Güncellemeleri kapattı virüs açamıyorum.

balyozcu

balyozcu

New member
Katılım
25 Eki 2006
Mesajlar
257
Reaction score
0
Puanları
0
Konum
Nişappur
Selam Arkadaşlar, sorunum şu: pc de güvenlik merkezinden uyarı alıyorum otom. güncelleştirmeler kapalı diye. Balonu vs tıklatıp açmaya çalışınca da güvenlik merkezi oto güncellemeleri açamıyor.. Git denetim masasından elle aç diyor. Keza denetim masasına girmeme rağmen oradan da güncellemeleri açamıyorum. Hatta windows update sitesinden elle bile yükleyemiyorum hiçbirşey.
Antivirüs olarak eset smart sec 4 kullanıyorum. system32 nin altında winhost.exe dosyasını bulduktan sonra oldu bu. Acaba sebebi bu mu yoksa başka bişi mi ?
Nasıl düzeltebilirim bir fikri olan var mı acaba?:saskin
 
Wnhost.exe tanıdık gelmedi..
Vistamı kullanıyorsun...
 
W32.Beagle.CL/K@mm türü Worm, bahsettiğiniz dosya.

Bu virüs bilgisayarınıza, size gönderilen bir email aracılığıyla ulaşır. Email'e eklenmiş (attachment) olan dosyayı açtığınızda virüs sisteminize bulaşır. Bu solucan virüsünün kendine ait bir SMTP aracı (email gönderme) vardır ve bilgisayarınızdaki email adreslerine epostalar göndermek suretiyle kendisini çoğaltmaya çalışır. En kötü olası senaryoda, bu solucan virüsü, saldırgan veya hackerin bilgisayarınıza erişim sağlamasına, internet bankacılığı daihil olmak üzere şifreleriniz ve kişisel bilgilerinizi çalmaya yarar. Bu uygulama çok ciddi bir güvenlik açığıdır ve derhal sistemden kaldırılması tavsiye edilir. Bu uygulama çok ciddi bir güvenlik açığıdır ve derhal sistemden kaldırılması tavsiye edilir.

İlk önce, regedit'e giderek Run, RunOnce, RunServices, RunServicesOnce entrylerinden winhost.exe'yi içeren entryleri silin. Yani Başlat > Çalıştır yapıp regedit yazıp enterlayın.
HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > Current Version
a girerek buradan winhost.exe içeren değerleri silin.

Sonra da C:/WINDOWS dizininden winhost.exe'yi silin. Sonra ComboFix'i indirerek (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) masaüstüne alıp çalıştırın. Gelen uyarılara evet diyin.
Dikkat: ComboFix güçlü bir araçtır, dikkatli kullanın.

Sorununuz düzelmezse, ComboFix bilgisayara reset attıktan sonra Log oluşturuyor. O Logu buradan iletin, yardımcı olayım.

İyi forumlar
 
<<<DeFThELoG>>>' Alıntı:
Wnhost.exe tanıdık gelmedi..
Vistamı kullanıyorsun...
Genişletmek için tıkla ...
Vista değil Xp Sp3 kullanıyorum.

B-Key' Alıntı:
W32.Beagle.CL/K@mm türü Worm, bahsettiğiniz dosya.

Bu virüs bilgisayarınıza, size gönderilen bir email aracılığıyla ulaşır. Email'e eklenmiş (attachment) olan dosyayı açtığınızda virüs sisteminize bulaşır. Bu solucan virüsünün kendine ait bir SMTP aracı (email gönderme) vardır ve bilgisayarınızdaki email adreslerine epostalar göndermek suretiyle kendisini çoğaltmaya çalışır. En kötü olası senaryoda, bu solucan virüsü, saldırgan veya hackerin bilgisayarınıza erişim sağlamasına, internet bankacılığı daihil olmak üzere şifreleriniz ve kişisel bilgilerinizi çalmaya yarar. Bu uygulama çok ciddi bir güvenlik açığıdır ve derhal sistemden kaldırılması tavsiye edilir. Bu uygulama çok ciddi bir güvenlik açığıdır ve derhal sistemden kaldırılması tavsiye edilir.

İlk önce, regedit'e giderek Run, RunOnce, RunServices, RunServicesOnce entrylerinden winhost.exe'yi içeren entryleri silin. Yani Başlat > Çalıştır yapıp regedit yazıp enterlayın.
HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > Current Version
a girerek buradan winhost.exe içeren değerleri silin.

Sonra da C:/WINDOWS dizininden winhost.exe'yi silin. Sonra ComboFix'i indirerek (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) masaüstüne alıp çalıştırın. Gelen uyarılara evet diyin.
Dikkat: ComboFix güçlü bir araçtır, dikkatli kullanın.

Sorununuz düzelmezse, ComboFix bilgisayara reset attıktan sonra Log oluşturuyor. O Logu buradan iletin, yardımcı olayım.

İyi forumlar
Genişletmek için tıkla ...

Öncelikle zaman ayırdığınız için teşekkür ederim, yazdıklarınızı uygulamaya çalıştım fakat başarılı olamadım sanırım sorunu çözemedim.
combofixin log dosyası:
Kod: 
ComboFix 09-04-03.01 - ahmet 2009-04-04 11:36:14.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1254.1.1055.18.1535.1081 [GMT 3:00]
Running from: c:\documents and settings\ahmet\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ahmet\Application Data\.#
c:\windows\system32\drivers\npf.sys
c:\windows\system32\packet.dll
c:\windows\system32\pthreadGC2.dll
c:\windows\system32\tmp.reg
c:\windows\system32\wpcap.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


(((((((((((((((((((((((((   Files Created from 2009-03-04 to 2009-04-04  )))))))))))))))))))))))))))))))
.

2009-04-03 18:26 . 2009-04-03 18:26	<DIR>	d--------	c:\documents and settings\All Users\Application Data\DassaultSystemes
2009-04-03 18:26 . 2009-04-03 18:26	<DIR>	d--------	c:\documents and settings\ahmet\Application Data\DassaultSystemes
2009-04-02 21:57 . 2009-04-02 21:57	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-01 16:41 . 2009-04-01 16:43	<DIR>	d--------	c:\program files\vSoft
2009-04-01 16:41 . 2009-04-03 21:25	<DIR>	d--------	C:\Downloads
2009-04-01 11:39 . 2009-04-01 11:39	5,262	--a------	c:\windows\system32\PerfStringBackup.TMP
2009-03-31 01:12 . 2009-03-31 01:12	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Synetic
2009-03-31 00:43 . 2009-04-01 20:47	<DIR>	d--------	c:\program files\Team JPN
2009-03-29 22:05 . 2009-03-29 22:05	<DIR>	d--------	c:\program files\FlexWATCH
2009-03-20 22:22 . 2008-11-06 19:37	3,596,288	--a------	c:\windows\system32\qt-dx331.dll
2009-03-20 22:22 . 2008-09-24 21:41	839,680	--a------	c:\windows\system32\lameACM.acm
2009-03-20 22:22 . 2008-12-07 21:08	795,648	--a------	c:\windows\system32\xvidcore.dll
2009-03-20 22:22 . 2004-01-25 19:18	217,088	--a------	c:\windows\system32\yv12vfw.dll
2009-03-20 22:22 . 2008-09-16 22:23	168,448	--a------	c:\windows\system32\unrar.dll
2009-03-20 22:22 . 2008-12-07 21:08	130,048	--a------	c:\windows\system32\xvidvfw.dll
2009-03-20 22:22 . 2007-09-21 03:52	118,784	--a------	c:\windows\system32\ac3acm.acm
2009-03-20 22:22 . 2008-12-11 03:33	86,016	--a------	c:\windows\system32\dpl100.dll
2009-03-20 22:22 . 2008-10-03 15:30	414	--a------	c:\windows\system32\lame_acm.xml
2009-03-20 22:21 . 2009-03-20 22:23	<DIR>	d--------	c:\program files\K-Lite Codec Pack
2009-03-20 22:21 . 2008-11-06 19:33	684,032	--a------	c:\windows\system32\divx.dll
2009-03-20 22:21 . 2009-03-02 20:10	67,584	--a------	c:\windows\system32\ff_vfw.dll
2009-03-20 22:21 . 2007-07-10 19:10	547	--a------	c:\windows\system32\ff_vfw.dll.manifest
2009-03-19 00:03 . 2009-03-21 03:20	4,096	--a------	c:\windows\system32\crash
2009-03-14 13:06 . 2009-03-14 14:42	<DIR>	d--------	c:\program files\Sniper Elite
2009-03-11 00:27 . 2009-03-09 17:27	290,816	--a------	c:\windows\system32\TubeFinder.exe
2009-03-11 00:26 . 2009-03-11 00:35	<DIR>	d--------	c:\program files\Free FLV Converter
2009-03-11 00:26 . 2008-06-04 18:42	364,544	--a------	c:\windows\system32\PropertyGrid.ocx
2009-03-11 00:26 . 2008-06-04 18:42	208,500	--a------	c:\windows\system32\ReyXpBasics.tlb
2009-03-11 00:26 . 2008-06-04 18:42	141,312	--a------	c:\windows\system32\MSCMCFR.DLL
2009-03-11 00:26 . 2008-06-04 18:42	119,568	--a------	c:\windows\system32\VB6FR.DLL
2009-03-11 00:26 . 2008-06-04 18:42	84,512	--a------	c:\windows\system32\PICCLP32.OCX
2009-03-11 00:26 . 2008-06-04 18:42	32,768	--a------	c:\windows\system32\CMDLGFR.DLL
2009-03-11 00:26 . 2008-06-04 18:42	24,576	--a------	c:\windows\system32\ControlSubX.ocx
2009-03-11 00:26 . 2008-06-04 18:42	9,728	--a------	c:\windows\system32\PCCLPFR.DLL
2009-03-08 19:12 . 2009-03-08 19:13	<DIR>	d--------	c:\program files\USB Disk Security
2009-03-07 21:39 . 2009-03-07 21:39	<DIR>	d--------	c:\documents and settings\All Users\Application Data\ATI
2009-03-07 21:39 . 2009-03-07 21:39	<DIR>	d--------	c:\documents and settings\ahmet\Application Data\ATI
2009-03-07 16:17 . 2009-03-07 21:39	<DIR>	d--------	c:\program files\ATI

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-04 08:44	---------	d-----w	c:\documents and settings\All Users\Application Data\Babylon
2009-04-03 22:54	22,328	----a-w	c:\windows\system32\drivers\PnkBstrK.sys
2009-04-02 16:29	---------	d---a-w	c:\documents and settings\All Users\Application Data\TEMP
2009-04-01 08:40	---------	d-----w	c:\program files\Java
2009-03-20 19:37	---------	d-----w	c:\documents and settings\ahmet\Application Data\uTorrent
2009-03-18 12:57	---------	d-----w	c:\program files\eMule
2009-03-16 21:37	---------	d-----w	c:\program files\ESET
2009-03-11 17:23	---------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-07 13:17	---------	d-----w	c:\program files\ATI Technologies
2009-03-07 13:16	---------	d--h--w	c:\program files\InstallShield Installation Information
2009-03-06 17:11	---------	d-----w	c:\documents and settings\ahmet\Application Data\Babylon
2009-02-28 20:17	---------	d-----w	c:\program files\Messenger Plus! Live
2009-02-25 22:58	3,565,568	----a-w	c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 20:37	53,248	----a-w	c:\windows\system32\drivers\ati2erec.dll
2009-02-21 11:11	---------	d-----w	c:\documents and settings\All Users\Application Data\POP3Profiles
2009-02-21 11:06	---------	d-----w	c:\program files\Ubisoft
2009-02-20 11:00	---------	d-----w	c:\documents and settings\ahmet\Application Data\Red Alert 3
2009-02-18 22:37	---------	d-----w	c:\program files\Electronic Arts
2009-02-17 11:42	---------	d-----w	c:\program files\Folder Lock 6
2009-02-17 11:33	---------	d-----w	c:\program files\Your Uninstaller 2006
2009-02-17 00:35	---------	d-----w	c:\documents and settings\ahmet\Application Data\URSoft
2009-02-16 16:59	---------	d-----w	c:\program files\Microsoft Games for Windows - LIVE
2009-02-16 16:10	---------	d-----w	c:\program files\MSBuild
2009-02-16 16:01	---------	d--h--r	c:\documents and settings\ahmet\Application Data\SecuROM
2009-02-16 15:36	---------	d-----w	c:\program files\Reference Assemblies
2009-02-15 09:56	---------	d-----w	c:\documents and settings\ahmet\Application Data\ESET
2009-02-15 09:24	---------	d-----w	c:\documents and settings\All Users\Application Data\ESET
2009-02-14 01:45	22,328	----a-w	c:\documents and settings\ahmet\Application Data\PnkBstrK.sys
2009-02-12 23:13	---------	d-----w	c:\documents and settings\ahmet\Application Data\Windows Search
2009-02-12 17:18	---------	d-----w	c:\documents and settings\ahmet\Application Data\Windows Desktop Search
2009-02-12 17:17	---------	d-----w	c:\program files\Windows Desktop Search
2009-02-06 23:35	---------	d-----w	c:\program files\Easy Decrypter
2009-02-06 12:24	56,280	----a-w	c:\windows\system32\drivers\epfwtdi.sys
2009-02-06 12:24	33,096	----a-w	c:\windows\system32\drivers\epfwndis.sys
2009-02-06 12:24	130,952	----a-w	c:\windows\system32\drivers\epfw.sys
2009-02-06 12:23	106,208	----a-w	c:\windows\system32\drivers\ehdrv.sys
2009-02-06 12:19	113,448	----a-w	c:\windows\system32\drivers\eamon.sys
2009-02-02 00:36	73,216	----a-w	c:\windows\ST6UNST.EXE
2009-02-02 00:36	249,856	------w	c:\windows\Setup1.exe
2008-12-10 14:14	4,411,392	----a-w	c:\program files\mplayerc.exe
2008-12-15 00:51	32,768	--sha-w	c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008120820081215\index.dat
2008-12-15 00:51	32,768	--sha-w	c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008121520081216\index.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\ahmet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-12 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-19 339968]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-12-14 3960552]
"NuTCSetupEnviron"="c:\progra~1\MKSTOO~1\bin\ncoeenv.exe" [2004-01-23 25093]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"High Definition Audio Özellik Sayfası Kısayolu"="HDAudPropShortcut.exe" [2004-08-12 c:\windows\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-01-24 c:\windows\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\ahmet\Start Menu\Programlar\BaŸlang�‡\
Registration Prince of Persia T2T.LNK - c:\program files\Ubisoft\Prince of Persia T2T\Support\Register\RegistrationReminder.exe [2009-02-21 868352]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"VIDC.HFYU"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R2 mpich_mpd;MPICH Daemon (C) 2001 Argonne National Lab;c:\program files\MPICH\mpd\bin\mpd.exe [2009-01-02 184320]
R2 NuTCRACKERService;NuTCRACKER Service;c:\windows\system32\nutsrv4.exe [2004-01-23 306852]
R2 NwSapAgent;SAP Aracısı;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-308236825-725345543-1003.job
- c:\documents and settings\ahmet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-12 03:14]

2009-04-03 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 18:04]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
LSP: %SystemRoot%\system32\nutafun4.dll
TCP: {90A41FED-8BBF-4419-9722-476F252D6264} = 220.233.0.4,199.166.31.3
TCP: {D34D19EA-4E34-42D6-94F6-B62B5600382B} = 208.67.222.222,208.67.220.220
DPF: {5CB1663E-2D2E-40D3-8DD6-A00198E2EA1D} - hxxp://www.kocaeli.bel.tr/activex/LiveView.cab
FF - ProfilePath - c:\documents and settings\ahmet\Application Data\Mozilla\Firefox\Profiles\44iwxj6x.default\
FF - prefs.js: browser.startup.homepage - hxxp://tr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:tr:official
FF - plugin: c:\documents and settings\ahmet\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-04 11:44:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

c:\windows\explorer.exe [3020] 0x894A97D8

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-602162358-308236825-725345543-1003\Software\%s (%s)\«Ù0x >:xz|8xn9xz|8xCStringList*ğ³/xß0x!A:xoŞ0xn9xz|8xCMapPtrToPtr\TRK_Settings\BCGCommandManager]
"CommandsWithoutImages"=hex:00,00
"MenuUserImages"=hex:00,00

[HKEY_USERS\S-1-5-21-602162358-308236825-725345543-1003\Software\%s (%s)\«Ù0x >:xz|8xn9xz|8xCStringList*ğ³/xß0x!A:xoŞ0xn9xz|8xCMapPtrToPtr\TRK_Settings\BCGControlBarVersion]
"Major"=dword:00000008
"Minor"=dword:0000003c

[HKEY_USERS\S-1-5-21-602162358-308236825-725345543-1003\Software\%s (%s)\«Ù0x >:xz|8xn9xz|8xCStringList*ğ³/xß0x!A:xoŞ0xn9xz|8xCMapPtrToPtr\TRK_Settings\BCGToolbarParameters]
"Tooltips"=dword:00000001
"ShortcutKeys"=dword:00000001
"LargeIcons"=dword:00000001
"MenuAnimation"=dword:00000000
"RecentlyUsedMenus"=dword:00000001
"MenuShadows"=dword:00000001
"ShowAllMenusAfterDelay"=dword:00000001
"Look2000"=dword:00000001
"CommandsUsage"=hex:2f,00,00,00,00,00

[HKEY_USERS\S-1-5-21-602162358-308236825-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-602162358-308236825-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:cd,6f,db,34,4c,76,7c,c5,29,3e,b5,8f,e9,59,5c,f7,63,bc,0e,4d,ab,
   dd,8a,e6,e2,f3,07,41,84,5b,07,96,49,ed,3a,b7,a0,34,b4,40,82,d5,5e,fe,32,2c,\
"rkeysecu"=hex:13,ea,b1,6a,43,1f,05,d4,0e,d9,bd,35,96,88,1f,07
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1324)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\MKSTOO~1\bin\snmptrapd.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-04-04 11:46:50 - machine was rebooted
ComboFix-quarantined-files.txt  2009-04-04 08:46:47

Pre-Run: 17.912.299.520 bayt boş
Post-Run: 18,949,861,376 bayt boş

249	--- E O F ---	2009-03-17 09:49:20
 
Çalışan dosyalarınızı ve LOGu inceledim, herhangi bir problem gözükmüyor. :saskin

HiJackThis (http://doctus.org/hjt/HijackThis.exe)
indirip çalıştırın.

Do a system scan and save a log file'ı tıklayın. Onun da raporunu atın. :goz:
 
B-Key' Alıntı:
Çalışan dosyalarınızı ve LOGu inceledim, herhangi bir problem gözükmüyor. :saskin

HiJackThis (http://doctus.org/hjt/HijackThis.exe)
indirip çalıştırın.

Do a system scan and save a log file'ı tıklayın. Onun da raporunu atın. :goz:
Genişletmek için tıkla ...

Önerdiğiniz programı indirip çalıştırdım. söylediğiniz gibi log raporunu gönderiyorum. Alakanız için tekrar teşekkür ederim.
Kod: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:30:04, on 07.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Dassault Systemes\B205\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MPICH\mpd\bin\mpd.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nutsrv4.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\MKSTOO~1\bin\snmptrapd.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ahmet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Doctus\Doctus.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Özellik Sayfası Kısayolu] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\MKSTOO~1\bin\ncoeenv.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ahmet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Prince of Persia T2T.LNK = C:\Program Files\Ubisoft\Prince of Persia T2T\Support\Register\RegistrationReminder.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5CB1663E-2D2E-40D3-8DD6-A00198E2EA1D} (FwJpgCtl Control) - http://www.kocaeli.bel.tr/activex/LiveView.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229298386421
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{90A41FED-8BBF-4419-9722-476F252D6264}: NameServer = 220.233.0.4,199.166.31.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{D34D19EA-4E34-42D6-94F6-B62B5600382B}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{90A41FED-8BBF-4419-9722-476F252D6264}: NameServer = 220.233.0.4,199.166.31.3
O17 - HKLM\System\CS3\Services\Tcpip\..\{90A41FED-8BBF-4419-9722-476F252D6264}: NameServer = 220.233.0.4,199.166.31.3
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B205\intel_a\code\bin\CATSysDemon.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MPICH Daemon (C) 2001 Argonne National Lab (mpich_mpd) - Unknown owner - C:\Program Files\MPICH\mpd\bin\mpd.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SNMPTrapd Service (SNMPTrapdService) - DataFocus, Inc. - C:\PROGRA~1\MKSTOO~1\bin\snmptrapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8517 bytes
 
Cevap yazmak için giriş yap yada kayıt ol.
Geri
Üst