v3nom_47 Posted November 3, 2008 Share Posted November 3, 2008 2006 yılından bu yana aktif olan bir trojan, 50.000'in üzerinde kredi kartını nasıl çaldı? Üç seneden beri ortalıkta dolaşan bir trojan, 50 bini kredi kartı bilgisi olmak üzere, üç milyonun üzerinde bilgi toplamayı başardı. Bu bilgiler arasında banka hesaplarından FTP şifrelerine ve e-postalara kadar hemen her şey var. Yazılım muhtemelen Rusya'dan kontrol ediliyor. "Sinowal" ismindeki trojan RSA FraudAction Research Lab'a göre 2006 Şubat ayından bu yana aktif ve uyum sağlayabilme yetisi sayesinde halen hayatta: Sadece 2008 Nisan ve Ekim ayları arasında araştırmacılar zararlı yazılımın 60 farklı sürümünü keşfettiler. Sinowal, Master Boot Record'a (MBR) yerleşiyor ve bulaştığı PC'nin önceden programlanmış 3000 adet finans sitesini açmasını bekliyor. Bu süreç tamamlandığında trojan URL'yi veya sitenin bir kısmını değiştiriyor ve böylece kredi kartı bilgilerine saldırıyor. Sadece geçen 6 ay içinde trojan 100.000 yeni kurban buldu. Trojan güvenlik yazılımları tarafından çok zor tespit ediliyor; en yeni sürümünü tarayıcıların sadece üçte biri tanıyor. Tarama Liste: http://www.virustotal.com/analisis/e124e55a8ac21d5898e5181c4a82c543[/CODE][color=#00BFFF]Kaynak: veteknoloji[/color] Link to comment Share on other sites More sharing options...
3yl3mci Posted November 3, 2008 Share Posted November 3, 2008 Vaybeeeeeeeeeee Viirüs Veri Tabanına Bakın Ne Muhteşem İşler Çeviri :) Sevdim Keratayıı Link to comment Share on other sites More sharing options...
v3nom_47 Posted November 3, 2008 Author Share Posted November 3, 2008 Tespit Eden Antivirüs Yazılımları Kaspersky 7.0.0.125 Backdoor.Win32.Sinowal.wj AntiVir 7.9.0.5 TR/PWS.Sinowal.Gen AVG 8.0.0.161 BackDoor.Generic10.SMQ DrWeb 4.44.0.09170 Trojan.Packed.1189 F-Secure 8.0.14332.0 Backdoor.Win32.Sinowal.wj Fortinet 3.113.0.0 PossibleThreat Ikarus T3.1.1.44.0 PWS.Win32.Sinowal.M Microsoft 1.4005 PWS:Win32/Sinowal.gen!M SecureWeb-Gateway 6.7.6 Trojan.PWS.Sinowal.Gen TrendMicro 8.700.0.1004 ryp_Xed-3 Link to comment Share on other sites More sharing options...
Lifeless Posted November 3, 2008 Share Posted November 3, 2008 O kadar övdükleri Eset smart security yada Nod32 yi göremedim listede Link to comment Share on other sites More sharing options...
alperica Posted November 3, 2008 Share Posted November 3, 2008 o sevmediğiniz AVAST! ın virüs raporu AntiVir 7.9.0.5 2008.10.21 TR/PWS.Sinowal.Gen RAPOR : ((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 ))))))))))))))))))))))))))))))) . 2008-10-11 18:19 . 2008-10-11 18:19 <DIR> d-------- C:\Programfiler\Trend Micro 2008-10-11 18:18 . 2008-10-11 18:37 <DIR> dr-h----- C:\Documents and Settings\Eier\Siste 2008-10-11 00:07 . 2008-10-11 00:50 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\vlc 2008-10-05 18:59 . 2008-07-18 22:08 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-09-16 19:59 . 2008-09-16 19:59 <DIR> d-------- C:\Programfiler\LSoft Technologies Inc 2008-09-13 16:04 . 2008-09-23 20:55 <DIR> d-------- C:\Programfiler\mIRC 2008-09-13 16:04 . 2008-09-23 20:57 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\mIRC . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-11 16:07 --------- d-----w C:\Programfiler\SpeedFan 2008-10-11 16:07 --------- d-----w C:\Documents and Settings\All Users\Programdata\HDD Thermometer 2008-10-11 14:15 --------- d-----w C:\Documents and Settings\Eier\Programdata\uTorrent 2008-10-11 14:15 --------- d-----w C:\Documents and Settings\Eier\Programdata\DVD Flick 2008-10-11 12:27 --------- d-----w C:\Programfiler\Epoq Design 2008-10-08 17:36 --------- d-----w C:\Programfiler\Opera 2008-10-06 14:58 --------- d-----w C:\Programfiler\DVDlabPro 2008-10-05 16:33 --------- d-----w C:\Documents and Settings\Eier\Programdata\Vso 2008-10-04 23:46 --------- d-----w C:\Programfiler\Microsoft Picture It! PhotoPub 2008-10-01 21:39 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-09-29 13:24 10,488 -c--a-w C:\Documents and Settings\Eier\Programdata\wklnhst.dat 2008-09-28 15:05 --------- d-----w C:\Programfiler\IKEA HomePlanner 2008-09-26 19:25 --------- d-----w C:\Documents and Settings\Eier\Programdata\ImgBurn 2008-09-26 14:37 --------- d-----w C:\Documents and Settings\All Users\Programdata\CanonIJPLM 2008-09-16 17:59 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-09-12 15:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-09-07 22:28 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-09-06 19:32 --------- d-----w C:\Documents and Settings\Eier\Programdata\gtk-2.0 2008-09-05 20:37 --------- d-----w C:\Documents and Settings\Eier\Programdata\Creative ASR2 2008-09-03 18:21 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-09-03 17:32 --------- d-----w C:\Documents and Settings\Eier\Programdata\wsInspector 2008-09-02 10:48 19,512 ----a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys 2008-08-31 19:29 --------- d-----w C:\Documents and Settings\Eier\Programdata\Registry Booster 2008-08-30 15:44 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-26 16:07 --------- d-----w C:\Programfiler\Photosynth 2008-07-21 15:52 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-07-21 15:52 249,856 ------w C:\WINDOWS\Setup1.exe 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-05-19 19:10 125,288 ----a-w C:\Documents and Settings\Eier\Programdata\GDIPFONTCACHEV1.DAT 2007-04-26 16:27 166,958 ----a-w C:\Documents and Settings\Eier\channels.dat 2007-03-13 22:03 87,608 ----a-w C:\Documents and Settings\Eier\Programdata\ezpinst.exe 2007-03-13 22:03 47,360 ----a-w C:\Documents and Settings\Eier\Programdata\pcouffin.sys 2005-05-13 15:12 217,073 --sha-r C:\WINDOWS\meta4.exe 2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll 2005-06-26 13:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-21 20:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll 2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll 2006-05-26 23:35 848 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll 2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll 2005-02-28 11:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe 2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll 2008-05-06 21:51 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008050620080507\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpeedStartup"="C:\Programfiler\Speed Startup\speedstartup.exe" [2006-07-28 2209280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] "SpeedStartup"="C:\Programfiler\Speed Startup\speedstartup.exe" [2006-07-28 2209280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "CMSRegOW.exe"="C:\Programfiler\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 57344] "SetDefaultMidi"="MIDIDEF.EXE" [2006-08-11 C:\WINDOWS\MIDIDEF.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.yv12"= yv12vfw.dll "MSVideo"= CSvidcap.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BTTray.lnk] backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Eier^Start-meny^Programmer^Oppstart^Yahoo! Widget Engine.lnk] backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinCinemaMgr [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a--c--- 2003-08-12 21:10 335872 C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2006-11-16 20:04 139264 C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] --a------ 2007-04-03 18:50 1603152 C:\Programfiler\Canon\MyPrinter\BJMYPRT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] --a------ 2007-05-14 18:01 644696 C:\Programfiler\Canon\SolutionMenu\CNSLMAIN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet] --a------ 2002-09-30 01:00 45056 C:\Programfiler\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] --a------ 2002-10-29 09:18 49152 C:\Programfiler\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-02-16 23:11 49152 C:\Programfiler\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration] --a--c--- 2005-09-05 06:55 53248 C:\Programfiler\Fellowes\MediaFACE 4.0\SetHook.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder] --a------ 2003-07-07 09:29 729088 C:\Programfiler\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-01-08 00:24 155648 C:\Programfiler\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedStartup] --a------ 2006-07-28 13:04 2209280 C:\Programfiler\Speed Startup\speedstartup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler] --a------ 2005-04-18 11:16 73728 C:\Programfiler\Logitech\Profiler\LWEMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k] --a--c--- 2003-08-14 20:11 139264 C:\Programfiler\Multimedia Card Reader\shwicon2k.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] --a------ 2008-05-02 06:15 15872 C:\Programfiler\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --a------ 2003-08-19 02:01 110592 C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --------- 2008-04-14 18:23 110592 C:\WINDOWS\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AdobeActiveFileMonitor6.0"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Programfiler\\TmSunrise\\TmSunrise.exe"= "C:\\Programfiler\\Utorrent\\utorrent.exe"= "C:\\Programfiler\\WinMX\\WinMX.exe"= "C:\\Programfiler\\limewire\\LimeWire.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Programfiler\\mIRC\\mirc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Soulseek-Test\\slsk.exe"= "C:\\Programfiler\\TrackMania United\\TmUnited.exe"= "C:\\Programfiler\\Opera\\Opera.exe"= "C:\\Programfiler\\Fellesfiler\\Ahead\\Nero Web\\SetupX.exe"= "C:\\Programfiler\\CyberLink\\PowerDVD\\PowerDVD.exe"= "C:\\WINDOWS\\system32\\mmc.exe"= "C:\\Programfiler\\TmUnitedForever\\TmForever.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56971:TCP"= 56971:TCP:uTorrent R0 immplmnb;immplmnb;C:\WINDOWS\system32\drivers\szwzqxdq.dat [ ] R1 Pivot;Pivot;C:\WINDOWS\system32\drivers\pivot.sys [2007-02-09 17465] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Programfiler\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51 13560] R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 20448] R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-05-09 331392] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-09-02 19512] R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-04-28 24192] S2 IJPLMSVC;PIXMA Extended Survey Program;C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528] S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2008-04-29 183352] S3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\WINDOWS\system32\drivers\pivotmou.sys [2007-02-09 11323] S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832] . Contents of the 'Scheduled Tasks' folder 2008-10-10 C:\WINDOWS\Tasks\Internet Explorer.job - C:\PROGRA~1\INTERN~1\iexplore.exe [2008-06-23 11:23] . - - - - ORPHANS REMOVED - - - - HKLM-RunOnce-<NO NAME> - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.p4.no/player/player.aspx?channel=1 O8 -: &Define - file://C:\Programfiler\IEToys\Webster.htm O8 -: &Delete Images - file://C:\Programfiler\IEToys\CleanDom.htm O8 -: &MSN - file://C:\Programfiler\IEToys\MSN.htm O8 -: Copy Location - file://C:\Programfiler\IEToys\CopyLocation.htm O8 -: Easy-WebPrint Add To Print List - C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 -: Easy-WebPrint High Speed Print - C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 -: Easy-WebPrint Preview - C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 -: Easy-WebPrint Print - C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 -: Encyclopedia &Lookup - file://C:\Programfiler\IEToys\WebEncyc.htm O8 -: HTML So&urce - file://C:\Programfiler\IEToys\HTMLSrc.htm O8 -: I&mage List - file://C:\Programfiler\IEToys\ImageList.htm O8 -: Linkif&y && Open - file://C:\Programfiler\IEToys\Linkify.htm O8 -: Open with ScanSoft PDF Converter 4.0 - C:\Programfiler\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100 O8 -: Send To &Bluetooth - C:\Programfiler\Belkin\Bluetooth Software\btsendto_ie_ctx.htm O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll O16 -: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - hxxp://no.pixaco.com/static/download/pixacodndupload.cab C:\WINDOWS\Downloaded Program Files\PIXACODnDUpload.inf C:\WINDOWS\Downloaded Program Files\tra2_3_0.rc C:\WINDOWS\Downloaded Program Files\PIXACODnDUpload.ocx . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, Rootkit scan 2008-10-11 18:44:21 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet005\Services\immplmnb] "ImagePath"="system32\drivers\szwzqxdq.dat" [HKEY_LOCAL_MACHINE\system\ControlSet005\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Programfiler\CyberLink\PowerDVD\000.fcl" . Completion time: 2008-10-11 18:47:27 ComboFix-quarantined-files.txt 2008-10-11 16:46:52 Pre-Run: 70 533 312 512 byte ledig Post-Run: 70,702,911,488 byte ledig 216 --- E O F --- 2008-01-09 14:09:29 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:54:40, on 11.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Belkin\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\CTSvcCDA.EXE C:\Programfiler\Fellesfiler\Portrait Displays\Shared\DTSRVC.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE C:\WINDOWS\system32\oodag.exe C:\Programfiler\Dantz\Retrospect\retrorun.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\Explorer.EXE c:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe C:\Programfiler\HDD Thermometer\HDD Thermometer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Norman\Npm\bin\ZLH.EXE C:\Norman\Nvc\bin\cclaw.exe C:\Programfiler\SpeedFan\speedfan.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programfiler\Desktop Sidebar\sbhelp.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [speedStartup] C:\Programfiler\Speed Startup\speedstartup.exe bootup O4 - HKLM\..\RunOnce: [speedStartup] C:\Programfiler\Speed Startup\speedstartup.exe runonce O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O8 - Extra context menu item: &Define - file://C:\Programfiler\IEToys\Webster.htm O8 - Extra context menu item: &Delete Images - file://C:\Programfiler\IEToys\CleanDom.htm O8 - Extra context menu item: &MSN - file://C:\Programfiler\IEToys\MSN.htm O8 - Extra context menu item: Copy Location - file://C:\Programfiler\IEToys\CopyLocation.htm O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Encyclopedia &Lookup - file://C:\Programfiler\IEToys\WebEncyc.htm O8 - Extra context menu item: HTML So&urce - file://C:\Programfiler\IEToys\HTMLSrc.htm O8 - Extra context menu item: I&mage List - file://C:\Programfiler\IEToys\ImageList.htm O8 - Extra context menu item: Linkif&y && Open - file://C:\Programfiler\IEToys\Linkify.htm O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Programfiler\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100 O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\Belkin\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programfiler\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programfiler\Desktop Sidebar\sbhelp.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programfiler\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - Please register to see this content. O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\Belkin\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programfiler\Fellesfiler\Portrait Displays\Shared\DTSRVC.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Programfiler\Dantz\Retrospect\retrorun.exe Link to comment Share on other sites More sharing options...
69sihirbaz69 Posted November 3, 2008 Share Posted November 3, 2008 o sevmediğiniz AVAST! ın virüs raporu (gerisini yazmaya gözüm yemedi evet kardeş avast doğruca hergün güncellendimi hem hızlı hemde sorunsuz çalışıyo bide vrdb(virüs kurtarma veri tabanı) yi çalıştırdıkmı tadından yenmez onuda her taramadan taramaya yapılsa hiç fena olmaz ben hala avastı kullanıyorum home edition bi sorunum yok hattağa kayıdım bile var avast ı tavsiye ederim Link to comment Share on other sites More sharing options...
v3nom_47 Posted November 3, 2008 Author Share Posted November 3, 2008 (gerisini yazmaya gözüm yemedi evet kardeş avast doğruca hergün güncellendimi hem hızlı hemde sorunsuz çalışıyo bide vrdb(virüs kurtarma veri tabanı) yi çalıştırdıkmı tadından yenmez onuda her taramadan taramaya yapılsa hiç fena olmaz ben hala avastı kullanıyorum home edition bi sorunum yok hattağa kayıdım bile var avast ı tavsiye ederim Evladımı Kesseler Bana Deselerki Gel Geç Avasta Geçmem.Avast Kadar 5 Para Etmez Antivürüs Yazılımı Olamaz. Link to comment Share on other sites More sharing options...
Kozan76 Posted November 22, 2008 Share Posted November 22, 2008 Tespit Eden Antivirüs YazılımlarıKaspersky 7.0.0.125 Backdoor.Win32.Sinowal.wj AntiVir 7.9.0.5 TR/PWS.Sinowal.Gen AVG 8.0.0.161 BackDoor.Generic10.SMQ DrWeb 4.44.0.09170 Trojan.Packed.1189 F-Secure 8.0.14332.0 Backdoor.Win32.Sinowal.wj Fortinet 3.113.0.0 PossibleThreat Ikarus T3.1.1.44.0 PWS.Win32.Sinowal.M Microsoft 1.4005 PWS:Win32/Sinowal.gen!M SecureWeb-Gateway 6.7.6 Trojan.PWS.Sinowal.Gen TrendMicro 8.700.0.1004 ryp_Xed-3 KİS 9 'u listede göremedim,bulamıyormu Link to comment Share on other sites More sharing options...
CaNCaN Posted November 22, 2008 Share Posted November 22, 2008 Kıs 7.0.2.407 Bırakmadı Link to comment Share on other sites More sharing options...
0sk1 Posted November 22, 2008 Share Posted November 22, 2008 Backdoor.Win32.Sinowal.wj?bu mu dün benim pc de de bu uyarıyı verdi kasper hemen format attım Link to comment Share on other sites More sharing options...
zadi01 Posted November 22, 2008 Share Posted November 22, 2008 hayranıyım bu worm ve trojanların gün gelir işallah bende yazarım bir tane Link to comment Share on other sites More sharing options...
0sk1 Posted November 22, 2008 Share Posted November 22, 2008 yazmak aslında pek zor değil ama onu gizlemek Link to comment Share on other sites More sharing options...
ZEUS__ Posted November 30, 2008 Share Posted November 30, 2008 hala avast kullanın diyen var ya.kendini virüs olarak görüyor program. Link to comment Share on other sites More sharing options...
BrightBlade Posted November 30, 2008 Share Posted November 30, 2008 Nasıl insanlarsınız siz! Virüs, trojan vs. yazabilmek istiyorsunuz! Hem korunmak için elinizden geleni yapıyorsunuz, hem de bende yapmak istiyorum diyorsunuz! Yazık, nasıl bir karaktersizliktir bu. Başkalarının canını yakmak hoşunuza gidiyorsa, gidin orduya katılın işe yararsınız! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.