Bitmap Posted July 28, 2010 Share Posted July 28, 2010 arkadaşlar dün combo fix çalıştırdım taradı bitirdi casper dlk -5108 klavye nin multimedia tuşları çalışmıyordu geri yükleme yaptım tabi virüslerde geri yüklendi bu gün yine çalıştırdım yine aynısı oldu klavye multimedia tuşları çalışmıyor sorun nedir log dosyası burada ComboFix 10-07-27.04 - CASPER 28.07.2010 15:03:44.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.1015.565 [GMT 3:00] Running from: d:\downloads\Programs\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6} FW: Avira FireWall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\scrrntr.dll . ---- Previous Run ------- . c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\Fonts\Uninstal.exe c:\windows\system32\1.bat c:\windows\system32\bn.dll c:\windows\system32\scrrntr.dll c:\windows\twain_16.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_OSPPSVC -------\Service_osppsvc ((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 ))))))))))))))))))))))))))))))) . 2010-07-28 10:09 . 2010-07-28 10:09 -------- dc----w- c:\documents and settings\Administrator\Application Data\Conceptworld 2010-07-28 09:36 . 2010-07-28 09:36 -------- dc----w- c:\windows\system32\wbem\snmp 2010-07-28 09:36 . 2010-07-28 09:36 -------- dc----w- c:\windows\system32\xircom 2010-07-28 09:36 . 2010-07-28 09:36 -------- dc----w- c:\program files\microsoft frontpage 2010-07-27 23:41 . 2010-07-27 23:41 243040 -c--a-w- c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components2\idmmzcc.dll 2010-07-27 23:41 . 2010-07-27 23:41 -------- dc----w- c:\program files\Internet Download Manager 2010-07-27 21:12 . 2004-05-13 14:29 133120 -c--a-w- c:\windows\system32\sfc_os.dll 2010-07-27 20:47 . 2010-07-27 20:47 -------- dc----w- c:\windows\system32\wbem\Repository 2010-07-27 02:10 . 2010-07-27 02:10 -------- dc----w- c:\documents and settings\Administrator\Application Data\BitSpirit 2010-07-27 02:09 . 2010-07-27 02:09 -------- dc----w- c:\program files\Common Files\BitSpirit 2010-07-27 02:09 . 2010-07-27 02:09 -------- dc----w- c:\program files\BitSpirit 2010-07-26 19:29 . 2010-07-26 19:29 -------- dc----w- c:\documents and settings\Administrator\Application Data\The Creative Assembly 2010-07-26 14:25 . 2010-07-26 14:25 74208 -c--a-w- c:\windows\system32\drivers\idmtdi.sys 2010-07-26 00:12 . 2010-07-26 00:12 -------- dc----w- c:\program files\Common Files\Apple 2010-07-26 00:12 . 2010-07-26 00:12 -------- dc----w- c:\program files\Apple Software Update 2010-07-24 22:57 . 2010-07-24 22:57 -------- dc----w- c:\program files\Ashampoo 2010-07-22 00:00 . 2010-07-22 00:00 -------- dc----w- c:\documents and settings\Administrator\Application Data\RealWorld 2010-07-21 23:59 . 2010-07-21 23:59 124902 -c--a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_229008C4DD2B0687C3C9DB.exe 2010-07-21 23:59 . 2010-07-21 23:59 11310 -c--a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_FF89B0AADCD51F146762AE.exe 2010-07-21 23:59 . 2010-07-21 23:59 11310 -c--a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_EA4EAE0A99F77038DA094E.exe 2010-07-21 23:59 . 2010-07-21 23:59 11310 -c--a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_7C899EC09EAB28D66E0485.exe 2010-07-21 23:59 . 2010-07-21 23:59 9062 -c--a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_6FEFF9B68218417F98F549.exe 2010-07-21 23:59 . 2010-07-21 23:59 124902 -c--a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_8FC856A7719DE414ABC55A.exe 2010-07-21 23:59 . 2010-07-21 23:59 -------- dc----w- c:\program files\RealWorld Cursor Editor 2010-07-20 22:13 . 2010-07-20 22:13 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard 2010-07-20 21:58 . 2010-07-20 21:58 513 -c--a-w- c:\windows\system32\xtupdate.dat 2010-07-20 17:03 . 2009-10-22 10:54 37392 -c--a-w- c:\windows\system32\drivers\72585222.sys 2010-07-20 17:03 . 2009-09-25 14:59 128016 -c--a-w- c:\windows\system32\drivers\72585221.sys 2010-07-20 17:03 . 2009-10-09 20:31 315408 -c--a-w- c:\windows\system32\drivers\7258522.sys 2010-07-20 15:58 . 2010-07-20 15:58 -------- dc----w- c:\program files\Microsoft Virtual PC 2010-07-20 13:52 . 2010-07-20 13:52 -------- dc----w- c:\program files\Microsoft Synchronization Services 2010-07-20 13:52 . 2010-07-20 13:52 -------- dc----w- c:\program files\Microsoft.NET 2010-07-20 13:52 . 2010-07-20 13:52 -------- dc----w- c:\documents and settings\All Users\Microsoft 2010-07-20 13:49 . 2010-07-20 13:50 -------- dc----w- c:\windows\SHELLNEW 2010-07-20 13:49 . 2010-07-20 13:49 -------- dc----w- c:\program files\Microsoft Analysis Services 2010-07-19 23:21 . 2010-07-20 16:03 -------- dc----w- c:\documents and settings\Administrator\Application Data\Mipony 2010-07-17 15:40 . 2010-06-29 22:49 -------- dc----w- c:\program files\xat.com Image Optimizer 2010-07-17 00:20 . 2010-07-25 08:55 188152 -c--a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jbj6ciff.default\FlashGot.exe 2010-07-17 00:06 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-16 16:32 . 2010-07-16 16:32 -------- dc----w- c:\program files\Skype 2010-07-16 14:11 . 2010-07-16 14:15 -------- dc----w- c:\documents and settings\All Users\AdobeTemp 2010-07-15 22:43 . 2010-07-15 22:43 -------- dc----w- c:\documents and settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2010-07-15 22:43 . 2010-07-15 22:44 -------- dc----w- c:\program files\Adobe Photoshop CS5 2010-07-15 14:06 . 2010-07-16 13:46 -------- dc----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe 2010-07-15 13:58 . 2010-07-15 13:58 -------- dc----w- c:\program files\Common Files\Adobe AIR 2010-07-14 22:35 . 2010-07-14 22:35 -------- dc----w- c:\windows\lollala 2010-07-14 22:02 . 2010-07-14 22:04 -------- dc----w- c:\documents and settings\Administrator\Application Data\ViGlance 2010-07-14 16:01 . 2010-07-14 16:03 -------- dc----w- c:\documents and settings\Administrator\.VirtualBox 2010-07-14 15:59 . 2009-12-17 12:02 123280 -c--a-w- c:\windows\system32\drivers\VBoxDrv.sys 2010-07-14 15:59 . 2009-12-17 12:02 41616 -c--a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2010-07-14 10:54 . 2010-07-14 10:54 -------- dc----w- c:\documents and settings\Administrator\Application Data\SmartFTP 2010-07-14 04:16 . 2010-07-14 04:16 -------- dc----w- c:\documents and settings\Administrator\Application Data\Yvawfi 2010-07-13 21:07 . 2004-01-25 16:18 217088 -c--a-w- c:\windows\system32\yv12vfw.dll 2010-07-13 21:07 . 2010-06-08 16:10 790528 -c--a-w- c:\windows\system32\xvidcore.dll 2010-07-13 21:07 . 2010-06-08 16:10 134144 -c--a-w- c:\windows\system32\xvidvfw.dll 2010-07-13 21:07 . 2010-03-10 19:29 94208 -c--a-w- c:\windows\system32\dpl100.dll 2010-07-13 21:07 . 2010-06-28 08:00 108032 -c--a-w- c:\windows\system32\ff_vfw.dll 2010-07-13 21:07 . 2010-02-19 19:27 720384 -c--a-w- c:\windows\system32\divx.dll 2010-07-13 19:12 . 2010-07-13 19:12 -------- dc----w- c:\documents and settings\Administrator\Application Data\TinyPic Uploader 2010-07-09 21:19 . 2010-07-09 21:19 10431 -c--a-w- c:\windows\system32\drivers\ramdisk.sys 2010-07-08 14:14 . 2010-07-08 14:14 -------- dc----w- c:\documents and settings\All Users\Application Data\RealHideIP 2010-07-08 14:14 . 2010-07-08 14:14 -------- dc----w- c:\documents and settings\Administrator\Application Data\RealHideIP 2010-07-08 13:04 . 2010-07-08 13:21 -------- dc----w- c:\documents and settings\All Users\Application Data\AutoHideIP 2010-07-08 12:32 . 2010-07-08 12:44 -------- dc----w- c:\documents and settings\Administrator\Application Data\Hide IP Speed 2010-07-08 12:31 . 2010-07-08 12:45 -------- dc----w- c:\documents and settings\Administrator\Application Data\Hide IP NG 2010-07-07 21:21 . 2010-07-07 21:22 -------- dc-h--w- c:\windows\ie8 2010-07-07 20:49 . 2010-06-02 01:55 74072 -c--a-w- c:\windows\system32\XAPOFX1_5.dll 2010-07-07 20:49 . 2010-06-02 01:55 527192 -c--a-w- c:\windows\system32\XAudio2_7.dll 2010-07-07 20:49 . 2010-06-02 01:55 239960 -c--a-w- c:\windows\system32\xactengine3_7.dll 2010-07-07 20:49 . 2010-05-26 08:41 248672 -c--a-w- c:\windows\system32\d3dx11_43.dll 2010-07-07 20:49 . 2010-05-26 08:41 2106216 -c--a-w- c:\windows\system32\D3DCompiler_43.dll 2010-07-07 20:49 . 2010-05-26 08:41 1868128 -c--a-w- c:\windows\system32\d3dcsx_43.dll 2010-07-07 20:49 . 2010-05-26 08:41 470880 -c--a-w- c:\windows\system32\d3dx10_43.dll 2010-07-07 20:49 . 2010-05-26 08:41 1998168 -c--a-w- c:\windows\system32\D3DX9_43.dll 2010-07-07 16:44 . 2010-07-15 23:28 -------- dc-h--w- c:\windows\msdownld.tmp 2010-07-07 15:22 . 2010-07-07 15:22 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\ViCon_Remastered 2010-07-07 14:43 . 2010-07-07 22:15 -------- dc----w- c:\documents and settings\Administrator\Application Data\Styler 2010-07-07 13:24 . 2010-07-07 13:24 -------- dc-h--w- c:\windows\Icons 2010-07-07 13:04 . 2010-07-08 22:59 -------- dc----w- c:\windows\kazım 2010-07-06 16:32 . 2010-07-08 13:41 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ares 2010-07-06 15:18 . 2010-07-07 13:07 -------- dc----w- c:\program files\icom 2010-07-04 11:57 . 2008-02-15 09:49 172032 ----a-w- c:\windows\system32\igfxres.dll 2010-07-04 11:55 . 2008-02-15 10:21 147456 -c--a-w- c:\windows\system32\igfxCoIn_v4926.dll 2010-07-04 11:31 . 2008-12-03 14:40 81408 -c--a-w- c:\windows\system32\devcon_x64.exe 2010-07-04 11:31 . 2002-11-14 19:32 55808 -c--a-w- c:\windows\system32\devcon.exe 2010-07-04 06:29 . 2010-07-05 10:55 -------- dc----w- c:\program files\crypload 2010-07-01 22:24 . 2010-07-06 23:47 -------- dc----w- c:\documents and settings\Administrator\Application Data\vlc 2010-06-30 14:08 . 2010-06-30 14:08 -------- dc----w- c:\program files\GlobalSCAPE 2010-06-30 10:47 . 2010-06-30 10:47 35840 -c--a-w- c:\documents and settings\Administrator\Application Data\Thinstall\WebCam Monitor 4.2\40000018b00002i\SAFlashPlayer.exe 2010-06-30 10:05 . 2010-06-30 10:05 -------- dc----w- c:\documents and settings\All Users\Application Data\WebacamSurveyor 2010-06-30 03:01 . 2010-06-30 10:11 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Readon_Technology 2010-06-30 02:55 . 2010-06-30 02:55 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Super Internet TV 2010-06-29 20:41 . 2010-06-29 20:42 -------- dc----w- c:\documents and settings\Administrator\Application Data\ViStart 2010-06-28 13:29 . 2010-06-28 13:50 -------- dc----w- c:\program files\Common Files\Elecard 2010-06-28 13:25 . 2010-06-28 13:25 -------- dc----w- c:\program files\vPlug Files Center 2010-06-28 12:55 . 2006-05-21 13:15 634880 -c--a-w- c:\windows\system32\NCTAudioEditor2.dll 2010-06-28 12:55 . 2006-05-21 13:15 522752 -c--a-w- c:\windows\system32\NCTAudioTransform2.dll 2010-06-28 12:55 . 2006-05-21 13:15 467968 -c--a-w- c:\windows\system32\NCTAudioRecord2.dll 2010-06-28 12:55 . 2006-05-21 13:15 467456 -c--a-w- c:\windows\system32\NCTAudioPlayer2.dll 2010-06-28 12:55 . 2004-07-14 11:44 23040 -c--a-w- c:\windows\system32\auth.dll 2010-06-28 12:55 . 2002-05-23 18:40 110080 -c--a-w- c:\windows\system32\advd.dll 2010-06-28 12:55 . 2007-09-21 08:05 110592 -c--a-w- c:\documents and settings\Administrator\Application Data\concept design\SharedConfig\devicectrl.dll 2010-06-28 12:55 . 2006-05-21 13:15 966144 -c--a-w- c:\windows\system32\NCTAudioInformation2.dll 2010-06-28 12:55 . 2006-05-21 13:15 877568 -c--a-w- c:\windows\system32\NCTAudioFile2.dll 2010-06-28 12:55 . 2006-05-21 13:15 237568 -c--a-w- c:\windows\system32\lame_enc.dll 2010-06-28 12:55 . 2010-06-28 12:58 -------- dc----w- c:\documents and settings\Administrator\Application Data\concept design 2010-06-28 12:41 . 2010-06-28 12:41 -------- dc----w- c:\documents and settings\Administrator\Application Data\PCF-VLC 2010-06-28 12:33 . 2010-06-28 12:33 -------- dc----w- c:\documents and settings\Administrator\Application Data\Participatory Culture Foundation 2010-06-28 12:14 . 2010-06-28 12:14 -------- dc----w- c:\documents and settings\Administrator\Incomplete 2010-06-28 12:14 . 2010-06-28 12:14 -------- dc----w- c:\documents and settings\Administrator\Shared 2010-06-28 12:12 . 2010-06-28 12:20 -------- dc----w- c:\documents and settings\Administrator\Application Data\ZiggyTV 2010-06-28 12:12 . 1998-04-23 21:00 368912 -c--a-w- c:\windows\system32\vbar332.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-28 09:41 . 2010-05-24 23:20 -------- dc----w- c:\documents and settings\Administrator\Application Data\Zuaqq 2010-07-28 01:02 . 2010-04-23 10:25 164880 -c-ha-w- c:\documents and settings\Administrator\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll 2010-07-27 23:41 . 2009-05-27 18:40 247136 -c--a-w- c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll 2010-07-27 23:41 . 2010-05-05 19:40 -------- dc----w- c:\documents and settings\Administrator\Application Data\DMCache 2010-07-27 21:41 . 2010-04-16 20:00 -------- dc----w- c:\documents and settings\Administrator\Application Data\Media Player Classic 2010-07-27 21:20 . 2010-04-16 20:35 -------- dc----w- c:\program files\IObit 2010-07-27 20:45 . 2010-04-16 18:41 -------- dc-h--w- c:\program files\InstallShield Installation Information 2010-07-27 19:13 . 2010-04-18 01:34 -------- dc----w- c:\documents and settings\Administrator\Application Data\uTorrent 2010-07-27 02:16 . 2010-04-17 13:00 -------- dc----w- c:\program files\Google 2010-07-26 12:16 . 2010-04-20 06:33 -------- dc----w- c:\documents and settings\Administrator\Application Data\Skype 2010-07-26 10:50 . 2010-06-15 20:29 -------- dc----w- c:\documents and settings\Administrator\Application Data\skypePM 2010-07-25 22:13 . 2010-04-25 22:29 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-25 16:43 . 2010-05-05 19:40 -------- dc----w- c:\documents and settings\Administrator\Application Data\IDM 2010-07-25 16:31 . 2010-04-16 18:27 726392 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-25 14:50 . 2010-04-20 08:06 463788 -c-ha-w- c:\windows\system32\mlfcache.dat 2010-07-25 11:37 . 2010-04-25 21:16 -------- dc----w- c:\program files\Common Files\ParetoLogic 2010-07-24 22:49 . 2010-04-16 22:19 -------- dc----w- c:\program files\RocketDock 2010-07-20 15:59 . 2009-09-01 10:00 81882 ----a-w- c:\windows\system32\perfc01F.dat 2010-07-20 15:59 . 2009-09-01 10:00 428836 ----a-w- c:\windows\system32\perfh01F.dat 2010-07-20 13:55 . 2010-04-16 18:39 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-16 16:32 . 2010-04-20 06:33 -------- dc----w- c:\documents and settings\All Users\Application Data\Skype 2010-07-16 16:08 . 2010-04-16 18:33 -------- dc----w- c:\program files\Windows Live 2010-07-16 14:13 . 2010-06-12 16:46 -------- dc----w- c:\program files\Common Files\Adobe 2010-07-15 23:21 . 2010-04-18 09:59 -------- dc----w- c:\documents and settings\Administrator\Application Data\HP 2010-07-15 23:21 . 2010-04-18 09:56 -------- dc----w- c:\documents and settings\All Users\Application Data\HP 2010-07-15 11:27 . 2010-04-16 22:50 -------- dc----w- c:\documents and settings\Administrator\Application Data\IObit 2010-07-13 21:08 . 2010-04-16 18:36 -------- dc----w- c:\program files\K-Lite Codec Pack 2010-07-13 21:06 . 2010-05-08 23:13 -------- dc----w- c:\program files\Total Video Converter 2010-07-09 22:28 . 2010-06-15 12:36 -------- dc----w- c:\documents and settings\All Users\Application Data\FLEXnet 2010-07-09 11:03 . 2010-06-02 13:43 181472 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll 2010-07-09 11:02 . 2010-06-02 13:43 416 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll 2010-07-08 22:57 . 2010-04-30 17:58 -------- dc----w- c:\documents and settings\Administrator\Application Data\IcoFX 2010-07-08 21:07 . 2010-06-14 12:03 -------- dc----w- c:\documents and settings\Administrator\Application Data\LimeWire 2010-07-08 14:09 . 2010-07-08 14:13 240 -c--a-w- c:\documents and settings\All Users\Application Data\Setting.dat 2010-07-07 13:54 . 2010-05-29 16:14 2288128 -c--a-w- c:\windows\system32\TUKernel.exe 2010-07-07 13:51 . 2010-04-20 07:00 -------- dc----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2010-07-06 21:04 . 2010-04-16 22:57 -------- dc----w- c:\program files\AIMP2 2010-07-04 11:44 . 2010-04-16 18:47 -------- dc----w- c:\program files\Realtek 2010-07-04 11:44 . 2010-04-16 18:35 73728 -c--a-w- c:\windows\system32\RtNicProp32.dll 2010-07-04 11:44 . 2010-04-16 18:35 143360 -c--a-w- c:\windows\system32\drivers\Rtenicxp.sys 2010-07-04 06:40 . 2010-04-20 06:59 -------- dc----w- c:\program files\CCleaner 2010-06-30 13:34 . 2010-06-18 12:05 -------- dc----w- c:\program files\AnvSoft 2010-06-30 10:47 . 2010-04-25 18:18 -------- dc----w- c:\documents and settings\Administrator\Application Data\Thinstall 2010-06-28 11:49 . 2010-06-28 11:49 720896 -c--a-w- c:\windows\iun6002ev.exe 2010-06-28 11:19 . 2010-06-28 11:19 -------- dc----w- c:\documents and settings\Administrator\Application Data\HTML Executable 2010-06-28 10:11 . 2010-06-28 10:11 -------- dc----w- c:\documents and settings\All Users\Application Data\GlobalSCAPE 2010-06-28 00:38 . 2010-06-28 00:38 11800576 -c--a-w- c:\documents and settings\Administrator\ntuser.dat.tmp 2010-06-28 00:38 . 2010-06-28 00:38 327680 -c--a-w- c:\documents and settings\NetworkService\NTUSER.DAT.tmp 2010-06-28 00:38 . 2010-06-28 00:38 315392 -c--a-w- c:\documents and settings\LocalService\NTUSER.DAT.tmp 2010-06-28 00:34 . 2010-06-28 00:34 -------- dc----w- c:\documents and settings\All Users\Application Data\Weskysoft 2010-06-26 15:35 . 2010-06-14 19:36 -------- dc----w- c:\program files\Mount&Blade Warband 2010-06-19 11:07 . 2010-06-19 11:04 -------- dc----w- c:\documents and settings\Administrator\Application Data\PhotoScape 2010-06-18 15:43 . 2010-06-18 15:42 -------- dc----w- c:\program files\Common Files\SourceTec 2010-06-18 15:42 . 2010-06-18 15:42 -------- dc----w- c:\program files\SourceTec 2010-06-17 16:47 . 2010-06-17 16:47 3205464 -c--a-w- c:\documents and settings\Administrator\Application Data\IDM\idmupdt.exe 2010-06-17 11:29 . 2010-06-17 11:29 -------- dc----w- c:\program files\directx 2010-06-16 20:33 . 2010-05-13 22:05 32768 -c--a-w- c:\windows\system32\drivers\taphss.sys 2010-06-16 08:18 . 2010-04-16 18:36 -------- dc----w- c:\program files\Microsoft Silverlight 2010-06-15 20:31 . 2010-06-15 20:31 -------- dc----w- c:\program files\Common Files\Skype 2010-06-15 20:29 . 2010-06-15 20:29 56 -c-ha-w- c:\windows\system32\ezsidmv.dat 2010-06-14 14:31 . 2010-04-16 18:21 744448 -c--a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-05 17:56 . 2010-06-05 17:56 -------- dc----w- c:\documents and settings\All Users\Application Data\Trymedia 2010-06-04 15:51 . 2010-04-16 18:41 -------- dc----w- c:\program files\Common Files\snpstd3 2010-06-03 16:07 . 2010-06-03 16:07 -------- dc----w- c:\documents and settings\Administrator\Application Data\URSoft 2010-06-03 16:03 . 2010-06-03 16:03 -------- dc----w- c:\program files\Common Files\Java 2010-06-03 16:03 . 2010-04-23 21:18 411368 -c--a-w- c:\windows\system32\deploytk.dll 2010-06-03 15:59 . 2010-04-20 07:00 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-06-03 02:41 . 2010-06-03 02:41 3600384 -c--a-w- c:\windows\system32\GPhotos.scr 2010-06-02 19:50 . 2010-06-02 19:49 234080 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\VWDExpress\9.0\1033\ResourceCache.dll 2010-06-02 14:07 . 2010-06-02 14:07 112640 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1033\ResourceCache.dll 2010-06-02 14:00 . 2010-06-02 14:00 187808 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll 2010-05-30 22:31 . 2010-05-19 07:26 -------- dc----w- c:\program files\Common Files\Macromedia 2010-05-29 16:54 . 2010-05-29 16:54 -------- dc----w- c:\program files\Foxit Software 2010-05-29 12:28 . 2010-05-29 12:28 -------- dc----w- c:\documents and settings\All Users\Application Data\MSScanAppDataDir 2010-05-29 10:07 . 2010-05-29 10:07 136 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat 2010-05-21 14:29 . 2010-05-21 14:29 549 -c--a-w- c:\windows\eReg.dat 2010-05-19 16:43 . 2010-05-19 16:41 295 -c--a-w- c:\windows\system32\Find_Target.vbs 2010-05-13 14:36 . 2010-04-16 18:59 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-05-13 14:36 . 2010-04-16 18:59 17016 -c--a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-05-13 14:36 . 2010-05-13 14:43 79432 ----a-w- c:\windows\system32\drivers\avfwim.sys 2010-05-13 14:36 . 2010-05-13 14:43 102856 ----a-w- c:\windows\system32\drivers\avfwot.sys 2010-05-13 14:36 . 2010-04-16 18:59 51992 -c--a-w- c:\windows\system32\drivers\avgntdd.sys 2010-05-08 20:40 . 2010-05-08 20:40 98304 -c--a-w- c:\windows\system32\CmdLineExt.dll 2010-05-08 17:53 . 2010-05-08 17:53 476512 -c--a-w- c:\documents and settings\All Users\Application Data\RapidSolution\AudialsOne_2009\RadioRip\RadioRip.dll 2010-05-08 17:53 . 2010-05-08 17:53 169312 -c--a-w- c:\documents and settings\All Users\Application Data\RapidSolution\AudialsOne_2009\RadioRip\PlgSoundclick.dll 2010-05-08 17:53 . 2010-05-08 17:53 111968 -c--a-w- c:\documents and settings\All Users\Application Data\RapidSolution\AudialsOne_2009\RadioRip\PlgPandora.dll 2010-05-08 17:52 . 2010-05-08 17:52 128352 -c--a-w- c:\documents and settings\All Users\Application Data\RapidSolution\AudialsOne_2009\RadioRip\PlgMyspace.dll 2010-05-08 17:52 . 2010-05-08 17:52 111968 -c--a-w- c:\documents and settings\All Users\Application Data\RapidSolution\AudialsOne_2009\RadioRip\PlgLastfm.dll 2010-05-08 17:52 . 2010-05-08 17:52 99680 -c--a-w- c:\documents and settings\All Users\Application Data\RapidSolution\AudialsOne_2009\RadioRip\PlgIJigg.dll 2010-05-08 17:52 . 2010-05-08 17:52 230752 -c--a-w- c:\documents and settings\All Users\Application Data\RapidSolution\AudialsOne_2009\RadioRip\PlgHypemachine.dll 2010-05-08 17:52 . 2010-05-08 17:52 120160 -c--a-w- c:\documents and settings\All Users\Application Data\RapidSolution\AudialsOne_2009\RadioRip\PlgGeneral.dll 2010-05-08 17:52 . 2010-05-08 17:52 91488 -c--a-w- c:\documents and settings\All Users\Application Data\RapidSolution\AudialsOne_2009\RadioRip\PlgDefault.dll 2010-05-08 17:52 . 2010-05-08 17:52 140640 -c--a-w- c:\documents and settings\All Users\Application Data\RapidSolution\AudialsOne_2009\RadioRip\PlgDeezer.dll 2010-05-06 10:32 . 2009-09-01 10:00 916480 -c--a-w- c:\windows\system32\wininet.dll 2010-05-06 07:36 . 2010-04-18 19:17 221568 -c----w- c:\windows\system32\MpSigStub.exe 2010-05-02 08:02 . 2009-09-01 10:00 1860352 ----a-w- c:\windows\system32\win32k.sys 2010-05-01 15:21 . 2010-05-01 15:13 166912 -c--a-w- c:\windows\hpoins27.dat . ------- Sigcheck ------- [-] 2009-09-01 . E0593C5746742DFB99A45B9D1234EBFB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2009-09-01 . 106267D1B1188EBD7FA9A95B6ABCAEBA . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2009-09-01 . 91FD2FD45E5321A74E06A1D051FCFC33 . 662528 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2009-09-01 . B3A28AB23450EBFEAB3CEE207B97EAA5 . 639488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2009-09-01 . 65A4FA0D3394873C9E55E1296FC04A42 . 1766912 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2009-09-01 . CBC8C36E4610EE06EBEBBEC153364B52 . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] 2010-02-27 23:20 561552 -c--a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2010-07-26 12:09 70776 -c--a-w- c:\program files\Internet Download Manager\IDMShellExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-07-27 3241312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-05-13 282792] "IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-09-01 40960] c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang�‡\ UnlockerAssistant.lnk - c:\windows\system32\UnlockerAssistant.exe [2010-4-16 15872] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) "EditLevel"= 0 (0x0) "NoCommonGroups"= 0 (0x0) "NoSMBalloonTip"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\windows\system32\logonui.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk * [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programlar^Başlangıç^alg.lnk] backup=c:\windows\pss\alg.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programlar^Başlangıç^AvaFind.lnk] backup=c:\windows\pss\AvaFind.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programlar^Başlangıç^Stardock ObjectDock.lnk] backup=c:\windows\pss\Stardock ObjectDock.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto Hide IP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-06 00:44 500208 -c----w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2010-02-22 01:57 406992 -c--a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2009-09-01 10:00 40960 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Unlocker.exe] 2009-09-01 10:00 87552 -c--a-w- c:\windows\system32\Unlocker.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WZCSVC"=2 (0x2) "wuauserv"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "TapiSrv"=3 (0x3) "osppsvc"=3 (0x3) "ose"=3 (0x3) "gusvc"=3 (0x3) "gupdate"=2 (0x2) "aspnet_state"=3 (0x3) "TuneUp.ProgramStatisticsSvc"=3 (0x3) "UxTuneUp"=2 (0x2) "TuneUp.Defrag"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "idsvc"=3 (0x3) "Crypkey License"=2 (0x2) "SharedAccess"=2 (0x2) "HssWd"=2 (0x2) "HssTrayService"=3 (0x3) "HssSrv"=2 (0x2) "HotspotShieldService"=2 (0x2) "GateKeeper 4.7"=2 (0x2) "wlidsvc"=2 (0x2) "FLEXnet Licensing Service"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\BitSpirit\\BitSpirit.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5000:UDP"= 5000:UDP:*:Disabled:Akamai NetSession Interface "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 "9176:TCP"= 9176:TCP:*:Disabled:BitComet 9176 TCP "9176:UDP"= 9176:UDP:*:Disabled:BitComet 9176 UDP R0 72585222;72585222 Boot Guard Driver;c:\windows\system32\drivers\72585222.sys [20.07.2010 20:03 37392] R1 72585221;72585221;c:\windows\system32\drivers\72585221.sys [20.07.2010 20:03 128016] R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [13.05.2010 17:43 102856] R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [26.07.2010 17:25 74208] R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\System\CPL Bonus\vcdrom.sys [20.04.2010 10:01 8576] R2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [13.05.2010 17:43 536232] R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [13.05.2010 17:43 337064] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [16.04.2010 21:59 135336] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [13.05.2010 17:43 405672] R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [13.05.2010 17:43 79432] R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21.04.2007 17:15 9344] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [28.07.2010 00:20 312152] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [26.11.2009 00:06 34384] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] S3 ute5otcy;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\ute5otcy.sys --> c:\windows\system32\Drivers\ute5otcy.sys [?] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [17.12.2009 15:02 99152] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?] S4 gupdate;Google Güncelleme Hizmeti (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.04.2010 16:01 135664] S4 ramdisk;AR Soft RAM Disk Service;c:\windows\system32\drivers\ramdisk.sys [10.07.2010 00:19 10431] --- Other Services/Drivers In Memory --- *NewlyCreated* - VCDROM [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}] 2009-03-04 13:32 8192 -c--a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder 2010-07-27 c:\windows\Tasks\AdobeAAMUpdater-1.0-CASPER-CASPER.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-16 00:44] 2010-07-27 c:\windows\Tasks\AdobeAAMUpdater-1.0-MYPC-60466C696E-Administrator.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-16 00:44] 2010-07-28 c:\windows\Tasks\AWC AutoSweep.job - c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-04-16 11:11] 2010-07-27 c:\windows\Tasks\AWC Update.job - c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-04-16 13:18] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uStart Page = hxxp://www.netarar.com/ mStart Page = hxxp://www.netarar.com/ uInternet Settings,ProxyServer = http= uSearchAssistant = hxxp://www.google.com/ie IE: &BitSpirit ile İndir - c:\program files\BitSpirit\bsurl.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Bütün linkleri IDM ile indir - c:\program files\Internet Download Manager\IEGetAll.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: FLV video içeriğini IDM ile indir - c:\program files\Internet Download Manager\IEGetVL.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: IDM ile indir - c:\program files\Internet Download Manager\IEExt.htm IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: OneNote'a G&önder - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 LSP: c:\windows\system32\idmmbc.dll LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: {697B9111-6FDC-41E3-AB0B-0FC82481C701} = 4.2.2.4,4.2.2.6 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jbj6ciff.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tr/ FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 16000 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.max.tokenizing.time - 3000000 FF - user.js: content.maxtextrun - 4095 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 1000000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 1000000 FF - user.js: dom.disable_window_status_change - true FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: network.proxy.type - 0 FF - user.js: nglayout.initialpaint.delay - 1000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file) Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-28 15:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,dd,1e,6b,56,cc,22,43,af,da,e5,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,dd,1e,6b,56,cc,22,43,af,da,e5,\ [HKEY_USERS\S-1-5-21-1757981266-2111687655-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,23,94,b3,f3,fb,3b,41,a4,4f,61,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,30,db,bd,f2,8a,86,6d,4e,bb,b8,45,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,23,94,b3,f3,fb,3b,41,a4,4f,61,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3eea664f-6db8-43dc-a26c-ddadd8706add}] @Denied: (Full) (Everyone) "Model"=dword:000000bb "Therad"=dword:00000009 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):a2,1a,b0,54,1e,d3,ca,cc,4a,72,9c,3b,27,df,fd,85,0d,f5,d2,e8,91, 9c,38,ad,5c,01,39,f1,94,94,0f,1e,32,99,50,02,60,8f,b6,d4,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(596) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(880) c:\windows\system32\setupapi.dll . Completion time: 2010-07-28 15:09:46 ComboFix-quarantined-files.txt 2010-07-28 12:09 Pre-Run: 9.813.114.880 bayt boş Post-Run: 9.805.733.888 bayt boş WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect - - End Of File - - 61BAF165CDBEF1FB5AE6CA60260C8912 soruna bir çare bulan olursa yazsın çünkü çook kullanıyorum bu tuşları Link to comment Share on other sites More sharing options...
crazy_vefa Posted July 28, 2010 Share Posted July 28, 2010 tekrar combofixle tarat, temizle sonra netten driverlarını bul yükle o zaman çalışır, driverdan kaynaklı o makro tuşları... normaldir... Link to comment Share on other sites More sharing options...
Bitmap Posted July 28, 2010 Author Share Posted July 28, 2010 işte driver bulamıyorum bulsan yapıcam ama yok klavye vista için yapılmış yani xp driver yok cerficated for vista yada öyle bişey Link to comment Share on other sites More sharing options...
crazy_vefa Posted July 28, 2010 Share Posted July 28, 2010 takıp çıkartmışsındır... Please register to see this content. bunları denermisin Link to comment Share on other sites More sharing options...
Bitmap Posted July 28, 2010 Author Share Posted July 28, 2010 arkadaşlar bu driverlerda çare olmadı lütfen bi çözüm Link to comment Share on other sites More sharing options...
crazy_vefa Posted July 28, 2010 Share Posted July 28, 2010 egri dönüp malwarebytes ve spyware doctor ile tarat spyware doctor hep bulur bu tip virüsleri kbaşka çaren yok, exe lere saldırıp onları da virüslü gösterebilir virüs driver combofixten sonra bence bundan dolayı gtmiştir... Link to comment Share on other sites More sharing options...
emutlu Posted July 28, 2010 Share Posted July 28, 2010 Dracula adlı programı kullan. Aynı işi görüyor, ücretsiz.. Link to comment Share on other sites More sharing options...
xfailedkomplex Posted July 28, 2010 Share Posted July 28, 2010 şu uzun ve zor yöntem çözüm olabilir kılavyeni başka sağlam bir bilgisayara tak eğer orda tuşlar beklediğin gibi çalışıyorsa aygıt yöneticisinden kılavyeyi bul ÖZELLİKLER ardından SÜRÜCÜ sekmesine tıkla ordan ayrıntılar ve dosyaların bulunduğu konumdan sürücünun dosyalarını kopyala ve kendi bildisayarında klavyen takılı iken kılavyenin sürücüsünü özellikler sekmesinden gelişmiş kaldırı secerek kaldırıp çalışan driver dosyalarını kopyaladığın klasore at sonrada donanım değişikliklerini tarat 2. seçenek driver dedective gibi bir driver güncelleme programı ile driverleri güncelle Link to comment Share on other sites More sharing options...
Tnctr-tnctr Posted July 28, 2010 Share Posted July 28, 2010 verdiği log a bakılırsa çok şeyi kurcalamış combofix o kadar tarama yapıyormuydu o ya Link to comment Share on other sites More sharing options...
taba Posted July 29, 2010 Share Posted July 29, 2010 arkadaşlar dün combo fix çalıştırdım taradı bitirdi casper dlk -5108 klavye nin multimedia tuşları çalışmıyordu geri yükleme yaptım tabi virüslerde geri yüklendi bu gün yine çalıştırdım yine aynısı oldu klavye multimedia tuşları çalışmıyor log dosyası burada soruna bir çare bulan olursa yazsın çünkü çook kullanıyorum bu tuşları Sn."byvistakazim", Sizin asıl sorununuz klavye değil kötücül... ComboFix, sisteminizde aşağıdaki kötücülleri saptamış: 1) Keylogger (Probot): c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI 2) Truvaatı: Uninstal.exe 3) Truvaatı: 1.bat 4) Truvaatı yükleyici: bn.dll 5) Spyware: twain_16.dll * Kullandığınız antivirüs (Avira AntiVir) son 4 yılın en iyisi. Yukardaki kötücülleri o da bulup siler; ama, doğru kullanmak koşuluyla... (Windows'un Sistem Geri Yükleme özelliğini kapatmak, Bilgisayarı güvenli kipte başlatıp , sistem taraması yaptırmak) * Antivirüslerin yakaladığı ve ama silemediği bir kötücülle karşılaşılırsa, yapılacak ilk iş yukarda da denildiği gibi güvenli kipte tarama yaptırmaktır; güvenli kip de işe yaramazsa, yapılacak en iyi iş ComboFix kullanmaktır (Yalnızca XP ve Vista'da); ancak, ComboFix'i de doğru kullanmak gerekir. Örneğin, ComboFix'i masaüstüne indirip, orada çalıştırmak gerekir; sizse D:'ye indirip oradan, çalıştırmışsınız ki, yine de epey kötücül saptamış... * ComboFix arasıra (size göre) yanlış işler de yapabilir; örneğin, korsan XP kullanıyorsanız, kırma işlemini silebilir ve XP'yi yeniden kırmanız gerekebilir... * Klavyenizin multimedya tuşlarının çalışmama sorunu, yukardakilerin yanında solda sıfır kalır; klavye üreticisinin sitesine girer, sürücüsünü indirir kurarsınız, olur biter... Esenlikler... Link to comment Share on other sites More sharing options...
Bitmap Posted July 29, 2010 Author Share Posted July 29, 2010 bu arada antivir değil premium security suite ona rağmen giriyorsa ne denir artık gerek kalmadı windows 7 kurdum gerçekten çok iyi benim için xp bitmiştir dahada xp kullanmam Link to comment Share on other sites More sharing options...
taba Posted July 29, 2010 Share Posted July 29, 2010 bu arada antivir değil premium security suite ona rağmen giriyorsa ne denir artık gerek kalmadı windows 7 kurdum gerçekten çok iyi benim için xp bitmiştir dahada xp kullanmam Güzel... * Var olan alışkanlıklarınız (yani, girdiğiniz siteler, indirip kurup oynadığınız oyunlar) nedeniyle yukarda belirttiğim Keylogger'ı yeniden konuk edebilirsiniz ki, sonucunda bilgisayarınız yine "zombi" olur ve tüm şifreleriniz (banka hesaplarınız da içinde) ilgili kişiye e-posta ile iletilir; keylogger için XP'ymiş, Windows7'ymiş farketmez, önlem almazsanız... Not: "premium security suite" AntiVir'dir; AntiVir'in güvenlik duvarlısıdır. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.