acabuco4
Profesör
- Katılım
- 26 Ekim 2008
- Mesajlar
- 4,007
- Reaksiyon puanı
- 23
- Puanları
- 38
Combofix le bilgisayarı taratırım ayda bir , tarattım ve pc res attım ardından explorer.exe kapatılıyor hatası vermeye başladı arada durup dururken sebebi nedir acaba.
Şuan aldığım hijackthis raporum
Explorer.exe hatasını almama sebep olan combofix tarama logu
Yardımcı olursanız sevinirim , şimdiden teşekkürler
Şuan aldığım hijackthis raporum
Kod:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:03:43, on 06.01.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\tsnpstd3.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\P1370Mon.exe
C:\WINDOWS\CameraFixer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\programlar\HijackThis.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [P1370Mon.exe] C:\WINDOWS\P1370Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Reklam Başlığı Engelleyicisine ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Sanal klavye - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: URL d&enetimi - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253100652390
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/openapi/receivers/FMSI.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0803E722-9C40-4744-8AA1-F0F7600372AA}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7A30C82-AC85-47A3-AC58-E5DDC9E7D956}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{0803E722-9C40-4744-8AA1-F0F7600372AA}: NameServer = 8.8.8.8,8.8.4.4
O22 - SharedTaskScheduler: Browseui önceden yükleyicisi - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Bileşen Katergorileri önbellek daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Koruma Hizmeti (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
--
End of file - 9622 bytes
Explorer.exe hatasını almama sebep olan combofix tarama logu
Kod:
ComboFix 11-01-05.05 - Administrator 06.01.2011 15:17:11.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.2047.1529 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\1055\dwintl.dll
c:\windows\system32\1055 . . . . Failed to delete
.
((((((((((((((((((((((((( Files Created from 2010-12-06 to 2011-01-06 )))))))))))))))))))))))))))))))
.
2010-12-26 12:41 . 2010-12-26 12:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\GRETECH
2010-12-26 12:40 . 2010-12-26 12:40 -------- d-----w- c:\program files\GRETECH
2010-12-26 12:29 . 2010-12-26 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\MessengerDiscovery 2
2010-12-23 19:00 . 2010-12-23 19:09 96600 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2010-12-22 00:56 . 2011-01-05 14:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Software Informer
2010-12-22 00:56 . 2010-12-22 00:56 -------- d-----w- c:\program files\Software Informer
2010-12-15 21:31 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 21:30 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-09 16:24 . 2010-12-09 16:24 -------- d-----w- c:\program files\Ventrilo
2010-12-09 16:23 . 2010-12-09 16:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-12-07 14:35 . 2010-12-07 14:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\ImgBurn
2010-12-07 14:34 . 2010-12-07 14:34 -------- d-----w- c:\program files\ImgBurn
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-06 12:21 . 2010-11-10 19:58 12920 ----a-w- c:\windows\system32\apl001.sys
2011-01-06 12:21 . 2010-11-10 19:58 10872 ----a-w- c:\windows\system32\apf001.sys
2011-01-03 18:00 . 2010-11-27 08:47 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-27 12:32 . 2010-10-31 12:31 420920 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-12-20 16:09 . 2010-05-01 00:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 16:08 . 2010-05-01 00:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 18:40 . 2010-11-27 08:47 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2010-12-07 18:22 . 2010-11-27 08:47 810496 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-02 08:02 . 2010-12-02 08:02 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-18 18:12 . 2009-09-16 09:02 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 16:53 . 2010-04-16 13:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 14:34 . 2010-07-29 11:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-06 00:21 . 2004-08-03 21:45 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2004-08-03 21:45 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:21 . 2004-08-03 21:45 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-03 19:08 . 2010-11-27 08:47 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2010-11-03 12:27 . 2004-08-03 21:37 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-11-22 07:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-31 12:11 . 2010-10-31 12:11 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-31 12:11 . 2010-10-31 12:11 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-10-28 13:13 . 2004-08-03 21:43 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 14:07 . 2004-08-03 21:38 1853312 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-12-23 19:09 67168 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-12-24 3274136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-11-04 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-04 18702336]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"P1370Mon.exe"="c:\windows\P1370Mon.exe" [2006-06-19 36864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"CameraFixer"="c:\windows\CameraFixer.exe" [2005-10-03 20480]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-09-07 352976]
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programlar^Başlangıç^MeteorAHS.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programlar\Başlangıç\MeteorAHS.lnk
backup=c:\windows\pss\MeteorAHS.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\oyunlarım\\Valve\\hl.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\oyunlarım\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\JDownloader\\JDownloader.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\oyunlarım\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.10.2010 14:31 420920]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [23.12.2010 21:00 96600]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09.06.2010 16:43 11352]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [03.08.2004 23:45 14336]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [07.05.2010 11:06 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02.11.2009 19:27 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [01.05.2010 02:26 20952]
R3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [06.10.2010 23:31 93056]
R3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [06.10.2010 23:31 4992]
R3 P1370Vfx;P1370Vfx;c:\windows\system32\drivers\P1370Vfx.sys [06.10.2010 23:31 6272]
R3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [06.10.2010 23:31 297792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.10.2009 15:58 133104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [01.05.2010 02:26 363344]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16.09.2009 11:14 1684736]
S3 apf001;apf001;d:\oyunlarım\SoftnyxGame\WolfTeamTS\apf001.sys [20.10.2010 12:18 10872]
S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva328;XDva328;\??\c:\windows\system32\XDva328.sys --> c:\windows\system32\XDva328.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?]
S3 XDva343;XDva343;\??\c:\windows\system32\XDva343.sys --> c:\windows\system32\XDva343.sys [?]
S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]
S3 XDva354;XDva354;\??\c:\windows\system32\XDva354.sys --> c:\windows\system32\XDva354.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 13:58]
2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 13:58]
2011-01-06 c:\windows\Tasks\User_Feed_Synchronization-{903E0FFA-C92F-4505-A42E-21F9C30EC39C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.tr/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bütün linkleri IDM ile indir - c:\program files\Internet Download Manager\IEGetAll.htm
IE: FLV video içeriğini IDM ile indir - c:\program files\Internet Download Manager\IEGetVL.htm
IE: IDM ile indir - c:\program files\Internet Download Manager\IEExt.htm
TCP: {0803E722-9C40-4744-8AA1-F0F7600372AA} = 8.8.8.8,8.8.4.4
TCP: {B7A30C82-AC85-47A3-AC58-E5DDC9E7D956} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\echt4ys8.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.com.tr
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Anti-Banner: [email protected] - c:\program files\Mozilla Firefox\extensions\[email protected]
FF - Ext: Adres kontrolü eklentisi: [email protected] - c:\program files\Mozilla Firefox\extensions\[email protected]
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
FF - Ext: YouTube to MP3: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Extended Statusbar: {daf44bf7-a45e-4450-979c-91cf07434c3d} - %profile%\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
FF - Ext: Page Hacker: pagehacker-nico@nc - %profile%\extensions\pagehacker-nico@nc
FF - Ext: ShowIP: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} - %profile%\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
FF - Ext: Gradient iCool: {de5809e0-2b07-11dd-bd0b-0800200c9a66} - %profile%\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
FF - Ext: Edit Cookies: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} - %profile%\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: IDM CC: [email protected] - c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-fsm - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-06 15:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-507921405-1500820517-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,df,2b,cc,a6,00,eb,34,4c,ad,67,7e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a7,aa,79,f3,c6,59,c3,44,b0,b9,9f,\
[HKEY_USERS\S-1-5-21-507921405-1500820517-682003330-500\Software\SecuROM\License information*]
"datasecu"=hex:15,dd,26,4f,4d,26,8d,2f,bf,7e,f7,ff,c2,80,48,d7,30,49,04,9f,bb,
28,74,79,e3,3d,4b,e9,4a,ca,07,75,aa,7c,23,62,11,8b,db,de,86,1b,be,cf,09,86,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3e481a33-9113-46c2-9c53-6d54282966cc}]
@Denied: (Full) (Everyone)
"Model"=dword:00000066
"Therad"=dword:00000017
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4282ee84-2467-4a23-b501-5fa48f98c72d}]
@Denied: (Full) (Everyone)
"Model"=dword:00000028
"Therad"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e0,e7,5f,a8,fb,ad,90,4f,a3,97,d9,56,6a,01,cc,4b,5e,e8,f1,6f,66,
25,e9,92,12,b2,a3,b4,48,3f,21,8f,ef,07,20,12,00,e2,69,64,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):2a,6a,34,01,a4,c4,a0,b1,eb,ff,f9,f8,98,f0,d4,10,1b,13,b7,40,8e,
65,58,19,0c,2c,40,da,e6,91,7f,4b,89,cb,61,81,72,d6,89,46,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3696)
c:\windows\system32\WININET.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2011-01-06 15:30:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-06 13:30
Pre-Run: 6.504.349.696 bayt boş
Post-Run: 6.653.673.472 bayt boş
- - End Of File - - D2A472BB190D23214A8F1CF3101196EE
Yardımcı olursanız sevinirim , şimdiden teşekkürler