Masa üstündeki gizli dosya

[aerom83]

Selam arkadaşlar,

Bugün pc nerdeyse tüm gün açıktı akşam masaüstünde bi gizli dosya farkettim.Gizli dosyaları göster seçeneği aktif olmasa göremezdim muhtemelen.Neyse dosyanın ismi sadece "a".Ne uzantılı bi dosya diye baktım hiç bişey belli değil,biraz araştırınca exe olduğunu gördüm.Bikaç virüs ve benzeri programlara tarattim tedit unsuru olarak görmedi.Hijack ile log çıkardım tehlike unsuru bişey varmı lütfen bakar mı bilen arkadaşlar.Hijacktan sonra dosyayı normal yolla delete yapıp sildim.Problem çıkmadı ne iş anlamadım.

İlgilenirseniz çok sevinirim.


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 01:23:51, on 17.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Octoshape Streaming Services\dell\OctoshapeClient.exe
C:\Program Files\Pikatel KKP AirMax101\TestProgrami.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Ikanos\Eagle Family USB ADSL Driver\DSLMON.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\dell\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gnctrkcll.turkcell.com.tr/?banner=gnc_20080918_paul_kampanyasi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
O1 - Hosts: 208.65.153.251 uk.youtube.com
O1 - Hosts: 208.65.153.253 de.youtube.com
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70 www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com
O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com
O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com
O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com
O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com
O1 - Hosts: 64.15.125.33 sjc-v94.sjc.youtube.com
O1 - Hosts: 64.15.125.34 sjc-v95.sjc.youtube.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\dell\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Kolay Kurum Programi] C:\Program Files\Pikatel KKP AirMax101\TestProgrami.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Anti-Virus&Trojan.lnk = C:\Program Files\Anti-Virus&Trojan\Anti-Virus&Trojan.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Ikanos\Eagle Family USB ADSL Driver\DSLMON.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hızlı Başlangıç.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Sipru.lnk = C:\Program Files\Sipru\sipru.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.hepsiburada.com
O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) - https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
O16 - DPF: {1A7137F0-AC90-495D-AE99-3D294276469C} (WebTVDML Control) - http://www.digiturkwebtv.com.tr/DMA/WebTVDML.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D0BB3ACE-4ED3-4D65-BB86-1A0C6CAF351F} (AvaLaunch Control) - http://212.175.239.246:81/avaLaunch94.cab
O22 - SharedTaskScheduler: Browseui önceden yükleyicisi - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Bileşen Katergorileri önbellek daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 15989 bytes

 

[ozan_srht]

o virüsü online wirüs tarayıcılar war. bide orda tarattır bakalım.. en güncel wirüsleri anca orda görebilirsin onlar bulabilir.. bende bi arastırayım onu merak ettim

 

[ΜεтάĻïڪţ]

hijackthis bilgisayarında o an çalışan herşeyin kayıdını alır ve sana hazırlar... da bunu senin kendin yapmış olman gerek ?

bilgisayarında böyle bir program kullanmıyor musun ?

 

[aerom83]

Valla a isminde bi program kullanmiyorum.Yeni birsey de yüklemedim.Bir email eklentisi acmadim.Birden masaüstünde oldugunu farkettim.Bende zararli biseymi degil mi anlayamadim.Pcde bi abukluk olmadi cunku.Ama exe diye endiselendim.Normal bi ismide yok ki netten ne oldugunu arastirayim.Sadece dosya boyutu 170 kb civarinda falandi.Baska bi bilgisine erisemedim.
Hijack logunu ise pcde çalışan şüpheli birşey varmı diye buraya koydum.

 

[not_blues]

kardes sen combo fix kullandıysan o yapmıştır.. Ben gecen kullandım bende de oldu aynı şey..

 

[aerom83]

kardes sen combo fix kullandıysan o yapmıştır.. Ben gecen kullandım bende de oldu aynı şey..

İlginç...Combofix var pcde.Ama aylardir çalıştırmadım.O şüpheli dosyayı görünce çalıştırdım comboyu.Yani comboyu kullanmadan önce çıktı o dosya.Hani her kullanımda mı yapıyor o dosyayı o zaman orasını anlamadım.

Arkadaşların önerdiği gibi online virüs taraması yaptım.Sorsan pcde antivirüs var hiçbişi bulmamıştı.

Bitdefender bayağı bişeyler buldu.

C:\Documents and Settings\dell\Belgelerim\Unzipped\Adobe CS2 keygens\Adobe Acrobat 8.0 keygen.exe
Infected with: Backdoor.Bot.54321

C:\Documents and Settings\dell\Belgelerim\Unzipped\Adobe CS2 keygens\Adobe Acrobat 8.0 keygen.exe
Deleted

C:\Documents and Settings\dell\Belgelerim\Unzipped\Dreamweaver v8.0 keygen\fcb_f00l_c0d3rz_brazil\fcb_macromedia_dreamweaver_v8.0_key.exe
Infected with: Backdoor.Hupigon.BV

C:\Documents and Settings\dell\Belgelerim\Unzipped\Dreamweaver v8.0 keygen\fcb_f00l_c0d3rz_brazil\fcb_macromedia_dreamweaver_v8.0_key.exe
Deleted

C:\Documents and Settings\dell\Desktop\key generator\Adobe CS2 keygens.zip=>Adobe Acrobat 8.0 keygen.exe
Infected with: Backdoor.Bot.54321

C:\Documents and Settings\dell\Desktop\key generator\Adobe CS2 keygens.zip=>Adobe Acrobat 8.0 keygen.exe
Deleted

C:\Documents and Settings\dell\Desktop\key generator\Adobe CS2 keygens.zip
Updated

C:\Documents and Settings\dell\Desktop\key generator\Dreamweaver v8.0 keygen.zip=>fcb_f00l_c0d3rz_brazil/fcb_macromedia_dreamweaver_v8.0_key.exe
Infected with: Backdoor.Hupigon.BV

C:\Documents and Settings\dell\Desktop\key generator\Dreamweaver v8.0 keygen.zip=>fcb_f00l_c0d3rz_brazil/fcb_macromedia_dreamweaver_v8.0_key.exe
Deleted

C:\Documents and Settings\dell\Desktop\key generator\Dreamweaver v8.0 keygen.zip
Updated

C:\Program Files\ESET\infected\HVXN0NAA.NQF=>(Quarantine-PE)
Infected with: Trojan.Downloader.Wigon.A

C:\Program Files\ESET\infected\HVXN0NAA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\HVXN0NAA.NQF
Deleted

C:\Program Files\ESET\infected\MC3QXJDA.NQF=>(Quarantine-PE)
Infected with: Trojan.Downloader.Wigon.A

C:\Program Files\ESET\infected\MC3QXJDA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\MC3QXJDA.NQF
Deleted

C:\Program Files\ESET\infected\NR0W0SBA.NQF=>(Quarantine-PE)
Infected with: Trojan.Downloader.Wigon.A

C:\Program Files\ESET\infected\NR0W0SBA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\NR0W0SBA.NQF
Deleted

C:\Program Files\ESET\infected\SX5DBZBA.NQF=>(Quarantine-PE)
Infected with: Backdoor.Bot.65324

C:\Program Files\ESET\infected\SX5DBZBA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\SX5DBZBA.NQF
Deleted

C:\Program Files\ESET\infected\UGFGUXDA.NQF=>(Quarantine-PE)
Infected with: Backdoor.Bot.65324

C:\Program Files\ESET\infected\UGFGUXDA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\UGFGUXDA.NQF
Deleted

C:\Program Files\ESET\infected\ULXHICBA.NQF=>(Quarantine-PE)
Infected with: Trojan.Downloader.Wigon.A

C:\Program Files\ESET\infected\ULXHICBA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\ULXHICBA.NQF
Deleted

C:\Program Files\ESET\infected\XUCITWAA.NQF=>(Quarantine-PE)
Infected with: Trojan.Downloader.Wigon.A

C:\Program Files\ESET\infected\XUCITWAA.NQF=>(Quarantine-PE)
Deleted

C:\Program Files\ESET\infected\XUCITWAA.NQF
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\WinCtrl32.dll.vir
Infected with: Trojan.Dropper.Kobcka.Gen.1

C:\QooBox\Quarantine\C\WINDOWS\system32\WinCtrl32.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\WinCtrl32.dl_.vir
Infected with: Trojan.Dropper.Kobcka.Gen.1

C:\QooBox\Quarantine\C\WINDOWS\system32\WinCtrl32.dl_.vir
Deleted

C:\System Volume Information\_restore{B557B372-A8C9-496B-AACD-F7F5C183A51C}\RP190\A0125353.exe
Infected with: Trojan.Generic.1183538

C:\System Volume Information\_restore{B557B372-A8C9-496B-AACD-F7F5C183A51C}\RP190\A0125353.exe
Deleted

C:\System Volume Information\_restore{B557B372-A8C9-496B-AACD-F7F5C183A51C}\RP191\A0125355.exe
Infected with: Trojan.Generic.1183538

C:\System Volume Information\_restore{B557B372-A8C9-496B-AACD-F7F5C183A51C}\RP191\A0125355.exe
Deleted

C:\System Volume Information\_restore{B557B372-A8C9-496B-AACD-F7F5C183A51C}\RP191\A0125426.exe
Infected with: Trojan.Generic.1183538

C:\System Volume Information\_restore{B557B372-A8C9-496B-AACD-F7F5C183A51C}\RP191\A0125426.exe
Deleted

C:\System Volume Information\_restore{B557B372-A8C9-496B-AACD-F7F5C183A51C}\RP191\A0125445.exe
Infected with: Trojan.Generic.363285

C:\System Volume Information\_restore{B557B372-A8C9-496B-AACD-F7F5C183A51C}\RP191\A0125445.exe
Deleted

C:\System Volume Information\_restore{B557B372-A8C9-496B-AACD-F7F5C183A51C}\RP191\A0125448.exe=>(Instyler o)=>(Instyler Module 1)
Infected with: Trojan.Generic.363285

C:\System Volume Information\_restore{B557B372-A8C9-496B-AACD-F7F5C183A51C}\RP191\A0125448.exe=>(Instyler o)=>(Instyler Module 1)
Deleted

C:\System Volume Information\_restore{B557B372-A8C9-496B-AACD-F7F5C183A51C}\RP191\A0125448.exe=>(Instyler o)
Update failed

C:\WINDOWS\system32\paso.el
Infected with: Trojan.Generic.1183538

C:\WINDOWS\system32\paso.el
Deleted

 

[ΜεтάĻïڪţ]

combofix o dökümanı bırakmaz ya sorun yok sanırım su an ?

bu arada spyware doctor da kullanmamazlık yapma

 

[aerom83]

combofix o dökümanı bırakmaz ya sorun yok sanırım su an ?

bu arada spyware doctor da kullanmamazlık yapma

evet bi problem yok galiba ama hala ne amaçlı bi dosya idi bilemiyorum neyse herkese teşekkürler...

 

[draco666]

ya hijackthis kullanan herkeste youtubeye girior bunun sebebi ne youtubeyi özel kilan ne son logta cok trojan alarm i vermis SANSİN KÖTÜ olabilir!

 

[yyildirayy]

ilginç bi dosyadan neler çıkmış
kafam karıştı

 

[ΜεтάĻïڪţ]

evet bi problem yok galiba ama hala ne amaçlı bi dosya idi bilemiyorum neyse herkese teşekkürler...

Bilgisayarla çok haşır neşir olursan daha rahat anlarsın...

Yaptığı taramanın log kayıtları sadece