HiJackThis Combofix analiz rapaoru

Sıkça Sorulan Sorular

Parola Hatırlat

Seçenekler

Paylaş

HiJackThis Combofix analiz rapaoru

thedarkblue Yeni Üye Mesaj 3 Kayıt 20 Oca 2012 Kişisel Sayfası	21 Oca 2012 20:41 Yanıtla Alıntı Arkadaşlar bilgisayarı 5 dk önce güvenli modda açıp ComboFix ve HiJackThis programları tarafından tarattım sonuç olarak COMBOFİX RAPARO Kod: Tüm Kodu Seç ComboFix 12-01-19.02 - User 23.01.2012 15:27:16.2.2 - x86 MINIMAL Running from: c:\documents and settings\User\Desktop\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-12-23 to 2012-01-23 ))))))))))))))))))))))))))))))) . . . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2011-12-28 12:41 . 2008-04-14 07:01 294912 ----a-w- c:\windows\system32\msh263.drv 2011-12-28 12:41 . 2008-04-14 07:00 52736 ----a-w- c:\windows\system32\wzcsapi.dll 2011-12-28 12:41 . 2008-04-14 07:00 483840 ----a-w- c:\windows\system32\wzcsvc.dll 2011-12-28 12:41 . 2008-04-14 07:00 35328 ----a-w- c:\windows\system32\pid.dll 2011-12-28 12:41 . 2008-04-14 07:00 48128 ----a-w- c:\windows\system32\dmutil.dll 2011-12-28 12:41 . 2008-04-14 07:00 20992 ----a-w- c:\windows\system32\hid.dll 2011-12-28 12:41 . 2008-04-14 06:44 80256 ----a-w- c:\windows\system32\drivers\parport.sys 2011-12-28 12:41 . 2008-04-14 06:44 46464 ----a-w- c:\windows\system32\drivers\p3.sys 2011-12-28 12:41 . 2008-04-14 06:40 40576 ----a-w- c:\windows\system32\drivers\crusoe.sys 2011-12-28 12:41 . 2008-04-14 06:35 41472 ----a-w- c:\windows\system32\drivers\amdk7.sys 2011-12-28 12:41 . 2008-04-14 06:35 41088 ----a-w- c:\windows\system32\drivers\amdk6.sys 2011-12-28 12:41 . 2008-04-14 06:34 39680 ----a-w- c:\windows\system32\drivers\processr.sys 2011-12-28 12:41 . 2008-04-14 06:33 23168 ----a-w- c:\windows\system32\drivers\mouclass.sys 2011-12-28 12:41 . 2008-04-14 06:33 30208 ----a-w- c:\windows\system32\drivers\modem.sys 2011-12-28 12:41 . 2008-04-13 09:56 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys 2011-12-28 12:41 . 2008-04-13 09:56 14592 ----a-w- c:\windows\system32\drivers\ndisuio.sys 2011-12-28 12:41 . 2008-04-13 09:51 61824 ----a-w- c:\windows\system32\drivers\nic1394.sys 2011-12-28 12:41 . 2008-04-13 09:51 60800 ----a-w- c:\windows\system32\drivers\arp1394.sys 2011-12-28 12:41 . 2008-04-13 09:46 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys 2011-12-28 12:41 . 2008-04-13 09:45 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys 2011-12-28 12:41 . 2008-04-13 09:45 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys 2011-12-28 12:41 . 2008-04-13 09:45 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys 2011-12-28 12:41 . 2008-04-13 09:39 4352 ----a-w- c:\windows\system32\drivers\swenum.sys 2011-12-28 12:41 . 2008-04-13 09:36 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys 2011-12-28 12:41 . 2008-04-13 09:36 63744 ----a-w- c:\windows\system32\drivers\mf.sys 2011-12-28 12:41 . 2001-11-21 19:35 55296 ----a-w- c:\windows\system32\dvdplay.exe 2011-12-28 12:41 . 2001-11-21 19:35 8192 ----a-w- c:\windows\system32\streamci.dll 2011-12-28 12:41 . 2001-11-21 18:31 12160 ----a-w- c:\windows\system32\drivers\fsvga.sys 2011-12-28 12:41 . 2001-08-17 19:06 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys 2011-12-28 12:41 . 2001-08-17 18:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys 2011-12-15 18:56 . 2011-12-15 18:56 44536 ----a-w- c:\windows\system32\wups2.dll 2011-12-15 18:56 . 2011-12-15 18:56 35320 ----a-w- c:\windows\system32\wups.dll 2011-12-15 18:56 . 2011-12-15 18:56 209400 ----a-w- c:\windows\system32\wuweb.dll 2011-12-15 18:56 . 2011-12-15 18:56 165376 ----a-w- c:\windows\system32\wusetup.exe 2011-12-15 18:56 . 2011-12-15 18:56 82944 ----a-w- c:\windows\system32\drivers\wudfrd.sys 2011-12-15 18:56 . 2011-12-15 18:56 55808 ----a-w- c:\windows\system32\wudfsvc.dll 2011-12-15 18:56 . 2011-12-15 18:56 316416 ----a-w- c:\windows\system32\wudfx.dll 2011-12-15 18:56 . 2011-12-15 18:51 165376 ----a-w- c:\windows\system32\WudfPlatform.dll 2011-12-15 18:56 . 2011-12-15 18:56 77568 ----a-w- c:\windows\system32\drivers\wudfpf.sys 2011-12-15 18:56 . 2011-12-15 18:56 327672 ----a-w- c:\windows\system32\wucltui.dll 2011-12-15 18:56 . 2011-12-15 18:56 146432 ----a-w- c:\windows\system32\wudfhost.exe 2011-12-15 18:56 . 2011-12-15 18:51 95344 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2011-12-15 18:56 . 2011-12-15 18:51 23544 ----a-w- c:\windows\system32\wucltui.dll.mui 2011-12-15 18:56 . 2011-12-15 18:56 22520 ----a-w- c:\windows\system32\wuauserv.dll 2011-12-15 18:56 . 2011-12-15 18:56 1931256 ----a-w- c:\windows\system32\wuaueng.dll 2011-12-15 18:56 . 2011-12-15 18:51 17400 ----a-w- c:\windows\system32\wuaueng.dll.mui 2011-12-15 18:56 . 2011-12-15 18:56 217592 ----a-w- c:\windows\system32\wuaucpl.cpl 2011-12-15 18:56 . 2011-12-15 18:51 15352 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2011-12-15 18:56 . 2011-12-15 18:56 575480 ----a-w- c:\windows\system32\wuapi.dll 2011-12-15 18:56 . 2011-12-15 18:56 53240 ----a-w- c:\windows\system32\wuauclt.exe 2011-12-15 18:56 . 2011-12-15 18:51 15352 ----a-w- c:\windows\system32\wuapi.dll.mui 2011-12-15 18:56 . 2011-12-15 18:56 90112 ----a-w- c:\windows\system32\wshext.dll 2011-12-15 18:56 . 2011-12-15 18:56 155648 ----a-w- c:\windows\system32\wscript.exe 2011-12-15 18:56 . 2011-12-15 18:56 135168 ----a-w- c:\windows\system32\wshom.ocx 2011-12-15 18:56 . 2011-12-15 18:56 38528 ----a-w- c:\windows\system32\drivers\wpdusb.sys 2011-12-15 18:56 . 2011-12-15 18:56 356352 ----a-w- c:\windows\system32\wpdsp.dll 2011-12-15 18:56 . 2011-12-15 18:56 38400 ----a-w- c:\windows\system32\wpdshextres.dll 2011-12-15 18:56 . 2011-12-15 18:56 2603008 ----a-w- c:\windows\system32\wpdshext.dll 2011-12-15 18:56 . 2011-12-15 18:56 17408 ----a-w- c:\windows\system32\wpdshextautoplay.exe 2011-12-15 18:56 . 2011-12-15 18:56 133632 ----a-w- c:\windows\system32\wpdshserviceobj.dll 2011-12-15 18:56 . 2011-12-15 18:56 63488 ----a-w- c:\windows\system32\wpdmtpus.dll 2011-12-15 18:56 . 2011-12-15 18:56 671232 ----a-w- c:\windows\system32\wpdmtpdr.dll 2011-12-15 18:56 . 2011-12-15 18:56 629760 ----a-w- c:\windows\system32\wpd_ci.dll 2011-12-15 18:56 . 2011-12-15 18:56 35840 ----a-w- c:\windows\system32\wpdconns.dll 2011-12-15 18:56 . 2011-12-15 18:56 154624 ----a-w- c:\windows\system32\wpdmtp.dll 2011-12-15 18:56 . 2011-12-15 18:56 656896 ----a-w- c:\windows\system32\wmvxencd.dll 2011-12-15 18:56 . 2011-12-15 18:56 767488 ----a-w- c:\windows\system32\wmvsencd.dll 2011-12-15 18:56 . 2011-12-15 18:56 1382912 ----a-w- c:\windows\system32\wmvsdecd.dll 2011-12-15 18:56 . 2011-12-15 18:56 1575424 ----a-w- c:\windows\system32\wmvencod.dll 2011-12-15 18:56 . 2011-12-15 18:56 4096 ----a-w- c:\windows\system32\wmvdmoe2.dll 2011-12-15 18:56 . 2011-12-15 18:56 4096 ----a-w- c:\windows\system32\wmvdmod.dll 2011-12-15 18:56 . 2011-12-15 18:56 1543680 ----a-w- c:\windows\system32\wmvdecod.dll 2011-12-15 18:56 . 2011-12-15 18:56 4096 ----a-w- c:\windows\system32\wmvadve.dll 2011-12-15 18:56 . 2011-12-15 18:56 4096 ----a-w- c:\windows\system32\wmvadvd.dll 2011-12-15 18:56 . 2011-12-15 18:56 1329152 ----a-w- c:\windows\system32\wmspdmoe.dll 2011-12-15 18:56 . 2011-12-15 18:56 604160 ----a-w- c:\windows\system32\wmspdmod.dll 2011-12-15 18:56 . 2011-12-15 18:56 4096 ----a-w- c:\windows\system32\wmsdmoe2.dll 2011-12-15 18:56 . 2011-12-15 18:56 4096 ----a-w- c:\windows\system32\wmsdmod.dll 2011-12-15 18:56 . 2011-12-15 18:56 204288 ----a-w- c:\windows\system32\wmpsrcwp.dll 2011-12-15 18:56 . 2011-12-15 18:56 99840 ----a-w- c:\windows\system32\wmpshell.dll 2011-12-15 18:56 . 2011-12-15 18:56 130048 ----a-w- c:\windows\system32\wmpps.dll 2011-12-15 18:56 . 2011-12-15 18:56 613376 ----a-w- c:\windows\system32\wmpmde.dll 2011-12-15 18:55 . 2011-12-15 18:55 8252416 ----a-w- c:\windows\system32\wmploc.dll 2011-12-15 18:55 . 2011-12-15 18:55 1661952 ----a-w- c:\windows\system32\wmpencen.dll 2011-12-15 18:55 . 2011-12-15 18:55 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2011-12-15 18:55 . 2011-12-15 18:51 295936 ----a-w- c:\windows\system32\wmpeffects.dll 2011-12-15 18:55 . 2011-12-15 18:55 211456 ----a-w- c:\windows\system32\wmpasf.dll 2011-12-15 18:55 . 2011-12-15 18:55 938496 ----a-w- c:\windows\system32\wmnetmgr.dll 2011-12-15 18:55 . 2011-12-15 18:55 157184 ----a-w- c:\windows\system32\wmidx.dll 2011-12-15 18:55 . 2011-12-15 18:55 535040 ----a-w- c:\windows\system32\wmdrmsdk.dll 2011-12-15 18:55 . 2011-12-15 18:55 221696 ----a-w- c:\windows\system32\wmerror.dll 2011-12-15 18:55 . 2011-12-15 18:55 429056 ----a-w- c:\windows\system32\wmdrmdev.dll 2011-12-15 18:55 . 2011-12-15 18:55 348672 ----a-w- c:\windows\system32\wmdrmnet.dll 2011-12-15 18:55 . 2011-12-15 18:55 37376 ----a-w- c:\windows\system32\wmdmps.dll 2011-12-15 18:55 . 2011-12-15 18:55 33792 ----a-w- c:\windows\system32\wmdmlog.dll 2011-12-15 18:55 . 2011-12-15 18:55 222208 ----a-w- c:\windows\system32\wmasf.dll 2011-12-15 18:55 . 2011-12-15 18:55 1117696 ----a-w- c:\windows\system32\wmadmoe.dll 2011-12-15 18:55 . 2011-12-15 18:55 757248 ----a-w- c:\windows\system32\wmadmod.dll 2011-12-15 18:55 . 2011-12-15 18:55 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-12-15 18:55 . 2011-12-15 18:55 178176 ----a-w- c:\windows\system32\wintrust.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2011-12-28 . E88631E21A9CACA06104802F9E915115 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2012-01-21_12.01.41 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-15 13:00 . 2012-01-23 13:29 97862 c:\windows\system32\perfc01F.dat + 2008-04-15 13:00 . 2012-01-23 13:29 86076 c:\windows\system32\perfc009.dat + 2012-01-20 12:14 . 2011-12-10 13:24 20464 c:\windows\system32\drivers\mbam.sys + 2008-04-15 13:00 . 2012-01-23 13:29 484750 c:\windows\system32\perfh01F.dat + 2008-04-15 13:00 . 2012-01-23 13:29 499312 c:\windows\system32\perfh009.dat + 2012-01-21 15:38 . 2008-04-15 11:00 171008 c:\windows\system32\dllcache\msconfig.exe + 2012-01-21 15:38 . 2008-04-15 11:00 171008 c:\windows\PCHealth\HelpCtr\Binaries\msconfig.exe + 2012-01-21 18:36 . 2012-01-21 18:36 1094656 c:\windows\Installer\184796.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ID M Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-05-30 14:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-10-27 3437976] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "nwiz"="nwiz.exe" [2006-10-22 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2006-10-22 86016] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "egui"="c:\program files\ESET\ESET smart Security\egui.exe" [2011-02-23 2219184] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce] "_nltide_3"="advpack.dll" [2011-12-15 128512] . [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer] "NoSMHelp"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-01-20 691696] R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008] R1 IDMTDI;IDMTDI;c:\windows\system32\DRIVERS\idmtdi.s ys [2011-07-06 101616] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144] R3 AdobeFlashplayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPl ayerUpdateService.exe [2012-01-20 253600] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 mv61xxmm;mv61xxmm; [x] S0 mv64xxmm;mv64xxmm; [x] S0 mvxxmm;mvxxmm; [x] . . Contents of the 'Scheduled Tasks' folder . 2012-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-01-20 11:34] . 2012-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-448539723-1417001333-500Core.job - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-20 12:03] . 2012-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-448539723-1417001333-500UA.job - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-20 12:03] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.tr/ IE: Bütün linkleri IDM ile indir - c:\program files\Internet Download Manager\IEGetAll.htm IE: IDM ile indir - c:\program files\Internet Download Manager\IEExt.htm TCP: DhcpNameserver = 192.168.1.1 TCP: Interfaces\{C18FD287-FF51-430D-BADF-3084B9B17435}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\qhslpn53.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tr/ FF - prefs.js: keyword.URL - FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\User\Application Data\IDM\idmmzcc5 . . ************************************************ ******************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-23 15:30 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ********************************************** ******************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-861567501-448539723-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,84,3a ,5c,77,31,6d,44,a3,89,8b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,84,3a ,5c,77,31,6d,44,a3,89,8b,\ . [HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info] @Denied: (2) (LocalSystem) "AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET Smart Security\\" "DataDir"="ESET\\ESET Smart Security\\" "EditionName"="BUSINESS EDITION" "InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\" "LanguageId"=dword:0000041f "PackageTag"=dword:00000000 "ProductBase"=dword:00000001 "ProductCode"="{EA231024-1FCB-4747-A58F-8309BF236B6D}" "ProductName"="ESET Smart Security" "ProductType"="essbe" "ProductVersion"="4.2.71.2" "UniqueId"="000FAA504F195985" "ScannerBuild"=dword:00001dd3 "ScannerVersionId"=dword:000015fe "ScannerVersion"="ready" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1748) c:\windows\system32\WININET.dll c:\program files\Internet Download Manager\IDMShellExt.dll c:\program files\Internet Download Manager\IDMNetMon.DLL . Completion time: 2012-01-23 15:31:26 ComboFix-quarantined-files.txt 2012-01-23 13:31 ComboFix2.txt 2012-01-21 12:02 . Pre-Run: 31.227.965.440 bayt boş Post-Run: 31.440.408.576 bayt boş . - - End Of File - - 029C1D3830B814EA699FAFC92754CBAA HiJackThis Raporu Kod:** Tüm Kodu Seç Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:34:57, on 23.01.2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKUS\S-1-5-21-861567501-448539723-1417001333-500\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{C18FD287-FF51-430D-BADF-3084B9B17435}: NameServer = 8.8.8.8,8.8.4.4 O22 - SharedTaskScheduler: Browseui önceden yükleyicisi - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Bileşen Katergorileri önbellek daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre8\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4267 bytes Sonuçlar böyle arkadaşlar daha sonra bilgisayarı güvenli moddan normal hale getirdim ve yeniden başlattım bilgisayar açıldığında msconfig sistem yapılandırması çıktı ve msnconfig başlangıçta msnmgr yani messenger kaybolmuştu bende onu farkettiğim an setupunu ve kurulu olan programını kaldırdım messengırın acaba sorun ne olabilir bana yardım edebilirmisiniz arkadaşlar ? Güncelleme: thedarkblue (24 Oca 2012 14:43)



Cep telefonları \| Ekran kartları \| Masaüstü \| Notebook \| Ses kartları \| Webcam \| Klavye & Fare \| Yazıcılar \| Tablet Ev Sineması Mp3 Player \| Usb Bellekler \| Video kameralar \| Fotoğraf Makinesi \| Taşınabilir diskler \| LED & LCD Tv \| Monitörler \| OEM \| PDA Navigasyon \| Oyun Konsolu

Eski laptop'unuza hayat verin Eski laptop'unuz artık Windows'u bile zor mu çalıştırıyor? Bu 5 ipucu ile ona yeni bir hayat verin! Günün Android Uygulaması CHIP Online'dan günün Android Uygulaması! Bugünün android yazılımı: Private DIARY Free Hack gruplarına karşı uyardı! Helyum Bilişim Genel Müdürü çoğuna göre kahraman ilan edilen hack grupları hakkında uyardı! Bu araba biraz farklı! Volvo'nun yeni arabasındaki hava yastığı, pek de alışmadığımız bir yerde ve bakın nasıl çalışıyor! Facebook'tan tarayıcı (mı?) Facebook, tarayıcı dünyasının dev ismini satın mı alıyor? Facebook'un tarayıcısı mı geliyor? MS'ten cep devine yasak! Patent savaşlarında ardı ardına gelen yasak şoklarından birini, şimdi de bu cep devi yaşıyor. TP-Link ile her yerde Wi-Fi! TP-Link'in taşınabilir, pilli router'ı, 3G bağlantınızı paylaştırıyor ve daha fazlasını da yapıyor! Önce uçtu, sonra geri geldi! Antivirüs devi AVG'nin neden kaldırmaya çalıştığını kimsenin anlamadığı video, apar topar geri döndü PC devi, Siri'yi engelledi! iPhone 4S'in sesli yardımcısı Siri'den "korkan" bu teknoloji devi, çareyi onu engellemekte buldu!

Tolstoy Üye Mesaj 250 Kayıt 25 Nis 2008 Kişisel Sayfası	24 Oca 2012 01:00 Alıntı Combofix raporunda bir sorun yok. Aşağıdaki hijackthis satırlarını silin. Kod: Tüm Kodu Seç O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

thedarkblue Yeni Üye Mesaj 3 Kayıt 20 Oca 2012 Kişisel Sayfası	24 Oca 2012 14:45 Alıntı Alıntı: Tolstoy24.01.2012 01:00:37 Combofix raporunda bir sorun yok. Aşağıdaki hijackthis satırlarını silin. Teşekürler. Ancak güvenli modda bilgisayarı açtığımdaki logları ekledim konuya onlarada bi bakarmısın şimdiden teşekürler. Arkadaşlar yorumlarınızı bekliyorum yardımcı olun lütfen.

Tolstoy Üye Mesaj 250 Kayıt 25 Nis 2008 Kişisel Sayfası	24 Oca 2012 21:37 Alıntı Bu sorunun burada çözülmesinin önünde forumun yapısı gereği zorluklar vardır. Bu tür sorunların çözüldüğü de görünürde sadece bir forum bulunmaktadır. Ancak burada size en iyi yardımcı olabilecek üyelerden birisiyim. Başkalarına değil de yazdıklarıma odaklanırsanız sorun çözülebilir Yukarıdaki combofix raporunda sanırım düzenleme yapmışsınız. Mesajdan da rapordan da belli. Dün gördüğüm raporda kayıt defterinin silinmiş olduğu görülüyordu. Tabi ben onu sisteminizdeki bir zararlı olabileceği düşüncesi ile geride başka bir sorun yok olarak yazmıştım. Ancak son verdiğiniz bilgilerden sonra kayıt defterinde sorun olduğu anlaşılıyor. messenger' i de boşuna silmişsiniz. Sorun bir iki hareketle düzeltilebilirdi. Eğer XP CD' niz varsa onarma ile problem gider. Onarma için; Sistemi yönetici olarak açın. XP CD' sini takın. Başlat > Çalıştır'a sfc /scannow yazıp Enter butonuna basın. Bir ikaz gelirse yeniden dene deyin. İşlemin bitmesini bekleyin. Sonra; Bundan sonra kesinlikle combofix çalıştırmayın. Bu yazılımı çalıştırın. List files satırındaki bilgiyi 3 months yapın. Continue butonuna basın ve işlemin bitmesini bekleyin. Çıkan bilgileri buraya yapıştırın.

››‹‹ Yeni Konu Yanıtla

İlgili Konular

	Konu Başlığı	Gönderen	Yanıt	Son Mesaj
	Combofix log & Hijackthis log Bakarmsnz.	lylagvn	13	24 May 2012 19:30
	HijackThis bilgisi olan yada yorumlamasini bilen v	ademacar67	1	04 Ağu 2008 07:49
	Hijackthis log....Yardım lütfen	HPQ-User	7	24 Haz 2008 22:57
	Hijackthis logunu nereden öğrenebilirim?	Bilaxos	4	03 Ağu 2009 12:38
	HijackThis raporu	dctor	2	12 Haz 2010 00:54

Bu sayfa 0,38 saniye içinde hazırlandı.

Doğan Burda

Copyright © CHIP Online 2012 | Doğan Burda Dergi Yayıncılık ve Pazarlama A.Ş.
Hürriyet Medya Towers 34212 Güneşli - İstanbul