log bulaşan virüs mü

derinhoca · 13-06-05, 15:30

arkadaşlar bilgisayarıma birşey bulaştı ne olduğunu bilmiyorum.log dosyası gönderiyorum.bilgi verirseniz sevinirm

********
10:15: |··· Start of Session, 13 Haziran 2005 Pazartesi ···|
10:15: Spy Sweeper started
10:15: Sweep initiated using definitions version 492
10:15: Starting Memory Sweep
10:16: Memory Sweep Complete, Elapsed Time: 00:01:40
10:16: Starting Registry Sweep
10:16: Found Adware: azsearch toolbar
10:16: HKCR\azentretien.loader\ (5 subtraces) (ID = 649578)
10:16: HKCR\clsid\{0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}\ (11 subtraces) (ID = 649579)
10:16: HKCR\clsid\{a19ef336-01d4-48e6-926a-fe7e1c747aed}\ (11 subtraces) (ID = 649581)
10:16: HKCR\clsid\{ba048011-957f-4ba0-a804-62c28d96f878}\ (20 subtraces) (ID = 649583)
10:16: HKCR\clsid\{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}\ (11 subtraces) (ID = 649585)
10:16: HKLM\software\azentretienco\ (3 subtraces) (ID = 649595)
10:16: HKLM\software\azesearchco\ (21 subtraces) (ID = 649596)
10:16: HKLM\software\classes\azentretien.loader.1\ (3 subtraces) (ID = 649599)
10:16: HKLM\software\classes\azentretien.loader\ (5 subtraces) (ID = 649600)
10:16: HKLM\software\classes\clsid\{0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}\ (11 subtraces) (ID = 649601)
10:16: HKLM\software\classes\clsid\{a19ef336-01d4-48e6-926a-fe7e1c747aed}\ (11 subtraces) (ID = 649603)
10:16: HKLM\software\classes\clsid\{ba048011-957f-4ba0-a804-62c28d96f878}\ (20 subtraces) (ID = 649605)
10:16: HKLM\software\classes\clsid\{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}\ (11 subtraces) (ID = 649607)
10:16: HKLM\software\classes\typelib\{42fc3840-020c-4e93-a34c-4df1a6330fbb}\ (9 subtraces) (ID = 649620)
10:16: HKLM\software\classes\ztoolbar.activator.1\ (3 subtraces) (ID = 649623)
10:16: HKLM\software\classes\ztoolbar.activator.1\clsid\ (1 subtraces) (ID = 649624)
10:16: HKLM\software\classes\ztoolbar.activator\ (5 subtraces) (ID = 649625)
10:16: HKLM\software\classes\ztoolbar.paramwr.1\ (3 subtraces) (ID = 649626)
10:16: HKLM\software\classes\ztoolbar.paramwr\ (5 subtraces) (ID = 649627)
10:16: HKLM\software\classes\ztoolbar.stockbar.1\ (3 subtraces) (ID = 649628)
10:16: HKLM\software\classes\ztoolbar.stockbar\ (5 subtraces) (ID = 649629)
10:16: HKLM\software\microsoft\internet explorer\toolbar\ || {a19ef336-01d4-48e6-926a-fe7e1c747aed} (ID = 649633)
10:16: HKLM\software\microsoft\windows\currentversion\exp lorer\browser helper objects\{0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}\ (ID = 649635)
10:16: HKLM\software\microsoft\windows\currentversion\exp lorer\browser helper objects\{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}\ (ID = 649637)
10:16: HKCR\typelib\{42fc3840-020c-4e93-a34c-4df1a6330fbb}\ (9 subtraces) (ID = 649643)
10:16: HKCR\ztoolbar.activator.1\ (3 subtraces) (ID = 649646)
10:16: HKCR\ztoolbar.activator\ (5 subtraces) (ID = 649647)
10:16: HKCR\ztoolbar.paramwr.1\ (3 subtraces) (ID = 649648)
10:16: HKCR\ztoolbar.paramwr\ (5 subtraces) (ID = 649649)
10:16: HKCR\ztoolbar.stockbar.1\ (3 subtraces) (ID = 649650)
10:16: HKCR\ztoolbar.stockbar\ (5 subtraces) (ID = 649651)
10:16: Found Adware: bargain buddy
10:16: HKCR\apuc.urlcatcher.1\ (3 subtraces) (ID = 649693)
10:16: HKCR\apuc.urlcatcher\ (3 subtraces) (ID = 649694)
10:16: HKCR\clsid\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}\ (9 subtraces) (ID = 649695)
10:16: HKCR\interface\{c6906a23-4717-4e1f-b6fd-f06ebed14177}\ (8 subtraces) (ID = 649698)
10:16: HKLM\software\microsoft\windows\currentversion\exp lorer\browser helper objects\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}\ (ID = 649709)
10:16: HKCR\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516a2a3}\ (9 subtraces) (ID = 649719)
10:16: Found Adware: bookedspace
10:16: HKCR\appid\bookedspace.dll\ (1 subtraces) (ID = 650518)
10:16: HKCR\appid\{5cd19420-b328-47d5-a55f-1c07638efdf8}\ (1 subtraces) (ID = 650520)
10:16: HKCR\bookedspace.extension.3\ (3 subtraces) (ID = 650521)
10:16: HKCR\bookedspace.extension\ (5 subtraces) (ID = 650523)
10:16: HKCR\clsid\{a85c4a1b-bd36-44e5-a70f-8ec347d9b24f}\ (12 subtraces) (ID = 650525)
10:16: HKLM\software\bookedspace\ (37 subtraces) (ID = 650527)
10:16: HKLM\software\classes\appid\bookedspace.dll\ (1 subtraces) (ID = 650528)
10:16: HKLM\software\classes\appid\{5cd19420-b328-47d5-a55f-1c07638efdf8}\ (1 subtraces) (ID = 650530)
10:16: HKLM\software\classes\bookedspace.extension\ (5 subtraces) (ID = 650531)
10:16: HKLM\software\classes\clsid\{a85c4a1b-bd36-44e5-a70f-8ec347d9b24f}\ (12 subtraces) (ID = 650533)
10:16: HKLM\software\classes\typelib\{5cd19420-b328-47d5-a55f-1c07638efdf8}\ (9 subtraces) (ID = 650536)
10:16: HKLM\software\microsoft\windows\currentversion\exp lorer\browser helper objects\{a85c4a1b-bd36-44e5-a70f-8ec347d9b24f}\ (ID = 650539)
10:16: HKCR\typelib\{5cd19420-b328-47d5-a55f-1c07638efdf8}\ (9 subtraces) (ID = 650549)
10:17: Found Adware: cws-aboutblank
10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\microsoft\internet explorer\main\ || search page_bak (ID = 661616)
10:17: Found Adware: dapsol dialer
10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\microsoft\internet explorer\main\ || conc (ID = 670382)
10:17: Found Adware: downloadware
10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\downloadware\ (16 subtraces) (ID = 671067)
10:17: HKLM\software\downloadware\ (2 subtraces) (ID = 671068)
10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\webinstall\ (3 subtraces) (ID = 671078)
10:17: Found Adware: exactsearchbar
10:17: HKLM\software\microsoft\windows\currentversion\she ll extensions\approved\ || {224530a0-c9cb-4aee-9c0f-54ac1b533211} (ID = 671542)
10:17: Found Adware: hotbar
10:17: HKCR\interface\{3f04cbf7-cd62-4403-b090-b432dedcb159}\ (8 subtraces) (ID = 672943)
10:17: HKCR\interface\{8578d35e-c6c0-4808-9a80-0f6c29a2c423}\ (8 subtraces) (ID = 672958)
10:17: HKCR\interface\{bc190da5-0187-4d99-b3ac-6c45ea1b9324}\ (8 subtraces) (ID = 672972)
10:17: HKLM\software\classes\interface\{3f04cbf7-cd62-4403-b090-b432dedcb159}\ (8 subtraces) (ID = 673109)
10:17: HKLM\software\classes\interface\{8578d35e-c6c0-4808-9a80-0f6c29a2c423}\ (8 subtraces) (ID = 673123)
10:17: HKLM\software\classes\interface\{bc190da5-0187-4d99-b3ac-6c45ea1b9324}\ (8 subtraces) (ID = 673134)
10:17: HKLM\software\classes\typelib\{71efe583-62fe-4419-9918-ca3b683f7b36}\ (9 subtraces) (ID = 673163)
10:17: HKLM\software\classes\typelib\{b5901229-25cc-43c9-b604-3bb6ac2b48a5}\ (9 subtraces) (ID = 673175)
10:17: HKLM\software\classes\typelib\{c83daed4-0611-4f7a-978e-7feafcb2f91b}\ (9 subtraces) (ID = 673177)
10:17: HKLM\software\hbtools\ (7 subtraces) (ID = 673184)
10:17: HKLM\software\microsoft\internet explorer\explorer bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e}\ (1 subtraces) (ID = 673189)
10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\microsoft\internet explorer\extensions\cmdmapping\ || {946b3e9e-e21a-49c8-9f63-900533fafe14} (ID = 673195)
10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\microsoft\internet explorer\extensions\cmdmapping\ || {e77eda01-3c56-4a96-8d08-02b42891c169} (ID = 673196)
10:17: HKCR\typelib\{71efe583-62fe-4419-9918-ca3b683f7b36}\ (9 subtraces) (ID = 673261)
10:17: HKCR\typelib\{b5901229-25cc-43c9-b604-3bb6ac2b48a5}\ (9 subtraces) (ID = 673274)
10:17: HKCR\typelib\{c83daed4-0611-4f7a-978e-7feafcb2f91b}\ (9 subtraces) (ID = 673276)
10:17: Found Adware: internetoptimizer
10:17: HKLM\software\microsoft\windows\currentversion\pol icies\ameopt\ (ID = 674551)
10:17: HKLM\software\microsoft\windows\currentversion\uni nstall\kapabout\ (2 subtraces) (ID = 674563)
10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\policies\avenue media\ (ID = 674567)
10:17: HKLM\software\policies\avenue media\ (ID = 674568)
10:17: Found Adware: istbar
10:17: HKLM\software\classes\clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a}\ (3 subtraces) (ID = 674735)
10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\ist\ (5 subtraces) (ID = 674760)
10:17: Found Adware: 180search assistant
10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\180solutions\ (ID = 681215)
10:17: Found Adware: powerscan
10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\powerscan\ (1 subtraces) (ID = 682278)
10:17: HKLM\software\powerscan\ (1 subtraces) (ID = 682279)
10:17: Found Adware: savenow - whenusave
10:17: HKLM\software\classes\wuse.1\ (1 subtraces) (ID = 685868)
10:17: HKLM\software\classes\wusn.1\ (1 subtraces) (ID = 685869)
10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\whenu\ (ID = 685894)
10:17: HKCR\wuse.1\ (1 subtraces) (ID = 685901)
10:17: HKCR\wusn.1\ (1 subtraces) (ID = 685902)
10:17: Found Adware: screensavers
10:17: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 685994)
10:17: HKCR\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (2 subtraces) (ID = 685995)
10:17: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 685999)
10:17: HKLM\software\classes\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (2 subtraces) (ID = 686000)
10:17: Found Adware: bho_sidefind
10:17: HKCR\clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (2 subtraces) (ID = 687177)
10:17: HKCR\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ (8 subtraces) (ID = 687179)
10:17: HKCR\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ (8 subtraces) (ID = 687180)
10:17: HKLM\software\classes\clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (2 subtraces) (ID = 687184)
10:17: HKLM\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ (8 subtraces) (ID = 687186)
10:17: HKLM\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ (8 subtraces) (ID = 687187)
10:17: HKLM\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\ (9 subtraces) (ID = 687189)
10:17: HKLM\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\ (9 subtraces) (ID = 687190)
10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (1 subtraces) (ID = 687191)
10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 687192)
10:17: HKLM\software\microsoft\sidefind\ (2 subtraces) (ID = 687194)
10:17: HKCR\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\ (9 subtraces) (ID = 687198)
10:17: HKCR\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\ (9 subtraces) (ID = 687199)
10:17: Found Adware: sidesearch
10:17: HKCR\clsid\{ffffda2c-a0d5-4d60-8ee1-1b7f8929e24d}\ (4 subtraces) (ID = 687202)
10:17: HKLM\software\classes\clsid\{ffffda2c-a0d5-4d60-8ee1-1b7f8929e24d}\ (4 subtraces) (ID = 687203)
10:17: HKLM\software\lycos\ (ID = 687204)
10:17: HKLM\software\microsoft\windows\currentversion\exp lorer\browser helper objects\{ffffda2c-a0d5-4d60-8ee1-1b7f8929e24d}\ (ID = 687210)
10:17: HKLM\software\microsoft\windows\currentversion\she ll extensions\approved\ || {ffffda2c-a0d5-4d60-8ee1-1b7f8929e24d} (ID = 687213)
10:17: Found Adware: swimsuitnetwork
10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\webinstall\ (3 subtraces) (ID = 688895)
10:17: Found Adware: teenxxx (tinybar)
10:17: HKCR\apuc.urlcatcher.1\ (3 subtraces) (ID = 689097)
10:17: HKCR\apuc.urlcatcher\ (3 subtraces) (ID = 689098)
10:17: HKCR\clsid\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}\ (9 subtraces) (ID = 689104)
10:17: HKCR\interface\{c6906a23-4717-4e1f-b6fd-f06ebed14177}\ (8 subtraces) (ID = 689108)
10:17: HKLM\software\microsoft\windows\currentversion\exp lorer\browser helper objects\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}\ (ID = 689121)
10:17: Found Adware: top20results.com hijack
10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\microsoft\internet explorer\main\ || start page (ID = 689280)
10:17: Registry Sweep Complete, Elapsed Time:00:00:38
10:17: Starting Cookie Sweep
10:17: Found Cookie: com.com cookie
10:17: [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız][1].txt (ID = 26129)
10:17: Found Cookie: internetfuel cookie
10:17: gokhan@internetfuel[1].txt (ID = 26558)
10:17: [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız][1].txt (ID = 26129)
10:17: Found Cookie: realmedia cookie
10:17: gokhan@realmedia[1].txt (ID = 26910)
10:17: Found Cookie: bpath cookie
10:17: gokhan@ads18.bpath[1].txt (ID = 26004)
10:17: Found Cookie: advertising cookie
10:17: gokhan@advertising[1].txt (ID = 25865)
10:17: Found Cookie: servedby advertising cookie
10:17: gokhan@servedby.advertising[1].txt (ID = 27012)
10:17: Found Cookie: hitbox cookie
10:17: gokhan@hg1.hitbox[1].txt (ID = 26468)
10:17: [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız].com[2].txt (ID = 26129)
10:17: gokhan@hitbox[2].txt (ID = 26468)
10:17: [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız][1].txt (ID = 26129)
10:17: Found Cookie: 180solutions cookie
10:17: gokhan@180solutions[2].txt (ID = 25623)
10:17: [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız][2].txt (ID = 26129)
10:17: Found Cookie: belnk cookie
10:17: gokhan@dist.belnk[2].txt (ID = 25976)
10:17: Found Cookie: fastclick cookie
10:17: gokhan@fastclick[1].txt (ID = 26337)
10:17: Found Cookie: domainsponsor cookie
10:17: gokhan@landing.domainsponsor[1].txt (ID = 26219)
10:17: gokhan@domainsponsor[1].txt (ID = 26217)
10:17: Found Cookie: revenue.net cookie
10:17: gokhan@revenue[2].txt (ID = 26934)
10:17: Found Cookie: gostats cookie
10:17: gokhan@c2.gostats[2].txt (ID = 26432)
10:17: [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız][3].txt (ID = 26129)
10:17: Found Cookie: spylog cookie
10:17: gokhan@spylog[2].txt (ID = 27090)
10:17: Found Cookie: atlas dmt cookie
10:17: gokhan@atdmt[1].txt (ID = 25937)
10:17: gokhan@advertising[2].txt (ID = 25865)
10:17: Found Cookie: xiti cookie
10:17: gokhan@xiti[1].txt (ID = 27382)
10:17: Found Cookie: rambler cookie
10:17: gokhan@rambler[1].txt (ID = 26900)
10:17: gokhan@fastclick[2].txt (ID = 26337)
10:17: Found Cookie: casalemedia cookie
10:17: gokhan@casalemedia[1].txt (ID = 26038)
10:17: Found Cookie: tribalfusion cookie
10:17: gokhan@tribalfusion[1].txt (ID = 27262)
10:17: gokhan@belnk[1].txt (ID = 25976)
10:17: gokhan@dist.belnk[3].txt (ID = 25976)
10:17: gokhan@servedby.advertising[3].txt (ID = 27012)
10:17: Cookie Sweep Complete, Elapsed Time: 00:00:02
10:17: Warning: Failed to open file "c:\pagefile.sys". Erişim engellendi
10:17: Starting File Sweep
10:19: bs3.dll (ID = 582065)
10:20: Found System Monitor: hookdump
10:20: hookdump.exe (ID = 593219)
10:20: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Run || Intel system tool (ID = 0)
10:20: Warning: Failed to open file "c:\windows\system32\config\system.log". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor
10:20: Warning: Failed to open file "c:\windows\system32\config\software.log". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor
10:20: Warning: Failed to open file "c:\windows\system32\config\default.log". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor
10:20: Warning: Failed to open file "c:\windows\system32\config\sam.log". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor
10:20: Found Adware: marketscore
10:20: Warning: Failed to open file "c:\windows\system32\config\security.log". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor
10:20: okshook.dll (ID = 600589)
10:20: Warning: Failed to open file "c:\windows\system32\config\default". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor
10:20: Warning: Failed to open file "c:\windows\system32\config\security". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor
10:20: Warning: Failed to open file "c:\windows\system32\config\software". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor
10:20: Warning: Failed to open file "c:\windows\system32\config\system". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor
10:20: Warning: Failed to open file "c:\windows\system32\config\sam". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor
10:22: autoheal.exe (ID = 580898)
10:22: azentretien.dll (ID = 580755)
10:22: azesearch.bmp (ID = 580757)
10:22: instsrv.exe (ID = 581064)
10:22: rk.exe (ID = 600603)
10:22: osmim.dll (ID = 600593)
10:22: rk.bin (ID = 600602)
10:24: Found Adware: sexfiles dialers
10:24: dating.lnk (ID = 607282)
10:24: Warning: Failed to open file "c:\documents and settings\gokhan\ntuser.dat". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor
10:24: Warning: Failed to open file "c:\documents and settings\gokhan\ntuser.dat.log". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor
10:24: Warning: Failed to open file "c:\documents and settings\gokhan\local settings\temporary internet files\content.ie5\epp63eh4\*******". Sistem belirtilen dosyayı bulamıyor
10:25: Warning: Failed to open file "c:\documents and settings\gokhan\local settings\application data\microsoft\windows\usrclass.dat.log". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor
10:25: Warning: Failed to open file "c:\documents and settings\gokhan\local settings\application data\microsoft\windows\usrclass.dat". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor
10:25: azentretien[1].dll (ID = 580755)
10:25: azesearch[1].bmp (ID = 580757)
10:25: azentretien[1].reg (ID = 580756)
10:26: Found Trojan Horse: 2nd-thought
10:26: c:\program files\common files\slmss (1 subtraces) (ID = 578636)
10:27: File Sweep Complete, Elapsed Time: 00:09:42
10:27: Full Sweep has completed. Elapsed time 00:12:10
10:27: Traces Found: 765
********
09:59: |··· Start of Session, 13 Haziran 2005 Pazartesi ···|
09:59: Spy Sweeper started
09:59: Download has been canceled at your request.
10:00: Messenger service has been disabled.
10:15: Program Version 4.0.3 (Build 363) Using Spyware Definitions 492
10:15: |··· End of Session, 13 Haziran 2005 Pazartesi ···|

derinhoca · 13-06-05, 16:44

ARKADAŞLARlog umdaki hataları yazın sizi bekliyorum.yardımcıolun

kaan · 13-06-05, 17:42

yolladığın log spysweeper programına ait... bu logu değil, hijackthis programını indirip onunla alacağın logu yollayacaksın... sabit başlıklardaki hijackthis topiclerine bir gözat, orada programı indirebileceğin link ve logu nasıl alacağın anlatıldı...

derinhoca · 13-06-05, 18:11

Logfile of HijackThis v1.99.1
Scan saved at 17:10:41, on 13.06.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\tr-tr\msnappau.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\gokhan\LOCALS~1\Temp\Rar$EX00.074\Hija ckThis.exe
C:\DOCUME~1\gokhan\LOCALS~1\Temp\Rar$EX00.988\Hija ckThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\tr-tr\msntb.dll
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\tr-tr\msnappau.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız] (HKLM)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız]
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

kaan · 13-06-05, 19:00

hijackthisi çalıştır, scan only yazan yere tıkla ve sadece şu satırın yanındaki kutuyu seçip fix checked yap;

O15 - Trusted Zone: [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız] (HKLM)

ilk yolladığın loga göre sistemin enfekte olmuştu oldukça, ancak spysweeper hakkından gelmiş... log dosyan temiz...

13-06-05, 15:30	#1
derinhoca Üye Giriş Tarihi: 25-04-2005 Yaş: 35 Mesajlar: 156 Rep Puanı: 2375 Rep Gücü: 83	log bulaşan virüs mü arkadaşlar bilgisayarıma birşey bulaştı ne olduğunu bilmiyorum.log dosyası gönderiyorum.bilgi verirseniz sevinirm ****** 10:15: \|··· Start of Session, 13 Haziran 2005 Pazartesi ···\| 10:15: Spy Sweeper started 10:15: Sweep initiated using definitions version 492 10:15: Starting Memory Sweep 10:16: Memory Sweep Complete, Elapsed Time: 00:01:40 10:16: Starting Registry Sweep 10:16: Found Adware: azsearch toolbar 10:16: HKCR\azentretien.loader\ (5 subtraces) (ID = 649578) 10:16: HKCR\clsid\{0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}\ (11 subtraces) (ID = 649579) 10:16: HKCR\clsid\{a19ef336-01d4-48e6-926a-fe7e1c747aed}\ (11 subtraces) (ID = 649581) 10:16: HKCR\clsid\{ba048011-957f-4ba0-a804-62c28d96f878}\ (20 subtraces) (ID = 649583) 10:16: HKCR\clsid\{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}\ (11 subtraces) (ID = 649585) 10:16: HKLM\software\azentretienco\ (3 subtraces) (ID = 649595) 10:16: HKLM\software\azesearchco\ (21 subtraces) (ID = 649596) 10:16: HKLM\software\classes\azentretien.loader.1\ (3 subtraces) (ID = 649599) 10:16: HKLM\software\classes\azentretien.loader\ (5 subtraces) (ID = 649600) 10:16: HKLM\software\classes\clsid\{0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}\ (11 subtraces) (ID = 649601) 10:16: HKLM\software\classes\clsid\{a19ef336-01d4-48e6-926a-fe7e1c747aed}\ (11 subtraces) (ID = 649603) 10:16: HKLM\software\classes\clsid\{ba048011-957f-4ba0-a804-62c28d96f878}\ (20 subtraces) (ID = 649605) 10:16: HKLM\software\classes\clsid\{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}\ (11 subtraces) (ID = 649607) 10:16: HKLM\software\classes\typelib\{42fc3840-020c-4e93-a34c-4df1a6330fbb}\ (9 subtraces) (ID = 649620) 10:16: HKLM\software\classes\ztoolbar.activator.1\ (3 subtraces) (ID = 649623) 10:16: HKLM\software\classes\ztoolbar.activator.1\clsid\ (1 subtraces) (ID = 649624) 10:16: HKLM\software\classes\ztoolbar.activator\ (5 subtraces) (ID = 649625) 10:16: HKLM\software\classes\ztoolbar.paramwr.1\ (3 subtraces) (ID = 649626) 10:16: HKLM\software\classes\ztoolbar.paramwr\ (5 subtraces) (ID = 649627) 10:16: HKLM\software\classes\ztoolbar.stockbar.1\ (3 subtraces) (ID = 649628) 10:16: HKLM\software\classes\ztoolbar.stockbar\ (5 subtraces) (ID = 649629) 10:16: HKLM\software\microsoft\internet explorer\toolbar\ \|\| {a19ef336-01d4-48e6-926a-fe7e1c747aed} (ID = 649633) 10:16: HKLM\software\microsoft\windows\currentversion\exp lorer\browser helper objects\{0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}\ (ID = 649635) 10:16: HKLM\software\microsoft\windows\currentversion\exp lorer\browser helper objects\{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}\ (ID = 649637) 10:16: HKCR\typelib\{42fc3840-020c-4e93-a34c-4df1a6330fbb}\ (9 subtraces) (ID = 649643) 10:16: HKCR\ztoolbar.activator.1\ (3 subtraces) (ID = 649646) 10:16: HKCR\ztoolbar.activator\ (5 subtraces) (ID = 649647) 10:16: HKCR\ztoolbar.paramwr.1\ (3 subtraces) (ID = 649648) 10:16: HKCR\ztoolbar.paramwr\ (5 subtraces) (ID = 649649) 10:16: HKCR\ztoolbar.stockbar.1\ (3 subtraces) (ID = 649650) 10:16: HKCR\ztoolbar.stockbar\ (5 subtraces) (ID = 649651) 10:16: Found Adware: bargain buddy 10:16: HKCR\apuc.urlcatcher.1\ (3 subtraces) (ID = 649693) 10:16: HKCR\apuc.urlcatcher\ (3 subtraces) (ID = 649694) 10:16: HKCR\clsid\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}\ (9 subtraces) (ID = 649695) 10:16: HKCR\interface\{c6906a23-4717-4e1f-b6fd-f06ebed14177}\ (8 subtraces) (ID = 649698) 10:16: HKLM\software\microsoft\windows\currentversion\exp lorer\browser helper objects\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}\ (ID = 649709) 10:16: HKCR\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516a2a3}\ (9 subtraces) (ID = 649719) 10:16: Found Adware: bookedspace 10:16: HKCR\appid\bookedspace.dll\ (1 subtraces) (ID = 650518) 10:16: HKCR\appid\{5cd19420-b328-47d5-a55f-1c07638efdf8}\ (1 subtraces) (ID = 650520) 10:16: HKCR\bookedspace.extension.3\ (3 subtraces) (ID = 650521) 10:16: HKCR\bookedspace.extension\ (5 subtraces) (ID = 650523) 10:16: HKCR\clsid\{a85c4a1b-bd36-44e5-a70f-8ec347d9b24f}\ (12 subtraces) (ID = 650525) 10:16: HKLM\software\bookedspace\ (37 subtraces) (ID = 650527) 10:16: HKLM\software\classes\appid\bookedspace.dll\ (1 subtraces) (ID = 650528) 10:16: HKLM\software\classes\appid\{5cd19420-b328-47d5-a55f-1c07638efdf8}\ (1 subtraces) (ID = 650530) 10:16: HKLM\software\classes\bookedspace.extension\ (5 subtraces) (ID = 650531) 10:16: HKLM\software\classes\clsid\{a85c4a1b-bd36-44e5-a70f-8ec347d9b24f}\ (12 subtraces) (ID = 650533) 10:16: HKLM\software\classes\typelib\{5cd19420-b328-47d5-a55f-1c07638efdf8}\ (9 subtraces) (ID = 650536) 10:16: HKLM\software\microsoft\windows\currentversion\exp lorer\browser helper objects\{a85c4a1b-bd36-44e5-a70f-8ec347d9b24f}\ (ID = 650539) 10:16: HKCR\typelib\{5cd19420-b328-47d5-a55f-1c07638efdf8}\ (9 subtraces) (ID = 650549) 10:17: Found Adware: cws-aboutblank 10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\microsoft\internet explorer\main\ \|\| search page_bak (ID = 661616) 10:17: Found Adware: dapsol dialer 10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\microsoft\internet explorer\main\ \|\| conc (ID = 670382) 10:17: Found Adware: downloadware 10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\downloadware\ (16 subtraces) (ID = 671067) 10:17: HKLM\software\downloadware\ (2 subtraces) (ID = 671068) 10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\webinstall\ (3 subtraces) (ID = 671078) 10:17: Found Adware: exactsearchbar 10:17: HKLM\software\microsoft\windows\currentversion\she ll extensions\approved\ \|\| {224530a0-c9cb-4aee-9c0f-54ac1b533211} (ID = 671542) 10:17: Found Adware: hotbar 10:17: HKCR\interface\{3f04cbf7-cd62-4403-b090-b432dedcb159}\ (8 subtraces) (ID = 672943) 10:17: HKCR\interface\{8578d35e-c6c0-4808-9a80-0f6c29a2c423}\ (8 subtraces) (ID = 672958) 10:17: HKCR\interface\{bc190da5-0187-4d99-b3ac-6c45ea1b9324}\ (8 subtraces) (ID = 672972) 10:17: HKLM\software\classes\interface\{3f04cbf7-cd62-4403-b090-b432dedcb159}\ (8 subtraces) (ID = 673109) 10:17: HKLM\software\classes\interface\{8578d35e-c6c0-4808-9a80-0f6c29a2c423}\ (8 subtraces) (ID = 673123) 10:17: HKLM\software\classes\interface\{bc190da5-0187-4d99-b3ac-6c45ea1b9324}\ (8 subtraces) (ID = 673134) 10:17: HKLM\software\classes\typelib\{71efe583-62fe-4419-9918-ca3b683f7b36}\ (9 subtraces) (ID = 673163) 10:17: HKLM\software\classes\typelib\{b5901229-25cc-43c9-b604-3bb6ac2b48a5}\ (9 subtraces) (ID = 673175) 10:17: HKLM\software\classes\typelib\{c83daed4-0611-4f7a-978e-7feafcb2f91b}\ (9 subtraces) (ID = 673177) 10:17: HKLM\software\hbtools\ (7 subtraces) (ID = 673184) 10:17: HKLM\software\microsoft\internet explorer\explorer bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e}\ (1 subtraces) (ID = 673189) 10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\microsoft\internet explorer\extensions\cmdmapping\ \|\| {946b3e9e-e21a-49c8-9f63-900533fafe14} (ID = 673195) 10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\microsoft\internet explorer\extensions\cmdmapping\ \|\| {e77eda01-3c56-4a96-8d08-02b42891c169} (ID = 673196) 10:17: HKCR\typelib\{71efe583-62fe-4419-9918-ca3b683f7b36}\ (9 subtraces) (ID = 673261) 10:17: HKCR\typelib\{b5901229-25cc-43c9-b604-3bb6ac2b48a5}\ (9 subtraces) (ID = 673274) 10:17: HKCR\typelib\{c83daed4-0611-4f7a-978e-7feafcb2f91b}\ (9 subtraces) (ID = 673276) 10:17: Found Adware: internetoptimizer 10:17: HKLM\software\microsoft\windows\currentversion\pol icies\ameopt\ (ID = 674551) 10:17: HKLM\software\microsoft\windows\currentversion\uni nstall\kapabout\ (2 subtraces) (ID = 674563) 10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\policies\avenue media\ (ID = 674567) 10:17: HKLM\software\policies\avenue media\ (ID = 674568) 10:17: Found Adware: istbar 10:17: HKLM\software\classes\clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a}\ (3 subtraces) (ID = 674735) 10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\ist\ (5 subtraces) (ID = 674760) 10:17: Found Adware: 180search assistant 10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\180solutions\ (ID = 681215) 10:17: Found Adware: powerscan 10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\powerscan\ (1 subtraces) (ID = 682278) 10:17: HKLM\software\powerscan\ (1 subtraces) (ID = 682279) 10:17: Found Adware: savenow - whenusave 10:17: HKLM\software\classes\wuse.1\ (1 subtraces) (ID = 685868) 10:17: HKLM\software\classes\wusn.1\ (1 subtraces) (ID = 685869) 10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\whenu\ (ID = 685894) 10:17: HKCR\wuse.1\ (1 subtraces) (ID = 685901) 10:17: HKCR\wusn.1\ (1 subtraces) (ID = 685902) 10:17: Found Adware: screensavers 10:17: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 685994) 10:17: HKCR\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (2 subtraces) (ID = 685995) 10:17: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 685999) 10:17: HKLM\software\classes\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (2 subtraces) (ID = 686000) 10:17: Found Adware: bho_sidefind 10:17: HKCR\clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (2 subtraces) (ID = 687177) 10:17: HKCR\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ (8 subtraces) (ID = 687179) 10:17: HKCR\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ (8 subtraces) (ID = 687180) 10:17: HKLM\software\classes\clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (2 subtraces) (ID = 687184) 10:17: HKLM\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ (8 subtraces) (ID = 687186) 10:17: HKLM\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ (8 subtraces) (ID = 687187) 10:17: HKLM\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\ (9 subtraces) (ID = 687189) 10:17: HKLM\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\ (9 subtraces) (ID = 687190) 10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (1 subtraces) (ID = 687191) 10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\microsoft\internet explorer\extensions\cmdmapping\ \|\| {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 687192) 10:17: HKLM\software\microsoft\sidefind\ (2 subtraces) (ID = 687194) 10:17: HKCR\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\ (9 subtraces) (ID = 687198) 10:17: HKCR\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\ (9 subtraces) (ID = 687199) 10:17: Found Adware: sidesearch 10:17: HKCR\clsid\{ffffda2c-a0d5-4d60-8ee1-1b7f8929e24d}\ (4 subtraces) (ID = 687202) 10:17: HKLM\software\classes\clsid\{ffffda2c-a0d5-4d60-8ee1-1b7f8929e24d}\ (4 subtraces) (ID = 687203) 10:17: HKLM\software\lycos\ (ID = 687204) 10:17: HKLM\software\microsoft\windows\currentversion\exp lorer\browser helper objects\{ffffda2c-a0d5-4d60-8ee1-1b7f8929e24d}\ (ID = 687210) 10:17: HKLM\software\microsoft\windows\currentversion\she ll extensions\approved\ \|\| {ffffda2c-a0d5-4d60-8ee1-1b7f8929e24d} (ID = 687213) 10:17: Found Adware: swimsuitnetwork 10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\webinstall\ (3 subtraces) (ID = 688895) 10:17: Found Adware: teenxxx (tinybar) 10:17: HKCR\apuc.urlcatcher.1\ (3 subtraces) (ID = 689097) 10:17: HKCR\apuc.urlcatcher\ (3 subtraces) (ID = 689098) 10:17: HKCR\clsid\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}\ (9 subtraces) (ID = 689104) 10:17: HKCR\interface\{c6906a23-4717-4e1f-b6fd-f06ebed14177}\ (8 subtraces) (ID = 689108) 10:17: HKLM\software\microsoft\windows\currentversion\exp lorer\browser helper objects\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}\ (ID = 689121) 10:17: Found Adware: top20results.com hijack 10:17: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\software\microsoft\internet explorer\main\ \|\| start page (ID = 689280) 10:17: Registry Sweep Complete, Elapsed Time:00:00:38 10:17: Starting Cookie Sweep 10:17: Found Cookie: com.com cookie 10:17: [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız][1].txt (ID = 26129) 10:17: Found Cookie: internetfuel cookie 10:17: gokhan@internetfuel[1].txt (ID = 26558) 10:17: [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız][1].txt (ID = 26129) 10:17: Found Cookie: realmedia cookie 10:17: gokhan@realmedia[1].txt (ID = 26910) 10:17: Found Cookie: bpath cookie 10:17: gokhan@ads18.bpath[1].txt (ID = 26004) 10:17: Found Cookie: advertising cookie 10:17: gokhan@advertising[1].txt (ID = 25865) 10:17: Found Cookie: servedby advertising cookie 10:17: gokhan@servedby.advertising[1].txt (ID = 27012) 10:17: Found Cookie: hitbox cookie 10:17: gokhan@hg1.hitbox[1].txt (ID = 26468) 10:17: [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız].com[2].txt (ID = 26129) 10:17: gokhan@hitbox[2].txt (ID = 26468) 10:17: [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız][1].txt (ID = 26129) 10:17: Found Cookie: 180solutions cookie 10:17: gokhan@180solutions[2].txt (ID = 25623) 10:17: [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız][2].txt (ID = 26129) 10:17: Found Cookie: belnk cookie 10:17: gokhan@dist.belnk[2].txt (ID = 25976) 10:17: Found Cookie: fastclick cookie 10:17: gokhan@fastclick[1].txt (ID = 26337) 10:17: Found Cookie: domainsponsor cookie 10:17: gokhan@landing.domainsponsor[1].txt (ID = 26219) 10:17: gokhan@domainsponsor[1].txt (ID = 26217) 10:17: Found Cookie: revenue.net cookie 10:17: gokhan@revenue[2].txt (ID = 26934) 10:17: Found Cookie: gostats cookie 10:17: gokhan@c2.gostats[2].txt (ID = 26432) 10:17: [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız][3].txt (ID = 26129) 10:17: Found Cookie: spylog cookie 10:17: gokhan@spylog[2].txt (ID = 27090) 10:17: Found Cookie: atlas dmt cookie 10:17: gokhan@atdmt[1].txt (ID = 25937) 10:17: gokhan@advertising[2].txt (ID = 25865) 10:17: Found Cookie: xiti cookie 10:17: gokhan@xiti[1].txt (ID = 27382) 10:17: Found Cookie: rambler cookie 10:17: gokhan@rambler[1].txt (ID = 26900) 10:17: gokhan@fastclick[2].txt (ID = 26337) 10:17: Found Cookie: casalemedia cookie 10:17: gokhan@casalemedia[1].txt (ID = 26038) 10:17: Found Cookie: tribalfusion cookie 10:17: gokhan@tribalfusion[1].txt (ID = 27262) 10:17: gokhan@belnk[1].txt (ID = 25976) 10:17: gokhan@dist.belnk[3].txt (ID = 25976) 10:17: gokhan@servedby.advertising[3].txt (ID = 27012) 10:17: Cookie Sweep Complete, Elapsed Time: 00:00:02 10:17: Warning: Failed to open file "c:\pagefile.sys". Erişim engellendi 10:17: Starting File Sweep 10:19: bs3.dll (ID = 582065) 10:20: Found System Monitor: hookdump 10:20: hookdump.exe (ID = 593219) 10:20: HKU\S-1-5-21-1547161642-2111687655-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Run \|\| Intel system tool (ID = 0) 10:20: Warning: Failed to open file "c:\windows\system32\config\system.log". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor 10:20: Warning: Failed to open file "c:\windows\system32\config\software.log". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor 10:20: Warning: Failed to open file "c:\windows\system32\config\default.log". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor 10:20: Warning: Failed to open file "c:\windows\system32\config\sam.log". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor 10:20: Found Adware: marketscore 10:20: Warning: Failed to open file "c:\windows\system32\config\security.log". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor 10:20: okshook.dll (ID = 600589) 10:20: Warning: Failed to open file "c:\windows\system32\config\default". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor 10:20: Warning: Failed to open file "c:\windows\system32\config\security". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor 10:20: Warning: Failed to open file "c:\windows\system32\config\software". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor 10:20: Warning: Failed to open file "c:\windows\system32\config\system". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor 10:20: Warning: Failed to open file "c:\windows\system32\config\sam". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor 10:22: autoheal.exe (ID = 580898) 10:22: azentretien.dll (ID = 580755) 10:22: azesearch.bmp (ID = 580757) 10:22: instsrv.exe (ID = 581064) 10:22: rk.exe (ID = 600603) 10:22: osmim.dll (ID = 600593) 10:22: rk.bin (ID = 600602) 10:24: Found Adware: sexfiles dialers 10:24: dating.lnk (ID = 607282) 10:24: Warning: Failed to open file "c:\documents and settings\gokhan\ntuser.dat". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor 10:24: Warning: Failed to open file "c:\documents and settings\gokhan\ntuser.dat.log". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor 10:24: Warning: Failed to open file "c:\documents and settings\gokhan\local settings\temporary internet files\content.ie5\epp63eh4\***". Sistem belirtilen dosyayı bulamıyor 10:25: Warning: Failed to open file "c:\documents and settings\gokhan\local settings\application data\microsoft\windows\usrclass.dat.log". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor 10:25: Warning: Failed to open file "c:\documents and settings\gokhan\local settings\application data\microsoft\windows\usrclass.dat". Dosya başka bir işlem tarafından kullanıldığından bu işlem dosyaya erişemiyor 10:25: azentretien[1].dll (ID = 580755) 10:25: azesearch[1].bmp (ID = 580757) 10:25: azentretien[1].reg (ID = 580756) 10:26: Found Trojan Horse: 2nd-thought 10:26: c:\program files\common files\slmss (1 subtraces) (ID = 578636) 10:27: File Sweep Complete, Elapsed Time: 00:09:42 10:27: Full Sweep has completed. Elapsed time 00:12:10 10:27: Traces Found: 765 ****** 09:59: \|··· Start of Session, 13 Haziran 2005 Pazartesi ···\| 09:59: Spy Sweeper started 09:59: Download has been canceled at your request. 10:00: Messenger service has been disabled. 10:15: Program Version 4.0.3 (Build 363) Using Spyware Definitions 492 10:15: \|··· End of Session, 13 Haziran 2005 Pazartesi ···\|

13-06-05, 16:44	#2
derinhoca Üye Giriş Tarihi: 25-04-2005 Yaş: 35 Mesajlar: 156 Rep Puanı: 2375 Rep Gücü: 83	Cvp: log bulaşan virüs mü ARKADAŞLARlog umdaki hataları yazın sizi bekliyorum.yardımcıolun

13-06-05, 17:42	#3
kaan Sadık Üye Giriş Tarihi: 05-03-2004 Yer: veriyorlar artık otobüslerde bana... Yaş: 35 Mesajlar: 2,763 Rep Puanı: 15786372 Rep Gücü: 157963	Cvp: log bulaşan virüs mü yolladığın log spysweeper programına ait... bu logu değil, hijackthis programını indirip onunla alacağın logu yollayacaksın... sabit başlıklardaki hijackthis topiclerine bir gözat, orada programı indirebileceğin link ve logu nasıl alacağın anlatıldı...

13-06-05, 18:11	#4
derinhoca Üye Giriş Tarihi: 25-04-2005 Yaş: 35 Mesajlar: 156 Rep Puanı: 2375 Rep Gücü: 83	Cvp: hj log bulaşan virüs mü Logfile of HijackThis v1.99.1 Scan saved at 17:10:41, on 13.06.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\tr-tr\msnappau.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Winamp\Winampa.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\gokhan\LOCALS~1\Temp\Rar$EX00.074\Hija ckThis.exe C:\DOCUME~1\gokhan\LOCALS~1\Temp\Rar$EX00.988\Hija ckThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız] R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\tr-tr\msntb.dll O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\tr-tr\msnappau.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız] (HKLM) O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız] O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız] O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

13-06-05, 19:00	#5
kaan Sadık Üye Giriş Tarihi: 05-03-2004 Yer: veriyorlar artık otobüslerde bana... Yaş: 35 Mesajlar: 2,763 Rep Puanı: 15786372 Rep Gücü: 157963	Cvp: log bulaşan virüs mü hijackthisi çalıştır, scan only yazan yere tıkla ve sadece şu satırın yanındaki kutuyu seçip fix checked yap; O15 - Trusted Zone: [Linkleri sadece kayıtlı üyelerimiz görebilir.ForumTR üyesi olmak için tıklayınız] (HKLM) ilk yolladığın loga göre sistemin enfekte olmuştu oldukça, ancak spysweeper hakkından gelmiş... log dosyan temiz...

ForumTR'ye Reklam Vermek İçin Tıklayınız: network@frmtr.com

Konu Araçları
Çıktı Görüntüsünü Göster Sayfayı E-posta İle Yolla