Combofixten Sonra Klavye Tuşları Çalışmıyor

[Bitmap]

arkadaşlar dün combo fix çalıştırdım taradı bitirdi casper dlk -5108 klavye nin multimedia tuşları çalışmıyordu

geri yükleme yaptım tabi virüslerde geri yüklendi

bu gün yine çalıştırdım yine aynısı oldu klavye multimedia tuşları çalışmıyor

sorun nedir

log dosyası burada

ComboFix 10-07-27.04 - CASPER 28.07.2010 15:03:44.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.1015.565 [GMT 3:00]

Running from: d:\downloads\Programs\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}

FW: Avira FireWall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\scrrntr.dll

.

---- Previous Run -------

.

c:\windows\a3kebook.ini

c:\windows\akebook.ini

c:\windows\ANS2000.INI

c:\windows\Fonts\Uninstal.exe

c:\windows\system32\1.bat

c:\windows\system32\bn.dll

c:\windows\system32\scrrntr.dll

c:\windows\twain_16.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_OSPPSVC

-------\Service_osppsvc

((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 )))))))))))))))))))))))))))))))

.

2010-07-28 10:09 . 2010-07-28 10:09 -------- dc----w- c:\documents and settings\Administrator\Application Data\Conceptworld

2010-07-28 09:36 . 2010-07-28 09:36 -------- dc----w- c:\windows\system32\wbem\snmp

2010-07-28 09:36 . 2010-07-28 09:36 -------- dc----w- c:\windows\system32\xircom

2010-07-28 09:36 . 2010-07-28 09:36 -------- dc----w- c:\program files\microsoft frontpage

2010-07-27 23:41 . 2010-07-27 23:41 243040 -c--a-w- c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components2\idmmzcc.dll

2010-07-27 23:41 . 2010-07-27 23:41 -------- dc----w- c:\program files\Internet Download Manager

2010-07-27 21:12 . 2004-05-13 14:29 133120 -c--a-w- c:\windows\system32\sfc_os.dll

2010-07-27 20:47 . 2010-07-27 20:47 -------- dc----w- c:\windows\system32\wbem\Repository

2010-07-27 02:10 . 2010-07-27 02:10 -------- dc----w- c:\documents and settings\Administrator\Application Data\BitSpirit

2010-07-27 02:09 . 2010-07-27 02:09 -------- dc----w- c:\program files\Common Files\BitSpirit

2010-07-27 02:09 . 2010-07-27 02:09 -------- dc----w- c:\program files\BitSpirit

2010-07-26 19:29 . 2010-07-26 19:29 -------- dc----w- c:\documents and settings\Administrator\Application Data\The Creative Assembly

2010-07-26 14:25 . 2010-07-26 14:25 74208 -c--a-w- c:\windows\system32\drivers\idmtdi.sys

2010-07-26 00:12 . 2010-07-26 00:12 -------- dc----w- c:\program files\Common Files\Apple

2010-07-26 00:12 . 2010-07-26 00:12 -------- dc----w- c:\program files\Apple Software Update

2010-07-24 22:57 . 2010-07-24 22:57 -------- dc----w- c:\program files\Ashampoo

2010-07-22 00:00 . 2010-07-22 00:00 -------- dc----w- c:\documents and settings\Administrator\Application Data\RealWorld

2010-07-21 23:59 . 2010-07-21 23:59 124902 -c--a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_229008C4DD2B0687C3C9DB.exe

2010-07-21 23:59 . 2010-07-21 23:59 11310 -c--a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_FF89B0AADCD51F146762AE.exe

2010-07-21 23:59 . 2010-07-21 23:59 11310 -c--a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_EA4EAE0A99F77038DA094E.exe

2010-07-21 23:59 . 2010-07-21 23:59 11310 -c--a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_7C899EC09EAB28D66E0485.exe

2010-07-21 23:59 . 2010-07-21 23:59 9062 -c--a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_6FEFF9B68218417F98F549.exe

2010-07-21 23:59 . 2010-07-21 23:59 124902 -c--a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_8FC856A7719DE414ABC55A.exe

2010-07-21 23:59 . 2010-07-21 23:59 -------- dc----w- c:\program files\RealWorld Cursor Editor

2010-07-20 22:13 . 2010-07-20 22:13 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard

2010-07-20 21:58 . 2010-07-20 21:58 513 -c--a-w- c:\windows\system32\xtupdate.dat

2010-07-20 17:03 . 2009-10-22 10:54 37392 -c--a-w- c:\windows\system32\drivers\72585222.sys

2010-07-20 17:03 . 2009-09-25 14:59 128016 -c--a-w- c:\windows\system32\drivers\72585221.sys

2010-07-20 17:03 . 2009-10-09 20:31 315408 -c--a-w- c:\windows\system32\drivers\7258522.sys

2010-07-20 15:58 . 2010-07-20 15:58 -------- dc----w- c:\program files\Microsoft Virtual PC

2010-07-20 13:52 . 2010-07-20 13:52 -------- dc----w- c:\program files\Microsoft Synchronization Services

2010-07-20 13:52 . 2010-07-20 13:52 -------- dc----w- c:\program files\Microsoft.NET

2010-07-20 13:52 . 2010-07-20 13:52 -------- dc----w- c:\documents and settings\All Users\Microsoft

2010-07-20 13:49 . 2010-07-20 13:50 -------- dc----w- c:\windows\SHELLNEW

2010-07-20 13:49 . 2010-07-20 13:49 -------- dc----w- c:\program files\Microsoft Analysis Services

2010-07-19 23:21 . 2010-07-20 16:03 -------- dc----w- c:\documents and settings\Administrator\Application Data\Mipony

2010-07-17 15:40 . 2010-06-29 22:49 -------- dc----w- c:\program files\xat.com Image Optimizer

2010-07-17 00:20 . 2010-07-25 08:55 188152 -c--a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jbj6ciff.default\FlashGot.exe

2010-07-17 00:06 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-16 16:32 . 2010-07-16 16:32 -------- dc----w- c:\program files\Skype

2010-07-16 14:11 . 2010-07-16 14:15 -------- dc----w- c:\documents and settings\All Users\AdobeTemp

2010-07-15 22:43 . 2010-07-15 22:43 -------- dc----w- c:\documents and settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2010-07-15 22:43 . 2010-07-15 22:44 -------- dc----w- c:\program files\Adobe Photoshop CS5

2010-07-15 14:06 . 2010-07-16 13:46 -------- dc----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe

2010-07-15 13:58 . 2010-07-15 13:58 -------- dc----w- c:\program files\Common Files\Adobe AIR

2010-07-14 22:35 . 2010-07-14 22:35 -------- dc----w- c:\windows\lollala

2010-07-14 22:02 . 2010-07-14 22:04 -------- dc----w- c:\documents and settings\Administrator\Application Data\ViGlance

2010-07-14 16:01 . 2010-07-14 16:03 -------- dc----w- c:\documents and settings\Administrator\.VirtualBox

2010-07-14 15:59 . 2009-12-17 12:02 123280 -c--a-w- c:\windows\system32\drivers\VBoxDrv.sys

2010-07-14 15:59 . 2009-12-17 12:02 41616 -c--a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2010-07-14 10:54 . 2010-07-14 10:54 -------- dc----w- c:\documents and settings\Administrator\Application Data\SmartFTP

2010-07-14 04:16 . 2010-07-14 04:16 -------- dc----w- c:\documents and settings\Administrator\Application Data\Yvawfi

2010-07-13 21:07 . 2004-01-25 16:18 217088 -c--a-w- c:\windows\system32\yv12vfw.dll

2010-07-13 21:07 . 2010-06-08 16:10 790528 -c--a-w- c:\windows\system32\xvidcore.dll

2010-07-13 21:07 . 2010-06-08 16:10 134144 -c--a-w- c:\windows\system32\xvidvfw.dll

2010-07-13 21:07 . 2010-03-10 19:29 94208 -c--a-w- c:\windows\system32\dpl100.dll

2010-07-13 21:07 . 2010-06-28 08:00 108032 -c--a-w- c:\windows\system32\ff_vfw.dll

2010-07-13 21:07 . 2010-02-19 19:27 720384 -c--a-w- c:\windows\system32\divx.dll

2010-07-13 19:12 . 2010-07-13 19:12 -------- dc----w- c:\documents and settings\Administrator\Application Data\TinyPic Uploader

2010-07-09 21:19 . 2010-07-09 21:19 10431 -c--a-w- c:\windows\system32\drivers\ramdisk.sys

2010-07-08 14:14 . 2010-07-08 14:14 -------- dc----w- c:\documents and settings\All Users\Application Data\RealHideIP

2010-07-08 14:14 . 2010-07-08 14:14 -------- dc----w- c:\documents and settings\Administrator\Application Data\RealHideIP

2010-07-08 13:04 . 2010-07-08 13:21 -------- dc----w- c:\documents and settings\All Users\Application Data\AutoHideIP

2010-07-08 12:32 . 2010-07-08 12:44 -------- dc----w- c:\documents and settings\Administrator\Application Data\Hide IP Speed

2010-07-08 12:31 . 2010-07-08 12:45 -------- dc----w- c:\documents and settings\Administrator\Application Data\Hide IP NG

2010-07-07 21:21 . 2010-07-07 21:22 -------- dc-h--w- c:\windows\ie8

2010-07-07 20:49 . 2010-06-02 01:55 74072 -c--a-w- c:\windows\system32\XAPOFX1_5.dll

2010-07-07 20:49 . 2010-06-02 01:55 527192 -c--a-w- c:\windows\system32\XAudio2_7.dll

2010-07-07 20:49 . 2010-06-02 01:55 239960 -c--a-w- c:\windows\system32\xactengine3_7.dll

2010-07-07 20:49 . 2010-05-26 08:41 248672 -c--a-w- c:\windows\system32\d3dx11_43.dll

2010-07-07 20:49 . 2010-05-26 08:41 2106216 -c--a-w- c:\windows\system32\D3DCompiler_43.dll

2010-07-07 20:49 . 2010-05-26 08:41 1868128 -c--a-w- c:\windows\system32\d3dcsx_43.dll

2010-07-07 20:49 . 2010-05-26 08:41 470880 -c--a-w- c:\windows\system32\d3dx10_43.dll

2010-07-07 20:49 . 2010-05-26 08:41 1998168 -c--a-w- c:\windows\system32\D3DX9_43.dll

2010-07-07 16:44 . 2010-07-15 23:28 -------- dc-h--w- c:\windows\msdownld.tmp

2010-07-07 15:22 . 2010-07-07 15:22 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\ViCon_Remastered

2010-07-07 14:43 . 2010-07-07 22:15 -------- dc----w- c:\documents and settings\Administrator\Application Data\Styler

2010-07-07 13:24 . 2010-07-07 13:24 -------- dc-h--w- c:\windows\Icons

2010-07-07 13:04 . 2010-07-08 22:59 -------- dc----w- c:\windows\kazım

2010-07-06 16:32 . 2010-07-08 13:41 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ares

2010-07-06 15:18 . 2010-07-07 13:07 -------- dc----w- c:\program files\icom

2010-07-04 11:57 . 2008-02-15 09:49 172032 ----a-w- c:\windows\system32\igfxres.dll

2010-07-04 11:55 . 2008-02-15 10:21 147456 -c--a-w- c:\windows\system32\igfxCoIn_v4926.dll

2010-07-04 11:31 . 2008-12-03 14:40 81408 -c--a-w- c:\windows\system32\devcon_x64.exe

2010-07-04 11:31 . 2002-11-14 19:32 55808 -c--a-w- c:\windows\system32\devcon.exe

2010-07-04 06:29 . 2010-07-05 10:55 -------- dc----w- c:\program files\crypload

2010-07-01 22:24 . 2010-07-06 23:47 -------- dc----w- c:\documents and settings\Administrator\Application Data\vlc

2010-06-30 14:08 . 2010-06-30 14:08 -------- dc----w- c:\program files\GlobalSCAPE

2010-06-30 10:47 . 2010-06-30 10:47 35840 -c--a-w- c:\documents and settings\Administrator\Application Data\Thinstall\WebCam Monitor 4.2\40000018b00002i\SAFlashPlayer.exe

2010-06-30 10:05 . 2010-06-30 10:05 -------- dc----w- c:\documents and settings\All Users\Application Data\WebacamSurveyor

2010-06-30 03:01 . 2010-06-30 10:11 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Readon_Technology

2010-06-30 02:55 . 2010-06-30 02:55 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Super Internet TV

2010-06-29 20:41 . 2010-06-29 20:42 -------- dc----w- c:\documents and settings\Administrator\Application Data\ViStart

2010-06-28 13:29 . 2010-06-28 13:50 -------- dc----w- c:\program files\Common Files\Elecard

2010-06-28 13:25 . 2010-06-28 13:25 -------- dc----w- c:\program files\vPlug Files Center

2010-06-28 12:55 . 2006-05-21 13:15 634880 -c--a-w- c:\windows\system32\NCTAudioEditor2.dll

2010-06-28 12:55 . 2006-05-21 13:15 522752 -c--a-w- c:\windows\system32\NCTAudioTransform2.dll

2010-06-28 12:55 . 2006-05-21 13:15 467968 -c--a-w- c:\windows\system32\NCTAudioRecord2.dll

2010-06-28 12:55 . 2006-05-21 13:15 467456 -c--a-w- c:\windows\system32\NCTAudioPlayer2.dll

2010-06-28 12:55 . 2004-07-14 11:44 23040 -c--a-w- c:\windows\system32\auth.dll

2010-06-28 12:55 . 2002-05-23 18:40 110080 -c--a-w- c:\windows\system32\advd.dll

2010-06-28 12:55 . 2007-09-21 08:05 110592 -c--a-w- c:\documents and settings\Administrator\Application Data\concept design\SharedConfig\devicectrl.dll

2010-06-28 12:55 . 2006-05-21 13:15 966144 -c--a-w- c:\windows\system32\NCTAudioInformation2.dll

2010-06-28 12:55 . 2006-05-21 13:15 877568 -c--a-w- c:\windows\system32\NCTAudioFile2.dll

2010-06-28 12:55 . 2006-05-21 13:15 237568 -c--a-w- c:\windows\system32\lame_enc.dll

2010-06-28 12:55 . 2010-06-28 12:58 -------- dc----w- c:\documents and settings\Administrator\Application Data\concept design

2010-06-28 12:41 . 2010-06-28 12:41 -------- dc----w- c:\documents and settings\Administrator\Application Data\PCF-VLC

2010-06-28 12:33 . 2010-06-28 12:33 -------- dc----w- c:\documents and settings\Administrator\Application Data\Participatory Culture Foundation

2010-06-28 12:14 . 2010-06-28 12:14 -------- dc----w- c:\documents and settings\Administrator\Incomplete

2010-06-28 12:14 . 2010-06-28 12:14 -------- dc----w- c:\documents and settings\Administrator\Shared

2010-06-28 12:12 . 2010-06-28 12:20 -------- dc----w- c:\documents and settings\Administrator\Application Data\ZiggyTV

2010-06-28 12:12 . 1998-04-23 21:00 368912 -c--a-w- c:\windows\system32\vbar332.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-28 09:41 . 2010-05-24 23:20 -------- dc----w- c:\documents and settings\Administrator\Application Data\Zuaqq

2010-07-28 01:02 . 2010-04-23 10:25 164880 -c-ha-w- c:\documents and settings\Administrator\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll

2010-07-27 23:41 . 2009-05-27 18:40 247136 -c--a-w- c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

2010-07-27 23:41 . 2010-05-05 19:40 -------- dc----w- c:\documents and settings\Administrator\Application Data\DMCache

2010-07-27 21:41 . 2010-04-16 20:00 -------- dc----w- c:\documents and settings\Administrator\Application Data\Media Player Classic

2010-07-27 21:20 . 2010-04-16 20:35 -------- dc----w- c:\program files\IObit

2010-07-27 20:45 . 2010-04-16 18:41 -------- dc-h--w- c:\program files\InstallShield Installation Information

2010-07-27 19:13 . 2010-04-18 01:34 -------- dc----w- c:\documents and settings\Administrator\Application Data\uTorrent

2010-07-27 02:16 . 2010-04-17 13:00 -------- dc----w- c:\program files\Google

2010-07-26 12:16 . 2010-04-20 06:33 -------- dc----w- c:\documents and settings\Administrator\Application Data\Skype

2010-07-26 10:50 . 2010-06-15 20:29 -------- dc----w- c:\documents and settings\Administrator\Application Data\skypePM

2010-07-25 22:13 . 2010-04-25 22:29 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-25 16:43 . 2010-05-05 19:40 -------- dc----w- c:\documents and settings\Administrator\Application Data\IDM

2010-07-25 16:31 . 2010-04-16 18:27 726392 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-25 14:50 . 2010-04-20 08:06 463788 -c-ha-w- c:\windows\system32\mlfcache.dat

2010-07-25 11:37 . 2010-04-25 21:16 -------- dc----w- c:\program files\Common Files\ParetoLogic

2010-07-24 22:49 . 2010-04-16 22:19 -------- dc----w- c:\program files\RocketDock

2010-07-20 15:59 . 2009-09-01 10:00 81882 ----a-w- c:\windows\system32\perfc01F.dat

2010-07-20 15:59 . 2009-09-01 10:00 428836 ----a-w- c:\windows\system32\perfh01F.dat

2010-07-20 13:55 . 2010-04-16 18:39 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-07-16 16:32 . 2010-04-20 06:33 -------- dc----w- c:\documents and settings\All Users\Application Data\Skype

2010-07-16 16:08 . 2010-04-16 18:33 -------- dc----w- c:\program files\Windows Live

2010-07-16 14:13 . 2010-06-12 16:46 -------- dc----w- c:\program files\Common Files\Adobe

2010-07-15 23:21 . 2010-04-18 09:59 -------- dc----w- c:\documents and settings\Administrator\Application Data\HP

2010-07-15 23:21 . 2010-04-18 09:56 -------- dc----w- c:\documents and settings\All Users\Application Data\HP

2010-07-15 11:27 . 2010-04-16 22:50 -------- dc----w- c:\documents and settings\Administrator\Application Data\IObit

2010-07-13 21:08 . 2010-04-16 18:36 -------- dc----w- c:\program files\K-Lite Codec Pack

2010-07-13 21:06 . 2010-05-08 23:13 -------- dc----w- c:\program files\Total Video Converter

2010-07-09 22:28 . 2010-06-15 12:36 -------- dc----w- c:\documents and settings\All Users\Application Data\FLEXnet

2010-07-09 11:03 . 2010-06-02 13:43 181472 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll

2010-07-09 11:02 . 2010-06-02 13:43 416 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll

2010-07-08 22:57 . 2010-04-30 17:58 -------- dc----w- c:\documents and settings\Administrator\Application Data\IcoFX

2010-07-08 21:07 . 2010-06-14 12:03 -------- dc----w- c:\documents and settings\Administrator\Application Data\LimeWire

2010-07-08 14:09 . 2010-07-08 14:13 240 -c--a-w- c:\documents and settings\All Users\Application Data\Setting.dat

2010-07-07 13:54 . 2010-05-29 16:14 2288128 -c--a-w- c:\windows\system32\TUKernel.exe

2010-07-07 13:51 . 2010-04-20 07:00 -------- dc----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2010-07-06 21:04 . 2010-04-16 22:57 -------- dc----w- c:\program files\AIMP2

2010-07-04 11:44 . 2010-04-16 18:47 -------- dc----w- c:\program files\Realtek

2010-07-04 11:44 . 2010-04-16 18:35 73728 -c--a-w- c:\windows\system32\RtNicProp32.dll

2010-07-04 11:44 . 2010-04-16 18:35 143360 -c--a-w- c:\windows\system32\drivers\Rtenicxp.sys

2010-07-04 06:40 . 2010-04-20 06:59 -------- dc----w- c:\program files\CCleaner

2010-06-30 13:34 . 2010-06-18 12:05 -------- dc----w- c:\program files\AnvSoft

2010-06-30 10:47 . 2010-04-25 18:18 -------- dc----w- c:\documents and settings\Administrator\Application Data\Thinstall

2010-06-28 11:49 . 2010-06-28 11:49 720896 -c--a-w- c:\windows\iun6002ev.exe

2010-06-28 11:19 . 2010-06-28 11:19 -------- dc----w- c:\documents and settings\Administrator\Application Data\HTML Executable

2010-06-28 10:11 . 2010-06-28 10:11 -------- dc----w- c:\documents and settings\All Users\Application Data\GlobalSCAPE

2010-06-28 00:38 . 2010-06-28 00:38 11800576 -c--a-w- c:\documents and settings\Administrator\ntuser.dat.tmp

2010-06-28 00:38 . 2010-06-28 00:38 327680 -c--a-w- c:\documents and settings\NetworkService\NTUSER.DAT.tmp

2010-06-28 00:38 . 2010-06-28 00:38 315392 -c--a-w- c:\documents and settings\LocalService\NTUSER.DAT.tmp

2010-06-28 00:34 . 2010-06-28 00:34 -------- dc----w- c:\documents and settings\All Users\Application Data\Weskysoft

2010-06-26 15:35 . 2010-06-14 19:36 -------- dc----w- c:\program files\Mount&Blade Warband

2010-06-19 11:07 . 2010-06-19 11:04 -------- dc----w- c:\documents and settings\Administrator\Application Data\PhotoScape

2010-06-18 15:43 . 2010-06-18 15:42 -------- dc----w- c:\program files\Common Files\SourceTec

2010-06-18 15:42 . 2010-06-18 15:42 -------- dc----w- c:\program files\SourceTec

2010-06-17 16:47 . 2010-06-17 16:47 3205464 -c--a-w- c:\documents and settings\Administrator\Application Data\IDM\idmupdt.exe

2010-06-17 11:29 . 2010-06-17 11:29 -------- dc----w- c:\program files\directx

2010-06-16 20:33 . 2010-05-13 22:05 32768 -c--a-w- c:\windows\system32\drivers\taphss.sys

2010-06-16 08:18 . 2010-04-16 18:36 -------- dc----w- c:\program files\Microsoft Silverlight

2010-06-15 20:31 . 2010-06-15 20:31 -------- dc----w- c:\program files\Common Files\Skype

2010-06-15 20:29 . 2010-06-15 20:29 56 -c-ha-w- c:\windows\system32\ezsidmv.dat

2010-06-14 14:31 . 2010-04-16 18:21 744448 -c--a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-05 17:56 . 2010-06-05 17:56 -------- dc----w- c:\documents and settings\All Users\Application Data\Trymedia

2010-06-04 15:51 . 2010-04-16 18:41 -------- dc----w- c:\program files\Common Files\snpstd3

2010-06-03 16:07 . 2010-06-03 16:07 -------- dc----w- c:\documents and settings\Administrator\Application Data\URSoft

2010-06-03 16:03 . 2010-06-03 16:03 -------- dc----w- c:\program files\Common Files\Java

2010-06-03 16:03 . 2010-04-23 21:18 411368 -c--a-w- c:\windows\system32\deploytk.dll

2010-06-03 15:59 . 2010-04-20 07:00 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-06-03 02:41 . 2010-06-03 02:41 3600384 -c--a-w- c:\windows\system32\GPhotos.scr

2010-06-02 19:50 . 2010-06-02 19:49 234080 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\VWDExpress\9.0\1033\ResourceCache.dll

2010-06-02 14:07 . 2010-06-02 14:07 112640 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1033\ResourceCache.dll

2010-06-02 14:00 . 2010-06-02 14:00 187808 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll

2010-05-30 22:31 . 2010-05-19 07:26 -------- dc----w- c:\program files\Common Files\Macromedia

2010-05-29 16:54 . 2010-05-29 16:54 -------- dc----w- c:\program files\Foxit Software

2010-05-29 12:28 . 2010-05-29 12:28 -------- dc----w- c:\documents and settings\All Users\Application Data\MSScanAppDataDir

2010-05-29 10:07 . 2010-05-29 10:07 136 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat

2010-05-21 14:29 . 2010-05-21 14:29 549 -c--a-w- c:\windows\eReg.dat

2010-05-19 16:43 . 2010-05-19 16:41 295 -c--a-w- c:\windows\system32\Find_Target.vbs

2010-05-13 14:36 . 2010-04-16 18:59 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-05-13 14:36 . 2010-04-16 18:59 17016 -c--a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-05-13 14:36 . 2010-05-13 14:43 79432 ----a-w- c:\windows\system32\drivers\avfwim.sys

2010-05-13 14:36 . 2010-05-13 14:43 102856 ----a-w- c:\windows\system32\drivers\avfwot.sys

2010-05-13 14:36 . 2010-04-16 18:59 51992 -c--a-w- c:\windows\system32\drivers\avgntdd.sys

2010-05-08 20:40 . 2010-05-08 20:40 98304 -c--a-w- c:\windows\system32\CmdLineExt.dll

2010-05-08 17:53 . 2010-05-08 17:53 476512 -c--a-w- c:\documents and settings\All Users\Application Data\RapidSolution\AudialsOne_2009\RadioRip\RadioRip.dll

2010-05-08 17:53 . 2010-05-08 17:53 169312 -c--a-w- c:\documents and settings\All Users\Application Data\RapidSolution\AudialsOne_2009\RadioRip\PlgSoundclick.dll

2010-05-08 17:53 . 2010-05-08 17:53 111968 -c--a-w- c:\documents and settings\All Users\Application Data\RapidSolution\AudialsOne_2009\RadioRip\PlgPandora.dll

2010-05-08 17:52 . 2010-05-08 17:52 128352 -c--a-w- c:\documents and settings\All Users\Application Data\RapidSolution\AudialsOne_2009\RadioRip\PlgMyspace.dll

2010-05-08 17:52 . 2010-05-08 17:52 111968 -c--a-w- c:\documents and settings\All Users\Application Data\RapidSolution\AudialsOne_2009\RadioRip\PlgLastfm.dll

2010-05-08 17:52 . 2010-05-08 17:52 99680 -c--a-w- c:\documents and settings\All Users\Application Data\RapidSolution\AudialsOne_2009\RadioRip\PlgIJigg.dll

2010-05-08 17:52 . 2010-05-08 17:52 230752 -c--a-w- c:\documents and settings\All Users\Application Data\RapidSolution\AudialsOne_2009\RadioRip\PlgHypemachine.dll

2010-05-08 17:52 . 2010-05-08 17:52 120160 -c--a-w- c:\documents and settings\All Users\Application Data\RapidSolution\AudialsOne_2009\RadioRip\PlgGeneral.dll

2010-05-08 17:52 . 2010-05-08 17:52 91488 -c--a-w- c:\documents and settings\All Users\Application Data\RapidSolution\AudialsOne_2009\RadioRip\PlgDefault.dll

2010-05-08 17:52 . 2010-05-08 17:52 140640 -c--a-w- c:\documents and settings\All Users\Application Data\RapidSolution\AudialsOne_2009\RadioRip\PlgDeezer.dll

2010-05-06 10:32 . 2009-09-01 10:00 916480 -c--a-w- c:\windows\system32\wininet.dll

2010-05-06 07:36 . 2010-04-18 19:17 221568 -c----w- c:\windows\system32\MpSigStub.exe

2010-05-02 08:02 . 2009-09-01 10:00 1860352 ----a-w- c:\windows\system32\win32k.sys

2010-05-01 15:21 . 2010-05-01 15:13 166912 -c--a-w- c:\windows\hpoins27.dat

.

------- Sigcheck -------

[-] 2009-09-01 . E0593C5746742DFB99A45B9D1234EBFB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-09-01 . 106267D1B1188EBD7FA9A95B6ABCAEBA . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2009-09-01 . 91FD2FD45E5321A74E06A1D051FCFC33 . 662528 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2009-09-01 . B3A28AB23450EBFEAB3CEE207B97EAA5 . 639488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2009-09-01 . 65A4FA0D3394873C9E55E1296FC04A42 . 1766912 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2009-09-01 . CBC8C36E4610EE06EBEBBEC153364B52 . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

2010-02-27 23:20 561552 -c--a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2010-07-26 12:09 70776 -c--a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-07-27 3241312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-05-13 282792]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-09-01 40960]

c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang�‡\

UnlockerAssistant.lnk - c:\windows\system32\UnlockerAssistant.exe [2010-4-16 15872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

"EditLevel"= 0 (0x0)

"NoCommonGroups"= 0 (0x0)

"NoSMBalloonTip"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programlar^Başlangıç^alg.lnk]

backup=c:\windows\pss\alg.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programlar^Başlangıç^AvaFind.lnk]

backup=c:\windows\pss\AvaFind.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programlar^Başlangıç^Stardock ObjectDock.lnk]

backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto Hide IP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 00:44 500208 -c----w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-02-22 01:57 406992 -c--a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2009-09-01 10:00 40960 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Unlocker.exe]

2009-09-01 10:00 87552 -c--a-w- c:\windows\system32\Unlocker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WZCSVC"=2 (0x2)

"wuauserv"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"TapiSrv"=3 (0x3)

"osppsvc"=3 (0x3)

"ose"=3 (0x3)

"gusvc"=3 (0x3)

"gupdate"=2 (0x2)

"aspnet_state"=3 (0x3)

"TuneUp.ProgramStatisticsSvc"=3 (0x3)

"UxTuneUp"=2 (0x2)

"TuneUp.Defrag"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

"Crypkey License"=2 (0x2)

"SharedAccess"=2 (0x2)

"HssWd"=2 (0x2)

"HssTrayService"=3 (0x3)

"HssSrv"=2 (0x2)

"HotspotShieldService"=2 (0x2)

"GateKeeper 4.7"=2 (0x2)

"wlidsvc"=2 (0x2)

"FLEXnet Licensing Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5000:UDP"= 5000:UDP:*:Disabled:Akamai NetSession Interface

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"9176:TCP"= 9176:TCP:*:Disabled:BitComet 9176 TCP

"9176:UDP"= 9176:UDP:*:Disabled:BitComet 9176 UDP

R0 72585222;72585222 Boot Guard Driver;c:\windows\system32\drivers\72585222.sys [20.07.2010 20:03 37392]

R1 72585221;72585221;c:\windows\system32\drivers\72585221.sys [20.07.2010 20:03 128016]

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [13.05.2010 17:43 102856]

R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [26.07.2010 17:25 74208]

R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\System\CPL Bonus\vcdrom.sys [20.04.2010 10:01 8576]

R2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [13.05.2010 17:43 536232]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [13.05.2010 17:43 337064]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [16.04.2010 21:59 135336]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [13.05.2010 17:43 405672]

R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [13.05.2010 17:43 79432]

R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21.04.2007 17:15 9344]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [28.07.2010 00:20 312152]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [26.11.2009 00:06 34384]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S3 ute5otcy;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\ute5otcy.sys --> c:\windows\system32\Drivers\ute5otcy.sys [?]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [17.12.2009 15:02 99152]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]

S4 gupdate;Google Güncelleme Hizmeti (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.04.2010 16:01 135664]

S4 ramdisk;AR Soft RAM Disk Service;c:\windows\system32\drivers\ramdisk.sys [10.07.2010 00:19 10431]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - VCDROM

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]

2009-03-04 13:32 8192 -c--a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

2010-07-27 c:\windows\Tasks\AdobeAAMUpdater-1.0-CASPER-CASPER.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-16 00:44]

2010-07-27 c:\windows\Tasks\AdobeAAMUpdater-1.0-MYPC-60466C696E-Administrator.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-16 00:44]

2010-07-28 c:\windows\Tasks\AWC AutoSweep.job

- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-04-16 11:11]

2010-07-27 c:\windows\Tasks\AWC Update.job

- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-04-16 13:18]

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uStart Page = hxxp://www.netarar.com/

mStart Page = hxxp://www.netarar.com/

uInternet Settings,ProxyServer = http=

uSearchAssistant = hxxp://www.google.com/ie

IE: &BitSpirit ile İndir - c:\program files\BitSpirit\bsurl.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Bütün linkleri IDM ile indir - c:\program files\Internet Download Manager\IEGetAll.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: FLV video içeriğini IDM ile indir - c:\program files\Internet Download Manager\IEGetVL.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: IDM ile indir - c:\program files\Internet Download Manager\IEExt.htm

IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: OneNote'a G&önder - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

LSP: c:\windows\system32\idmmbc.dll

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: {697B9111-6FDC-41E3-AB0B-0FC82481C701} = 4.2.2.4,4.2.2.6

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jbj6ciff.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tr/

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 4095

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 1000000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 1000000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: network.proxy.type - 0

FF - user.js: nglayout.initialpaint.delay - 1000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-28 15:07

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,dd,1e,6b,56,cc,22,43,af,da,e5,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,dd,1e,6b,56,cc,22,43,af,da,e5,\

[HKEY_USERS\S-1-5-21-1757981266-2111687655-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,23,94,b3,f3,fb,3b,41,a4,4f,61,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,30,db,bd,f2,8a,86,6d,4e,bb,b8,45,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,23,94,b3,f3,fb,3b,41,a4,4f,61,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3eea664f-6db8-43dc-a26c-ddadd8706add}]

@Denied: (Full) (Everyone)

"Model"=dword:000000bb

"Therad"=dword:00000009

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):a2,1a,b0,54,1e,d3,ca,cc,4a,72,9c,3b,27,df,fd,85,0d,f5,d2,e8,91,

9c,38,ad,5c,01,39,f1,94,94,0f,1e,32,99,50,02,60,8f,b6,d4,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(596)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(880)

c:\windows\system32\setupapi.dll

.

Completion time: 2010-07-28 15:09:46

ComboFix-quarantined-files.txt 2010-07-28 12:09

Pre-Run: 9.813.114.880 bayt boş

Post-Run: 9.805.733.888 bayt boş

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - 61BAF165CDBEF1FB5AE6CA60260C8912

soruna bir çare bulan olursa yazsın çünkü çook kullanıyorum bu tuşları

[crazy_vefa]

tekrar combofixle tarat, temizle sonra netten driverlarını bul yükle o zaman çalışır, driverdan kaynaklı o makro tuşları... normaldir...

[Bitmap]

işte driver bulamıyorum bulsan yapıcam ama yok klavye vista için yapılmış yani xp driver yok cerficated for vista yada öyle bişey

[crazy_vefa]

takıp çıkartmışsındır...

Please register to see this content.

bunları denermisin

[Bitmap]

arkadaşlar bu driverlerda çare olmadı lütfen bi çözüm

[crazy_vefa]

egri dönüp malwarebytes ve spyware doctor ile tarat spyware doctor hep bulur bu tip virüsleri kbaşka çaren yok, exe lere saldırıp onları da virüslü gösterebilir virüs driver combofixten sonra bence bundan dolayı gtmiştir...

[emutlu]

Dracula adlı programı kullan. Aynı işi görüyor, ücretsiz..

[xfailedkomplex]

şu uzun ve zor yöntem çözüm olabilir kılavyeni başka sağlam bir bilgisayara tak eğer orda tuşlar beklediğin gibi çalışıyorsa

aygıt yöneticisinden kılavyeyi bul

ÖZELLİKLER ardından SÜRÜCÜ sekmesine tıkla ordan ayrıntılar ve dosyaların bulunduğu konumdan sürücünun dosyalarını kopyala ve kendi bildisayarında klavyen takılı iken kılavyenin sürücüsünü özellikler sekmesinden gelişmiş kaldırı secerek kaldırıp çalışan driver dosyalarını kopyaladığın klasore at sonrada donanım değişikliklerini tarat

2. seçenek driver dedective gibi bir driver güncelleme programı ile driverleri güncelle

[Tnctr-tnctr]

verdiği log a bakılırsa çok şeyi kurcalamış combofix o kadar tarama yapıyormuydu o ya

[taba]

arkadaşlar dün combo fix çalıştırdım taradı bitirdi casper dlk -5108 klavye nin multimedia tuşları çalışmıyordu

geri yükleme yaptım tabi virüslerde geri yüklendi

bu gün yine çalıştırdım yine aynısı oldu klavye multimedia tuşları çalışmıyor

log dosyası burada

soruna bir çare bulan olursa yazsın çünkü çook kullanıyorum bu tuşları

Sn."byvistakazim",

Sizin asıl sorununuz klavye değil kötücül...

ComboFix, sisteminizde aşağıdaki kötücülleri saptamış:

1) Keylogger (Probot):

c:\windows\a3kebook.ini

c:\windows\akebook.ini

c:\windows\ANS2000.INI

2) Truvaatı: Uninstal.exe

3) Truvaatı: 1.bat

4) Truvaatı yükleyici: bn.dll

5) Spyware: twain_16.dll

* Kullandığınız antivirüs (Avira AntiVir) son 4 yılın en iyisi. Yukardaki kötücülleri o da bulup siler; ama, doğru kullanmak koşuluyla...

(Windows'un Sistem Geri Yükleme özelliğini kapatmak, Bilgisayarı güvenli kipte başlatıp , sistem taraması yaptırmak)

* Antivirüslerin yakaladığı ve ama silemediği bir kötücülle karşılaşılırsa, yapılacak ilk iş yukarda da denildiği gibi güvenli kipte tarama yaptırmaktır; güvenli kip de işe yaramazsa, yapılacak en iyi iş ComboFix kullanmaktır (Yalnızca XP ve Vista'da); ancak, ComboFix'i de doğru kullanmak

gerekir. Örneğin, ComboFix'i masaüstüne indirip, orada çalıştırmak gerekir; sizse D:'ye indirip oradan, çalıştırmışsınız ki, yine de epey kötücül saptamış...

* ComboFix arasıra (size göre) yanlış işler de yapabilir; örneğin, korsan XP kullanıyorsanız, kırma işlemini silebilir ve XP'yi yeniden kırmanız gerekebilir...

* Klavyenizin multimedya tuşlarının çalışmama sorunu, yukardakilerin yanında solda sıfır kalır; klavye üreticisinin sitesine girer, sürücüsünü indirir kurarsınız, olur biter...

Esenlikler...

[Bitmap]

bu arada antivir değil premium security suite

ona rağmen giriyorsa ne denir

artık gerek kalmadı windows 7 kurdum gerçekten çok iyi benim için xp bitmiştir dahada xp kullanmam

[taba]

bu arada antivir değil premium security suite

ona rağmen giriyorsa ne denir

artık gerek kalmadı windows 7 kurdum gerçekten çok iyi benim için xp bitmiştir dahada xp kullanmam

Güzel...

* Var olan alışkanlıklarınız (yani, girdiğiniz siteler, indirip kurup oynadığınız oyunlar) nedeniyle yukarda belirttiğim Keylogger'ı yeniden konuk edebilirsiniz ki, sonucunda bilgisayarınız yine "zombi" olur ve tüm şifreleriniz (banka hesaplarınız da içinde) ilgili kişiye e-posta ile iletilir; keylogger için XP'ymiş, Windows7'ymiş farketmez, önlem almazsanız...

Not: "premium security suite" AntiVir'dir; AntiVir'in güvenlik duvarlısıdır.