az-öz

Magazine
Go Back   Bilgisayar Suyu > Bilgisayar Yazılımı > Virüs, Spyware ve Güvenlik
Reload this Page

Smitfraud Virüs

Kayıt Site Spy Üye Listesi Bağış Aramak Bugünkü Mesajlar Forumları Okundu Forum Kuralları

Register


 Default 

Smitfraud Virüs




Reply
Sayfa 1 / 2 1 2
 
Konu Araçları
  #1  
Old 5 Şubat 2008, 12:35
Yeni Üye Grubu
  
Default Smitfraud Virüs

Merhaba
Ben yönetim kurulu yeni ve ben bunu Smitfraud için hangi düşünebilirler bir virüs kaldırma konusunda yardım istiyorum ve bu benim tarayıcı kaçırıldı vardır. Ben AVG ve Adaware koşmak ama o yardım etmez. OS XP burada günlük olmasıdır. Önceden yardım için teşekkür ederiz.


Logfile HijackThis v1.99.1 ve
Tarama 19:35:19 at 05/02/2008 kaydedilmiş
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Çalışan süreçleri:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgamsvr.exe
C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe
C: \ Program Files \ Thomson \ SpeedTouch USB \ dragdiag.exe
C: \ Program Files \ PowerISO \ PWRISOVM.EXE
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe
C: \ Program Files \ Dell Desteği \ DSAgnt.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ HJT \ HijackThis.exe
O3 - Toolbar: Windows Araç Çubuğu - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ Windows Live Toolbar \ msntb.dll Canlı
O4 - HKLM \ .. \ Run: [Persistence] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe"-start
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ WINDOWS \ System32 \ Spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry 16 @
O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe"
O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe"
O4 - HKLM \ .. \ Run: [FaxCenterServer] "C: \ Program Files \ Lexmark Faks Çözümleri \ fm3032.exe" / s
O4 - HKLM \ .. \ Run: [SpeedTouch USB Diagnostics] "C: \ Program Files \ Thomson \ SpeedTouch USB \ dragdiag.exe" / simgesi
O4 - HKLM \ .. \ Run: [PWRISOVM.EXE] C: \ Program Files \ PowerISO \ PWRISOVM.EXE
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgcc.exe / Başlangıç
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" / minimize
O4 - HKCU \ .. \ Run: [DellSupport] "C: \ Program Files \ Dell Desteği \ DSAgnt.exe" / başlangıç
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / arka plan
O4 - HKCU \ .. \ Run: [updateMgr] C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S
O4 - Global Startup: Adobe Reader Hızlı Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
O8 - Extra menü öğesi: Windows Search - res: / / C: \ Program Files \ Windows Live Toolbar \ msntb.dll / search.htm Canlı
O8 - Extra menü öğesi: Favorilere Windows ve Canlı ekle -- http://favorites.live.com/quickadd.aspx
O8 - Extra menü item: E & Microsoft Excel'e xport - res: / / C: \ progra ~ 1 \ intern mikro ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra düğmesi: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra düğmesi: (no name) - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - (no file)
O9 - Extra düğmesi: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ (dosya eksik) xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ (dosya eksik) xpnetdiag.exe
O9 - Extra düğmesi: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O10 - Winsock LSP olarak Bilinmeyen dosya: c: \ windows \ system32 \ avgfwafu.dll
O10 - Winsock LSP olarak Bilinmeyen dosya: c: \ windows \ system32 \ avgfwafu.dll
O10 - Winsock LSP olarak Bilinmeyen dosya: c: \ windows \ system32 \ avgfwafu.dll
O10 - Winsock LSP olarak Bilinmeyen dosya: c: \ windows \ system32 \ avgfwafu.dll
O10 - Winsock LSP olarak Bilinmeyen dosya: c: \ windows \ system32 \ avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International *
O16 - DPF: (5AE58FCF-6F6A-49B2-B064-02492C66E3F4) (MUCatalogWebControl Sınıf) -- http://catalog.update.microsoft.com/...?1199470957562
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.37 212.139.132.36
O18 - Protokol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ progra ~ 1 \ intern MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ progra ~ 1 \ intern MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C: \ WINDOWS \ SYSTEM32 \ igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
O23 - Service: AVG7 Uyarısı Müdürü Server (Avg7Alrt) - GRISOFT, sro - C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Güncelleme Servisi (Avg7UpdSvc) - GRISOFT, sro - C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG Güvenlik Duvarı (AVGFwSrv) - GRISOFT, sro - C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgfwsrv.exe
O23 - Service: lxce_device - - C: \ WINDOWS \ system32 \ lxcecoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel (R) Corporation - C: \ Program Files \ Intel \ PROSetWired \ NCS \ Sync \ NetSvc.exe
O23 - Service: SecuROM Kullanıcı Erişim Hizmeti (V7) (UserAccess7) - Bilinmeyen sahibi - C: \ WINDOWS \ system32 \ UAService7.exe
  #2  
Old 5 Şubat 2008, 13:04
Moderatör Grubu
  
Default Smitfraud Virüs

Hoşgeldiniz CJ için.

Günlük herhangi bir malware görünmüyor ama yakından göz atabilirsiniz.

Indirmek Malwarebytes' Anti-Malware masaüstünüze.
  • Çift tıklayın mbam-setup.exe ve takip programı yüklemenizi ister.
  • Sonunda, emin olun onay işareti yanında yer alıyor Güncelleme Malwarebytes' Anti-Malware ve Fırlatılma Malwarebytes' Anti-MalwareTıklayın Son.
  • Eğer bir güncelleştirme bulunursa, indirebilirsiniz ve en son sürümünü yükleyin.
  • Sonra programı seçin yüklü vardır Gerçekleştirin tarama tamTıklayın Tarama.
  • Bir tıklayın tamamlandığında tarama Tamam, Sonra Sonuçları göster sonuçları görmek için.
  • Her şeyin, kontrol ve tıklayın emin olun Kaldır Seçilen.
  • Bu değerlendirme tamamlandığında, bir günlük Not Defteri'nde açılır.
  • Yazı o buraya giriş yapın.
Bilgisayarı yeniden başlatın emin olun.

Günlük da burada bulabilirsiniz:
C: \ Documents and Settings \Kullanıcı Adı\ Application Data \ Malwarebytes \ Malwarebytes' Anti-Malware \ Logs \giriştarih. txt
Veya C: \ Program Files \ Malwarebytes' Anti-Malware \ Logs \giriştarih. txt

Sonraki lütfen eklemek sonrası
Malwarebytes günlüğü
__________________
  #3  
Old 5 Şubat 2008, 13:51
Yeni Üye Grubu
  
Default Smitfraud Virüs

Hi EF,

Hızlı cevap için teşekkürler. Aşağıdaki Malware benim log:

Malwarebytes' Anti-Malware 1,02
Veritabanı sürümü: 320
Tarama tipi: Tam Tarama (A: \ | C: \ |)
Taranan Nesneler: 73.752
Geçen zaman: 23 dakika (lar), 14 (lar) ikinci
Bellek Süreçleri Infected: 0
Memory Modules Infected: 0
Kayıt Anahtarları Infected: 0
Kayıt Defteri Değerleri Infected: 0
Registry Data Items Infected: 0
Klasörler Infected: 0
Dosyalar Infected: 3
Bellek Süreçleri Infected:
(Hayır zararlı öğeler tespit)
Memory Modules Infected:
(Hayır zararlı öğeler tespit)
Kayıt Anahtarları Infected:
(Hayır zararlı öğeler tespit)
Kayıt Defteri Değerleri Infected:
(Hayır zararlı öğeler tespit)
Registry Data Items Infected:
(Hayır zararlı öğeler tespit)
Klasörler Infected:
(Hayır zararlı öğeler tespit)
Dosyalar Infected:
C: \ WINDOWS \ system32 \ drivers \ (Malware.Trace) core.cache.dsk -> silinemedi. (Yeniden Doğum) silin.
C: \ Documents and Settings \ Ryan Glenn \ Application Data \ (Heuristics.Malware) ezpinst.exe -> Quarantined ve başarıyla silindi.
C: \ Documents and Settings \ Ryan Glenn \ Application Data \ (Heuristics.Malware) inst.exe -> Quarantined ve başarıyla silindi.
  #4  
Old 5 Şubat 2008, 14:01
Moderatör Grubu
  
Default Smitfraud Virüs

Şimdiye kadar iyi görünüyor.

İleri gitmek Bu yazı ve yapmak Adım İki ve Üçüncü Adım - CCleaner ve SUPERAntiSpyware.

Post SUPERAntiSpyware YENİ HijackThis ile gelecek sonrası oturum boyunca yapın.
__________________
  #5  
Old 5 Şubat 2008, 14:44
Yeni Üye Grubu
  
Default Smitfraud Virüs

SUPERAntiSpyware Scan Girişi
http://www.superantispyware.com
02/05/2008 09:34 de Generated AM
Uygulama Sürüm: 3/9/1008
Core Kurallar Veritabanı Sürüm: 3395
Iz Kurallar Veritabanı Sürüm: 1387
Tarama tipi: Tam Tarama
Toplam Tarama Saat: 00:22:21
Bellek öğeleri taranan: 376
Hafıza tehditleri tespit: 0
Kayıt Defteri öğeleri Taranan: 5837
Kayıt Defteri tehditleri tespit: 0
Dosya öğelerinin taranan: 11.505
Dosya tehditleri tespit: 5
Adware.Tracking Çerez
C: \ Documents and Settings \ Ryan Glenn \ Cookies \ ryan_glenn@ads.techguy [2]. Txt
C: \ Documents and Settings \ Ryan Glenn \ Cookies \ ryan_glenn @ revsci [2]. Txt
C: \ Documents and Settings \ Clare Glenn \ Cookies \ pacificpoker @ clare_glenn [1]. Txt
C: \ Documents and Settings \ Clare Glenn \ Cookies \ clare_glenn@videoegg.adbureau [2]. Txt
RootKit.TnCore / İz
C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk


Logfile HijackThis v1.99.1 ve
Tarama 21:43:56 at 05/02/2008 kaydedilmiş
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Çalışan süreçleri:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgamsvr.exe
C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe
C: \ Program Files \ Thomson \ SpeedTouch USB \ dragdiag.exe
C: \ Program Files \ PowerISO \ PWRISOVM.EXE
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe
C: \ Program Files \ Dell Desteği \ DSAgnt.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
O3 - Toolbar: Windows Araç Çubuğu - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ Windows Live Toolbar \ msntb.dll Canlı
O4 - HKLM \ .. \ Run: [Persistence] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe"-start
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ WINDOWS \ System32 \ Spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry 16 @
O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe"
O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe"
O4 - HKLM \ .. \ Run: [FaxCenterServer] "C: \ Program Files \ Lexmark Faks Çözümleri \ fm3032.exe" / s
O4 - HKLM \ .. \ Run: [SpeedTouch USB Diagnostics] "C: \ Program Files \ Thomson \ SpeedTouch USB \ dragdiag.exe" / simgesi
O4 - HKLM \ .. \ Run: [PWRISOVM.EXE] C: \ Program Files \ PowerISO \ PWRISOVM.EXE
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgcc.exe / Başlangıç
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" / minimize
O4 - HKCU \ .. \ Run: [DellSupport] "C: \ Program Files \ Dell Desteği \ DSAgnt.exe" / başlangıç
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / arka plan
O4 - HKCU \ .. \ Run: [updateMgr] C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S
O4 - Global Startup: Adobe Reader Hızlı Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
O8 - Extra menü öğesi: Windows Search - res: / / C: \ Program Files \ Windows Live Toolbar \ msntb.dll / search.htm Canlı
O8 - Extra menü öğesi: Favorilere Windows ve Canlı ekle -- http://favorites.live.com/quickadd.aspx
O8 - Extra menü item: E & Microsoft Excel'e xport - res: / / C: \ progra ~ 1 \ intern mikro ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra düğmesi: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra düğmesi: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ (dosya eksik) xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ (dosya eksik) xpnetdiag.exe
O9 - Extra düğmesi: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O10 - Winsock LSP olarak Bilinmeyen dosya: c: \ windows \ system32 \ avgfwafu.dll
O10 - Winsock LSP olarak Bilinmeyen dosya: c: \ windows \ system32 \ avgfwafu.dll
O10 - Winsock LSP olarak Bilinmeyen dosya: c: \ windows \ system32 \ avgfwafu.dll
O10 - Winsock LSP olarak Bilinmeyen dosya: c: \ windows \ system32 \ avgfwafu.dll
O10 - Winsock LSP olarak Bilinmeyen dosya: c: \ windows \ system32 \ avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International *
O16 - DPF: (5AE58FCF-6F6A-49B2-B064-02492C66E3F4) (MUCatalogWebControl Sınıf) -- http://catalog.update.microsoft.com/...?1199470957562
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.36 212.139.132.37
O18 - Protokol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ progra ~ 1 \ intern MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ progra ~ 1 \ intern MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C: \ WINDOWS \ SYSTEM32 \ igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
O23 - Service: AVG7 Uyarısı Müdürü Server (Avg7Alrt) - GRISOFT, sro - C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Güncelleme Servisi (Avg7UpdSvc) - GRISOFT, sro - C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG Güvenlik Duvarı (AVGFwSrv) - GRISOFT, sro - C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgfwsrv.exe
O23 - Service: lxce_device - - C: \ WINDOWS \ system32 \ lxcecoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel (R) Corporation - C: \ Program Files \ Intel \ PROSetWired \ NCS \ Sync \ NetSvc.exe
O23 - Service: SecuROM Kullanıcı Erişim Hizmeti (V7) (UserAccess7) - Bilinmeyen sahibi - C: \ WINDOWS \ system32 \ UAService7.exe
  #6  
Old 5 Şubat 2008, 14:54
Moderatör Grubu
  
Default Smitfraud Virüs

Günlük şimdi, güzel görünüyor bilgisayar hala malware herhangi işaretler vermektedir?
__________________
  #7  
Old 5 Şubat 2008, 15:02
Yeni Üye Grubu
  
Default Smitfraud Virüs

Evet hala Malware unfortunatley .. belirtileri gösteren
  #8  
Old 5 Şubat 2008, 15:12
Moderatör Grubu
  
Default Smitfraud Virüs

Indirmek SmitfraudFix S! Ri) (tarafından Masaüstü için.
  • Sizin Destop tüm dosyaları ayıkla.
  • Bir klasör SmitfraudFix Masaüstünüzde oluşturulur adı.
  • Açın SmitfraudFix klasörünü çift tıklatın smitfraudfix.cmd
  • Seç seçeneği # 1 - Yazarak Ara 1 ve Girin
    • Süre çalıştığını Bu program bilinen kalıpları için bilgisayarınızda kadar sabırlı olun lütfen dosyalarının büyük miktarlarda tarar.
    • Ne zaman yapılır, görüntülenen olacak tarama ve bir günlük adlı oluşturur sonuçları rapport.txt
      • Bu, sürücünün kökünde, örneğin: Yerel Disk C: veya bölümü nerede işletim sistemi yüklü.
    • Lütfen bir sonraki yanıtınıza, log ekleyin.
  • Not: process.exe (Bu SmitFraudFIx tarafından kullanılır;) bazı antivirüs programları (AntiVir, Dr.Web, Kaspersky) tarafından tespit edilen bir "RiskTool"; bir virüs değilAma bir program sistemi süreçleri durdurmak için kullanılır. "Iyi" ve "böyle bir program kullanmak zararlı arasındaki farkı ayırt edemezsiniz Antivirüs programları, bu nedenle de kullanıcı uyarı Mayıs
----------

Lütfen indirmek Combofix subs tarafından birini bağlantılar altı.
() Her üç gerekirse deneyinÖnemli! Combofix.exe MUST kaydedilir ve gelen koştum Masaüstü.
  • Kapat açık Web tarayıcıları. (Firefox, Internet Explorer vb) Combofix başlamadan önce.
  • Önemli! Geçici devre dışı bırakmak senin antivirüs, script engelleme ve AntiSpyware gerçek zamanlı koruma önce bir tarama yapmak.
    • Tıklayın Bu bağlantıyı güvenlik programları ve engelli gerektiğini nasıl devre dışı bırakmak için bir listesini görebilirsiniz.
    • Sizinki listelenmemişse ve nasıl devre dışı bırakmak için bilmiyorsanız, lütfen rica ediyoruz.
  • Uyarı: Combofix internetten bilgisayarınıza bırakır. Bağlantı otomatik olarak Combofix kendi çalıştırmak tamamlar önce geri yüklenir.
  • Combofix.exe çift tıklayın ve talimatları izleyin.
    • Klavye Gönderen seçin 1 ve Girin
  • Bittiğinde, bu sizin için bir giriş oluşturur.
  • Post ki gelecek cevap giriş.
Uyarı: Do mouseclick değil combofix pencere iken çalışıyor. İşte bu geciktirmek neden olabilir
  • Eğer Combofix zorluk olarak çalışır ve erken fesholur, bağlantı el bilgisayarınızı yeniden başlatarak geri yüklenebilir.
  • Önemli: Yeniden hatırla etkinleştirmek virüsten koruma ve AntiSpyware Internet'e yeniden önce.
----------

Sonraki yazı
Smitfraudfix giriş
Combofix giriş
__________________
  #9  
Old 5 Şubat 2008, 15:43
Yeni Üye Grubu
  
Default Smitfraud Virüs

SmitFraudFix v2.281
Tarama 22:40:52.84, 05/02/2008 de yapılan
Run C: \ Documents and Settings \ Ryan Glenn \ Desktop \ SmitFraudFix
İşletim Sistemi: Microsoft Windows XP [Sürüm 5/1/2600] - Windows_NT
Dosya sistemi türü NTFS
Fix normal modda çalıştırmak
»»»»»»»»»»»»»»»»»»»»»»»» Süreci
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgamsvr.exe
C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe
C: \ Program Files \ Thomson \ SpeedTouch USB \ dragdiag.exe
C: \ Program Files \ PowerISO \ PWRISOVM.EXE
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe
C: \ Program Files \ Dell Desteği \ DSAgnt.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ Cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» Ev sahipliği

»»»»»»»»»»»»»»»»»»»»»»»» C: \

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Windows \ System

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ Web

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ system32

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Documents and Settings \ Ryan Glenn

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Documents and Settings \ Ryan Glenn \ Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Başlat Menüsü

»»»»»»»»»»»»»»»»»»»»»»»» C: \ DOCUME ~ 1 \ RYANGL ~ 1 \ FAVORI ~ 1

»»»»»»»»»»»»»»»»»»»»»»»» Masaüstü

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Bozuk tuşlar

»»»»»»»»»»»»»»»»»»»»»»»» Masaüstü Bilgisayar


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
! Dikkat, anahtarları aşağıdaki kaçınılmaz bulaşmış değildir!
IEDFix.exe by S! Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
! Dikkat, anahtarları aşağıdaki kaçınılmaz bulaşmış değildir!
VACFix
Kredi: Kötü Amaçlı Yazılım Analiz ve Teşhis
Kodu: S! Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
! Dikkat, anahtarları aşağıdaki kaçınılmaz bulaşmış değildir!
SrchSTS.exe by S! Ri
Arama SharedTaskScheduler's. Vb

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
! Dikkat, anahtarları aşağıdaki kaçınılmaz bulaşmış değildir!
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = ""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
! Dikkat, anahtarları aşağıdaki kaçınılmaz bulaşmış değildir!
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"Sistemi" = ""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Açıklama: WAN (PPP / SLIP) Interface
DNS Sunucusu Arama Sipariş: 212.139.132.8
DNS Sunucusu Arama Sipariş: 212.139.132.9
HKLM \ SYSTEM \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.8 212.139.132.9
HKLM \ SYSTEM \ CS1 \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.8 212.139.132.9
HKLM \ SYSTEM \ CS3 \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.36 212.139.132.37

»»»»»»»»»»»»»»»»»»»»»»»» Tarama Wininet.dll enfeksiyon için

»»»»»»»»»»»»»»»»»»»»»»»» Sonu




ComboFix 08-02.05.3 - Ryan Glenn 2008-02-05 22:31:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.145 [GMT 0:00]
Koşturuyorlar: C: \ Documents and Settings \ Ryan Glenn \ Desktop \ ComboFix.exe
UYARI-Bu makine değil HAVEN'T Kurtarma Konsolu'nu Installed!
.
((((((((((((((((((((((((((((((((((((((( Diğer Deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk
C: \ WINDOWS \ system32 \ drivers \ rmcastt.sys
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr0.dat
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr1.dat
C: \ temp \ tn3
C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk
C: \ WINDOWS \ system32 \ drivers \ rmcastt.sys
C: \ WINDOWS \ system32 \ install.exe
----- BITS: Olası virüslü siteleri -----
hxxp: / / www.download.windowsupdate.com
.
((((((((((((((((((((((((((((((((((((((( Sürücüler / Hizmetler )))))))) )))))))))))))))))))))))))))))))))))))))))
.
------- \ LEGACY_RMCASTT
------- \ rmcastt

((((((((((((((((((((((((( Dosyalar 2008/01/05 to 2008/02/05 ))))))))))) den düzenlendi ))))))))))))))))))))
.
2008-02-05 22:22. 2008-02-05 22:23 <DIR> d -------- C: \ ComboFix [1]
2008-02-05 21:02. 2004-08-04 05:00 388.608 - a ------ C: \ kmd.exe
2008-02-05 20:11. 2008-02-05 20:11 <DIR> d -------- C: \ Program Files \ Malwarebytes 'Anti-Malware
2008-02-05 20:11. 2008-02-05 20:11 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Malwarebytes
2008-02-05 20:11. 2008-02-05 20:11 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-02-05 19:05. 2008-02-05 19:05 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Uniblue
2008-02-05 18:50. 2008-02-05 18:50 444 - a ------ C: \ WINDOWS \ system32 \ d3d8caps.dat
2008-02-05 18:21. 2008-02-05 18:21 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Grisoft
2008-02-05 18:00. 2008-02-05 18:00 <DIR> d -------- C: \ Program Files \ RogueRemover FREE
2008-02-05 17:57. 2007-09-05 23:22 289.144 - a ------ C: \ WINDOWS \ system32 \ VCCLSID.exe
2008-02-05 17:57. 2006-04-27 16:49 288.417 - a ------ C: \ WINDOWS \ system32 \ SrchSTS.exe
2008-02-05 17:57. 2008-02-05 00:23 85.504 - a ------ C: \ WINDOWS \ system32 \ VACFix.exe
2008-02-05 17:57. 2008-01-27 14:37 81.920 - a ------ C: \ WINDOWS \ system32 \ IEDFix.exe
2008-02-05 17:57. 2003-06-05 20:13 53.248 - a ------ C: \ WINDOWS \ system32 \ Process.exe
2008-02-05 17:57. 2004-07-31 17:50 51.200 - a ------ C: \ WINDOWS \ system32 \ dumphive.exe
2008-02-05 17:57. 2007-10-03 23:36 25.600 - a ------ C: \ WINDOWS \ system32 \ WS2Fix.exe
2008-02-04 19:47. 2008-02-04 19:47 <DIR> d -------- C: \ WINDOWS \ MaxSecureBackup
2008-02-04 19:46. 2008-02-04 19:57 <DIR> d -------- C: \ Program Files \ Max Registry Cleaner
2008-02-04 19:46. 2007-05-24 16:57 143.360 - a ------ C: \ WINDOWS \ system32 \ GetHardDiskNo.dll
2008-02-04 19:46. 2008-02-04 19:46 63 - a ------ C: \ windows \ system \ SYSRegC.dll
2008-02-02 13:49. 2008-02-02 13:49 <DIR> d -------- C: \ Program Files \ Panicware
2008-02-01 20:22. 2008-02-05 22:17 3.352 - a ------ C: \ WINDOWS \ system32 tmp.reg \
2008-02-01 19:32. 2008-02-01 19:32 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ SUPERAntiSpyware.com
2008-02-01 18:42. 2008-02-05 19:56 <DIR> d -------- C: \ Program Files \ HJT
2008-02-01 18:39. 2008-02-01 18:39 <DIR> d -------- C: \ Program Files \ FileASSASSIN
2008-02-01 18:31. 2008-02-01 18:31 100 - a ------ C: \ WINDOWS \ system32 ikhcore.cfg \
2008-02-01 18:21. 2005-09-23 07:29 626.688 - a ------ C: \ WINDOWS \ system32 \ msvcr80.dll
2008-01-31 20:28. 2008-01-31 20:28 <DIR> d -------- C: \ VundoFix Yedeklemeler
2008-01-31 19:34. 2008-02-05 22:26 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-01-31 19:34. 2008-02-02 00:55 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ SUPERAntiSpyware.com
2008-01-31 19:34. 2008-01-31 19:34 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-01-29 22:28. 2008-01-29 22:28 <DIR> d -------- C: \ Program Files \ \ Download Manager
2008-01-29 22:08. 2008-02-01 18:49 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-01-29 21:15. 2008-02-03 17:03 <DIR> d -------- C: \ Program Files \ SpywareBlaster
2008-01-23 18:08. 2008-01-23 18:08 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ SuperAdBlocker.com
2008-01-22 18:39. 2008-01-22 18:39 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Grisoft
2008-01-22 18:39. 2007-05-30 12:10 10.872 - a ------ C: \ WINDOWS \ system32 \ drivers \ AvgAsCln.sys
2008-01-22 18:18. 2008-01-22 18:18 <DIR> d -------- C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2008-01-22 18:15. 2008-02-05 21:48 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ AVG7
2008-01-22 18:15. 2008-01-22 18:15 110.592 - a ------ C: \ WINDOWS \ system32 \ avgfwafu.dll
2008-01-22 17:56. 2008-02-03 08:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Avg7
2008-01-21 21:10. 2008-01-22 18:14 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2008-01-20 16:33. 2008-01-20 16:33 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ ErrorSmart
2008-01-19 10:09. 2008-01-19 10:09 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab Setup Files
2008-01-12 11:46. 2008-01-12 11:46 <DIR> d -------- C: \ Program Files \ \ paylaşılan xing
2008-01-12 10:17. 2008-02-02 00:54 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Kurulum Sihirbazı
2008-01-10 19:54. 2008-01-12 10:18 <DIR> d -------- C: \ Program Files \ Lavasoft
2008-01-10 19:38. 2008-01-10 19:38 <DIR> d -------- C: \ Program Files \ AVI Codec Pack
2008-01-10 18:51. 2005-04-05 14:18 135.168 - a ------ C: \ WINDOWS \ system32 \ igfxres.dll
2008-01-09 19:20. 2008-01-09 19:20 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Yahoo!
2008-01-09 18:03. 2008-01-09 18:03 <DIR> d - h ----- C: \ WINDOWS \ PIF
2008-01-09 17:52. 2008-01-10 17:51 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ dvdcss
2008-01-08 18:20. 2007-03-05 05:00 421.888 - a ------ C: \ WINDOWS \ system32 \ lxcedrs.dll
2008-01-08 18:20. 2007-01-30 10:22 413.696 - a ------ C: \ WINDOWS \ system32 \ lxceinpa.dll
2008-01-08 18:20. 2007-01-30 10:35 397.312 - a ------ C: \ WINDOWS \ system32 \ lxceiesc.dll
2008-01-08 18:20. 2007-02-22 18:32 344.064 - a ------ C: \ WINDOWS \ system32 \ lxcecoin.dll
2008-01-08 18:20. 2006-10-03 23:21 330.030 - a ------ C: \ WINDOWS \ system32 \ lxcehelp.chm
2008-01-08 18:20. 2007-01-30 10:18 323.584 - a ------ C: \ WINDOWS \ system32 \ lxcehcp.dll
2008-01-08 18:20. 2007-01-30 10:35 274.432 - a ------ C: \ WINDOWS \ system32 \ lxceinst.dll
2008-01-08 18:20. 2005-02-24 17:23 61.440 - a ------ C: \ WINDOWS \ system32 \ lxcecnv4.dll
2008-01-07 20:59. 2008-01-07 20:59 54.156 - ah ----- C: \ Windows \ QTFont.qfn
2008-01-06 20:31. 2008-01-06 20:31 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ InstallShield
2008-01-06 20:18. 2008-01-06 20:35 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ VersionTracker Pro
2008-01-05 16:23. 2008-01-05 16:23 <DIR> d -------- C: \ Program Files \ Windows Media Connect 2
2008-01-05 16:23. 2006-10-04 14:06 1.197.294 --------- C: \ WINDOWS \ system32 \ dllcache \ Sysmain.sdb
2008-01-05 16:23. 2006-10-04 14:06 764.868 --------- C: \ WINDOWS \ system32 \ dllcache \ apph_sp.sdb
2008-01-05 16:23. 2006-10-04 14:06 217.118 --------- C: \ WINDOWS \ system32 \ dllcache \ apphelp.sdb
2008-01-05 16:19. 2008-01-05 16:21 <DIR> d -------- C: \ WINDOWS \ system32 \ drivers \ UMDF
2008-01-05 15:19. 2008-01-05 15:19 <DIR> d -------- C: \ swsetup
2008-01-05 15:09. 2008-01-05 15:08 23.600 - a ------ C: \ Windows \ System32 \ drivers \ TVICHW32.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapor )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 23:25 --------- d ----- w C: \ Program Files \ Google
2008-01-31 10:50 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ VSO
2008-01-24 17:31 --------- d ----- w C: \ Program Files \ Lx_cats
2008-01-18 19:58 --------- d ----- w C: \ Program Files \ DivX
2008-01-18 19:57 --------- d ----- w C: \ Program Files \ Java
2008-01-18 19:56 --------- d ----- w C: \ Program Files \
2008-01-12 11:45 --------- d ----- w C: \ Program Files \ \ Real
2008-01-12 10:26 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Lavasoft
2008-01-12 10:18 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Lavasoft
2008-01-09 19:24 --------- d ----- w C: \ Program Files \ Yahoo!
2008-01-08 18:20 --------- d ----- w C: \ Program Files \ Lexmark 4300 Series
2008-01-07 21:55 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ AdobeUM
2008-01-04 20:45 --------- d - h - w C: \ Program Files \ InstallShield Yükleme Bilgileri
2008-01-04 19:57 --------- d ----- w C: \ Program Files \ Analog Devices
2008-01-04 19:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ PC Sürücüler HeadQuarters
2008-01-04 18:08 --------- d ----- w C: \ Program Files \ Gabest
2008-01-04 18:08 --------- d ----- w C: \ Program Files \ CyberLink
2008-01-02 23:18 --------- d ----- w C: \ Program Files \ Ahead
2008-01-02 23:14 --------- d ----- w C: \ Program Files \ \ Ahead
2007-12-29 14:16 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ DivX
2007-12-22 11:48 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ vsosdk
2007-12-21 16:06 47.360 ---- aw C: \ WINDOWS \ system32 \ drivers \ pcouffin.sys
2007-12-21 16:06 47.360 ---- aw C: \ Documents and Settings \ Ryan Glenn \ Application Data \ pcouffin.sys
2007-12-21 16:06 --------- d ----- w C: \ Program Files \ VSO
2007-12-11 20:36 --------- d ----- w C: \ Program Files \ Virtual Dub
2007-12-10 20:22 --------- d ----- w C: \ Program Files \ plugins
2007-12-10 20:22 --------- d ----- w C: \ Program Files \ aviproxy
2007-12-10 19:47 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Pegasys Inc
2007-12-10 19:39 33.408 ---- aw C: \ WINDOWS \ system32 \ drivers \ CDRBSDRV.SYS
2007-12-06 01:47 --------- d ----- w C: \ Program Files \ MSN Messenger
2007-05-20 11:28 31.528 ---- aw C: \ Documents and Settings \ Ryan Glenn \ Application Data \ GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Puan )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Not * boş girişler ve yasal varsayılan girişler gösterilir değildir
REGEDIT4
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"DellSupport" = "C: \ Program Files \ Dell Destek \ DSAgnt.exe" [2004-07-19 07:51 306688]
"msnmsgr" = "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" [2007-01-19 12:54 5674352]
"updateMgr" = "C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" [2006/03/30 16:45 313472]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"ctfmon.exe" = "C: \ Windows \ system32 \ ctfmon.exe" [2004-08-04 05:00 15360]
"Uniblue RegistryBooster 2" = "C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe" []
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"Persistence" = "C: \ WINDOWS \ system32 \ igfxpers.ex e" [2005-04-05 19:23 114688]
"ISUSScheduler" = "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe" [2004/07/27 16:50 81920]
"Bittorrent" = "C: \ WINDOWS \ system32 \ bittorrent.exe" [2005-04-05 14:22 94208]
"HotKeysCmds" = "C: \ WINDOWS \ system32 \ hkcmd.exe" [2005-04-05 19:19 77824]
"LXCECATS" = "C: \ Windows \ System32 \ Spool \ Drivers \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 05:17 73728]
"lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2005-08-02 17:45 192512]
"EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2005-07-26 12:17 94208]
"FaxCenterServer" = "C: \ Program Files \ Lexmark Faks Çözümleri \ fm3032.exe" [2005-07-12 09:36 299008]
"SpeedTouch USB Diagnostics" = "C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe" [2004-01-26 11:38 866816]
"PWRISOVM.EXE" = "C: \ Program Files \ PowerISO \ PWRISOVM.EXE" [2007-01-20 07:09 200704]
"NeroFilterCheck" = "C: \ Windows \ system32 \ NeroCheck.e XE" [2001/07/09 11:50 155648]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 00:11 132496]
"AVG7_CC" = "C: \ Program ~ 1 \ WINDOWS \ AVG7 \ avgcc.exe" [2008-01-22 18:14 579072]
"! AVG Anti-Spyware" = "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" [2007-06-11 09:25 6731312]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2004/08/04 05:00 15360]
"AVG7_Run" = "C: \ Program ~ 1 \ WINDOWS \ AVG7 \ avgw.exe" [2008-01-22 18:14 219136]
C: \ Documents and Settings \ All Users \ Start Menu \ Programlar \ Başlangıç \
Adobe Reader Hızlı Launch.lnk - C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe [2005/09/23 22:05:26 29.696]
Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE [2001/02/13 01:01:04 83.360]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Policies \ System]
"DisableRegistryTools" = 0 (0x0)
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006/12/20 13:55 77824]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007/04/19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro L \ securityproviders]
SecurityProviders msapsspc.dll, digest.dll msnsspc.dll, Schannel.dll
S1 SABKUTIL; SABKUTIL; C: \ Program Files \ SuperAdBlocker.com \ Süper Reklam Engelleyicisi \ SABKUTIL.sys []
.
The 'Zamanlanmış Görevler' klasörüne İçerikleri
"2008-02-05 21:51:05 C: \ WINDOWS \ Tasks \ Güncellemeleri Kontrol Windows Live Toolbar.job için"
- C: \ Program Files \ Windows Live Toolbar \ MSNTBUP.EXE
"2008-02-05 03:30:00 C: \ WINDOWS \ Tasks \ ErrorSmart Planlanmış Scan.job"
- C: \ Program Files \ ErrorSmart \ ErrorSmart.ex
- C: \ Program Files \ ErrorSmart
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - Rootkit / gizli kötü amaçlı yazılım dedektör Gmer tarafından, http://www.gmer.net
Rootkit 2008-02-05 22:35:43 tarama
5/1/2600 Windows Service Pack 2 NTFS
gizli işlemler tarama ...
Gizli kayıtları otomatik tarama ...
Gizli dosya tarama ...
başarıyla tamamlandı tarama
Gizli dosya: 0
************************************************** ************************
.
------------------------ Diğer çalışan süreçleri ----------------------- --
.
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgamsvr.exe
C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ progra ~ 1 \ intern Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ DOCUME ~ 1 \ RYANGL ~ 1 \ LOCALS ~ 1 \ Temp \ SSUPDATE.EXE
.
************************************************** ************************
.
Tamamlanma zamanı: 2008-02-05 22:38:02 - makine yeniden oldu [Ryan Glenn]
ComboFix-karantinaya-files.txt 2008-02-05 22:37:46
.
2008-01-06 03:02:26 --- EOF ---
  #10  
Old 5 Şubat 2008, 15:55
Moderatör Grubu
  
Default Smitfraud Virüs

Çalıştır'ı CCleaner.

Yeni bir HijackThis log.

ComboFix yardımcı oldu mu?
__________________
Reply
Sayfa 1 / 2 1 2

Register
Konu Araçları



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Bilgisayar Suyu.
İletişim -- Gizlilik -- Site Haritası -- Üst

By vBulletin ® Copyright © 2000 Powered - 2009 Jelsoft Enterprises Ltd SEO by vBSEO © 2009, Crawlability, Inc tarafından