başlangıç \ HOTSYNCSHORTCUTNAME.lnk yedek = c: \ windows \ PSS \ HOTSYNCSHORTCUTNAME.lnkCommo n Başlangıç [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programlar ^ Başlangıç ^ Microsoft Office.lnk] path = c: \ Documents and Settings \ All Users \ Start Menu \ Programlar \ Başlangıç \ Microsoft Office.lnk yedek = c: \ windows \ PSS \ Microsoft Office.lnkCommon Başlangıç [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ araçlar \ MSCONFIG \ hizmetler] paylaşılan "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Servisi" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "Hizmet" = 3 (0x3) iPod "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ Listesi] "% windir% \ \ system32 \ \" = Sessmgr.exe "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ \ YouTube \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \" = xfire.exe "c: \ \ Program Files \ \ Ubisoft \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ ingilizce \ \ setup.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Etkin: ActiveSync RAPI Müdürü "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Etkin: ActiveSync Bağlantı Yöneticisi "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Etkin: ActiveSync Uygulama "% windir% \ \ Network Diagnostic \ \" = xpnetdiag.exe "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Serisi \ \" = aolload.exe "c: \ \ Program Files \ \ AIM6 \ \" = aim6.exe "c: \ \ Program Files \ \ Bonjour \ \" = mDNSResponder.exe "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ Listesi] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Etkin: ActiveSync Servisi "58398: TCP" = 58398: TCP: Pando Medya Yükseltici "58398: UDP" = 58398: UDP: Pando Medya Yükseltici R0 klbg; Kaspersky Lab Boot Guard Sürücü c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 33808] R1 SASDIFSV; SASDIFSV c: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 9968] R1 SASKUTIL; SASKUTIL c: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 55024] R1 UGURU; UGURU c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter c: \ windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 24592] S2 Cubase32; Cubase32 c: \ windows \ system32 \ drivers \ Küba se32.sys [4/5/2009 7:02 11808] S3 SASENUM; SASENUM c: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 4096] . The 'Zamanlanmış Görevler' klasörüne İçerikleri 2009/06/13 c: \ windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009/06/26 c: \ windows \ Görevler \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . . ------- Supplementary Scan ------- . uStart Sayfa = hxxp: / / google.com / IE: Afiş Reklam Engelleyicisi için - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm ekle IE: E & Microsoft Excel - c: \ progra ~ 1 \ mikro ~ için xport 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - Rootkit / gizli kötü amaçlı yazılım dedektör Gmer tarafından, http://www.gmer.net Rootkit 2009/06/26 03:54 tarama 5/1/2600 Windows Service Pack 3 NTFS'ye gizli işlemler tarama ... Gizli kayıtları otomatik tarama ... Gizli dosya tarama ... başarıyla tamamlandı tarama Gizli dosya: 0 ************************************************** ************************ . --------------------- Kilitli kayıt defteri anahtarlarını --------------------- [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, e1, 00, EB, 16,2 b, de, FF, 66,8 f, 81, d1, 34, D2, D9, C8, 28,51, af, b0, 29, a3, 98, A9, c3, a8, 8a, 5e, d3, 39,87, e2, 63,26, f1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, C2, C2, DC E4, a8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa E9, a8, 42, 2f, c4, 6a, 9c, D6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, ec, 7e, 55,20, c9, 26, EB, a7, df, 4d, 25, C2, 62,83,25, da, ec, 7e, 55,20, c9, 26, a3, f2, 65, ed, 80,3 e, E4, F6, FF, 7c, 85, E0, 43, D4, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, E0, 57,5 a, 93,61, f2, a1, b4, 61,82, BB, AB, d5, 3e, 1e, 9e, E0, 57,5 a, 93,61,6 f, 0e, 5c, ae, ec, 4F, e7, 8d, 86,8 c, 21,01, 91 olması, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd 44, B9, a6, 33,6 c, cd, 91, d7, 7a, 29,97, cd C7, 40,4 b, cd, 44, cd, B9, a6, 33,6 c, cd, 49,19,95,11,6 f,, AC 43,68, f5, 1d, 4d, 73, a8, 13, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "" = hex: df, 20,58,62, 78,6 b, CF, C8, 7e, 4a, d5, 24,8 d, a4a1bcf2cc2b8bc3716b74b2b4522f5d 3a, 49, c4, b0, 18, ed, a7, 3f, 8d, 37, a4, 29, B5, 53,9 a, d3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, e1, ba, b1, f8, 68,02,09, D4, 0b, f3, 53, , 62,26,31,77, e1, ba, b1, f8, 68,02,77, c3, de, C6, 98,79, 54,2 BC c, FB, a7, 78, E6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "" = Hex: 01,3 a, 48, E8, 04,4 a, f1, df, 00, d5, 43, FC FF, 1d68fe701cdea33e477eb204b76f993d f8, 0f, f3, 83,6 c, 56,8 b, a0, 85,96, ab, d5, 19,39,90, da, 30, 2a, 05,01,3 a, 48, FC, E8, 04, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0f, 4e, 58, 98,5 b, 89, c9, 6a, EA, f8, c4, 82, 1a, 7f, d8, 51, FA, 6e, 91,28,9 e, 14, CC, 82, AC, 7a, 83, EB, 90, 81, C6, F6, 0f, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, EA, 26, 2d, 45, AA, 78,0 b, Lisans, 41,78,8 a, c9, 90,04, b1, cd, 45,5 a, a8, c4, f8, B9, 6b, C6, A2, 44,8 d, 59, a6, f5, 3d, CE, EA, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, b7, CC, B5, B9, 7f, 41, e7, 5d, 45,06,19,5 e, 30,20, E6, e3, 0e, 66, d5, EB, M.Ö., 2f, 6b, e1, 69,31, ac, gg, Lisans, 7f, 02,2 a, b7, CC, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "8a8aec57dd6508a385616fbc86791ec2" = hex: FA, EA, 66,7 f, D4, 3b, 6b, 70, A5, 97,0 a, 6e, 8a, CF, 52,73, FA, EA, 66,7 f, D4, 3b, 6b, 70,30,24, EA, 79, a1, 7b, 08,64,6 c, 43,2 d, 1e, AA, 22, \ [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen kı \ h-€ | yyyy ¤ • € | ù • A ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLL Yüklü çalışan süreçleri altında --------------------- - - - - - - -> 'Winlogon.exe' (672) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> 'Explorer.exe' (288) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Diğer çalışan süreçleri ----------------------- -- . C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Eğlence Merkezi \ EAXLoadr.exe c: \ progra ~ 1 \ mikro ~ 4 \ rapimgr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ wscntfy.exe c: \ windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Tamamlanma süresi: 2009/06/26 3:57 - makine yeniden başlatılması oldu ComboFix-karantinaya-files.txt 2009/06/26 07:57 ComboFix2.txt 2009/06/25 23:14 ComboFix3.txt 2009/06/24 23:29 ComboFix4.txt 2008/05/20 17:05 Ön Çalıştır'ı: 67824807936 bayt boş Post-Run: 67888648192 bayt boş Güncel = 3 Varsayılan = 3 Başarısız = 1 LastKnownGood = 4 Kümelerine = 1,2,3,4 311 --- EOF --- 2009-06-11 03:03 |
|
| |
| Bookmarks |
Benzer Konular | ||||
| Iplik | Konuyu Başlatan | Forum | Cevaplar | Son Mesaj |
| Sorun Truva Atı Downloader Genel 9 ile | ÖGB | Virüs, Spyware ve Güvenlik | 7 | 21 Kasım 2009 13:06 |
| Çok Masaüstü Uygulama? | Haun | Yazılım Genel Sohbet | 6 | 31. Mart 2009 01:30 |
| Heur Trojan Generic | kathymer | Virüs, Spyware ve Güvenlik | 10 | 29. Kasım 2008 12:58 |
| Heur.trojan.generic bulaşmış Lütfen Yardım | ruffryder2k7 | Virüs, Spyware ve Güvenlik | 17 | 6. Kasım 2008 10:39 |
| Size senkronizasyon için genel bir mp3 çalar mümkün edilmiştir [iTunes bir iPod] mı? | reyrey_angulo | Ses, Speakers & MP3 Çalarlar | 1 | Mar 2007 18. 15:39 |
| Konu Araçları | |
| |
