Forum
Bildirimler
Hepsini Temizle
Güvenlik Genel
10
Yazılar
4
Üyeler
0
Reactions
894
Görüntüleme
Konu başlatıcı
Arkadaşlar öncelikle merhaba. Bilgisayarıma flaştan bulaşan bir virüs musallat oldu. Chrome oyunlara her şeye bulaşıp yavaşlatıyor bilgisayarım kullanıılamaz hale geldi yardım edin kaspersky denedim combofix denedim olmadı. Lütfen yardım edin bıktım autorun.inf oluyor yanında asdas.pif ve asdasd.exe oluyor silinse de kendini diğer 3 diske de atıyor. özellikle belirtmeliyim ki sistem ayrıldı adlı diske de bulaşmış durumda. Çok eski fotoğraflar var format atamıyorum üzerine win8 yükledim ona da bulaştı çift işletim sistemi var ve ikisinde de virüs var başa çıkamadım lütfen yardım edin.
[url= http://i.hizliresim.com/e7JaOL.jp g" target="_blank">http://i.hizliresim.com/e7JaOL.jp g"/> [/img][/url]
[url= http://i.hizliresim.com/KPd1Rd.jp g" target="_blank">http://i.hizliresim.com/KPd1Rd.jp g"/> [/img][/url]
[url= http://i.hizliresim.com/KggrN0.jp g" target="_blank">http://i.hizliresim.com/KggrN0.jp g"/> [/img][/url]
[url= http://i.hizliresim.com/KZ6Xro.jp g" target="_blank">http://i.hizliresim.com/KZ6Xro.jp g"/> [/img][/url]
[url= http://i.hizliresim.com/eo5XLR.jp g" target="_blank">http://i.hizliresim.com/eo5XLR.jp g"/> [/img][/url]
Combofix.log:
ComboFix 14-03-03.02 - MURAT 03.03.2014 23:14:32.1.2 - x86 MINIMAL
Microsoft Windows 8 Pro 6.2.9200.0.1254.90.1055.18.3061.2248 [GMT 2:00]
Running from: c:\users\MURAT\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\qakm.exe
c:\users\MURAT\AppData\Local\Temp\6853.tmp
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\app.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\aboutSupport.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\addonfs.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\addonmgr.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\addonStatus.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\barnavig.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\blacklist.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\bookmarks.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\branding.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\clids.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\cloudsource.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\colors.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\databaseMigration.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\dataprovider.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\fastdial.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\favicons.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\installer.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\layout.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\migration.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\migration\install.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\migration\l-2_0.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\migration\l-2_3.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\package.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\protocolSupport.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\safebrowsing.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\searchExample.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\searchSuggest.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\strbundle.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\sync.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\syncPinned.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\syncTopHistory.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\tasksRunner.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\thumbs.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\usageHistory.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\ycookie.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\chrome.manifest
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\chrome\yandex-vb.jar
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\components\core.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\components\vb.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\config.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\defaults\preferences\yandex-vb.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\defaults\vendor\vendor.xml
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\install.rdf
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\AddonManager.jsm
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\DataURI.jsm
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\Foundation.jsm
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\async.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\database.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\dlqueue.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\ecustom.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\fileutils.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\legacy.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\misc.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\netutils.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\patterns.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\promise.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\strutils.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\sysutils.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\task.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\xmlutils.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\Log4Moz.jsm
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\Preferences.jsm
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\SimpleHTMLParser.jsm
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\SimpleProtocol.jsm
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\Stemmer.jsm
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\wc.jsm
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\WindowListener.jsm
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\WinReg.jsm
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\bar.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\aboutSupport.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\addonfs.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\addonmgr.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\addonStatus.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\anonymousStatistic.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\autoinst.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\barnavig.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\brand_prov.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\branding.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\browserUsage.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\clids.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\compsusage.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\defender.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\distribution.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\incoming.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\installer.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\migration.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\migration\install.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\migration\l-5_2_0.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\migration\l-6_4_0.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\migration\l-7_0_0.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\migration\l-7_6_0.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\migration\l-7_8_0.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\migration\l-7_8_1.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\native\barplugin.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\native\brandsvc.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\native\compapi.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\native\ncparser.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\native\npwidget.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\native\sliceapi.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\native_comps.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\overlay_prov.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\pacman.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\platform.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\platform\blacklist.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\platform\cachedres.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\platform\manifest.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\platform\package.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\platform\permissions.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\platform\preset-with-manifest.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\platform\preset.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\platform\unit.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\slices.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\strbundle.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\update.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\vendorCookie.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\widgetlib.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\ui\behaviour.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\ui\behaviour\action.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\ui\behaviour\attribute.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\ui\behaviour\button.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\ui\behaviour\checkbox.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\ui\behaviour\checked.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\ui\behaviour\computed.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\ui\behaviour\enabled.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\ui\behaviour\extra-text.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\ui\behaviour\grid.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\ui\behaviour\image.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\ui\behaviour\menu.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\ui\behaviour\style.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\ui\behaviour\text.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\ui\behaviour\tooltip.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\ui\behaviour\url.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\ui\behaviour\widget.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\ui\behaviour\xml.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\ui\elements.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\ui\event-listener.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\xbbase.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\xbcalcnodes.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\xbfuncs.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\xbparser.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\xbtypes.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\xbui.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\xb\xbwidget.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\cbapp\parts\ycookie.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\chrome.manifest
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\chrome\yasearch.jar
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\components\core.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\components\nsIYaSearch.xpt
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\components\nsSearchSuggestions.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\components\nsYaSearch.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\components\xbProtocol.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\config.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\defaults\dynamic-preferences\brand\ua\safebrowsing.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\defaults\dynamic-preferences\locale\tr\safebrowsing.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\defaults\dynamic-preferences\safebrowsing.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\defaults\preferences\yasearch.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\defaults\presets\http%3A%2F%2Fbar.yandex.ru%2Fpresets%2Fdefault-partner.xml
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\defaults\presets\http%3A%2F%2Fbar.yandex.ru%2Fpresets%2Fdefault.xml
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\defaults\presets\http%3A%2F%2Fbar.yandex.ru%2Fpresets%2Fua.xml
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\defaults\vendor\vendor.xml
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\install.rdf
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\AddonManager.jsm
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\DataURI.jsm
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\Foundation.jsm
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\async.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\database.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\dlqueue.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\ecustom.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\fileutils.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\legacy.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\misc.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\netutils.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\patterns.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\promise.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\strutils.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\sysutils.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\task.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\foundation\xmlutils.js
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\Log4Moz.jsm
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\Preferences.jsm
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\SimpleHTMLParser.jsm
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\SimpleProtocol.jsm
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\Stemmer.jsm
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\wc.jsm
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\WindowListener.jsm
c:\users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\[email protected]\modules\WinReg.jsm
D:\autorun.inf
F:\autorun.inf
F:\gajk.exe
X:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2014-02-03 to 2014-03-03 )))))))))))))))))))))))))))))))
.
.
2014-03-03 21:19 . 2014-03-03 21:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-03 20:53 . 2014-03-03 20:53 -------- d-----w- c:\programdata\GridinSoft
2014-03-03 20:53 . 2014-03-03 20:59 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2014-03-03 20:42 . 2014-03-03 20:43 -------- d-----w- c:\program files\Antirun
2014-03-03 20:26 . 2014-03-03 20:26 -------- d-----w- c:\program files\Shield
2014-03-03 20:10 . 2014-03-03 20:10 -------- d-----w- c:\programdata\Panda Security
2014-03-03 20:10 . 2014-03-03 20:10 -------- d-----w- c:\program files\Panda USB Vaccine
2014-03-02 18:49 . 2011-11-28 12:51 32896 ----a-w- c:\windows\system32\drivers\anvsnddrv.sys
2014-03-02 18:49 . 2014-03-02 18:49 -------- d-----w- c:\program files\AnvSoft
2014-03-02 18:45 . 2014-03-02 18:45 -------- d-----w- c:\programdata\IDM
2014-03-02 18:45 . 2014-03-02 18:45 -------- d-----w- c:\program files\Internet Download Manager
2014-03-02 18:45 . 2014-03-02 18:45 -------- d-----w- c:\programdata\Yandex
2014-03-02 09:46 . 2014-03-02 09:46 -------- d-----w- c:\program files\SecurityXploded
2014-03-02 09:24 . 2014-03-02 09:42 -------- d-----w- c:\program files\Metin2 - Kopya
2014-02-28 19:11 . 2014-02-28 19:12 -------- d-----w- c:\users\Public\Metin2
2014-02-28 12:15 . 2014-03-02 09:45 -------- d-----w- c:\program files\Process Hacker 2
2014-02-28 11:39 . 2014-03-03 20:47 -------- d-----w- c:\program files\Metin2
2014-02-28 11:16 . 2014-02-28 11:53 -------- d-----w- c:\program files\GameforgeLive
2014-02-27 22:09 . 2014-02-27 22:09 -------- d-----w- c:\windows\LastGood
2014-02-27 21:55 . 2014-02-27 22:38 -------- d-----w- c:\program files\Common Files\Nokia
2014-02-27 21:34 . 2006-08-29 14:56 32377 ----a-w- c:\windows\system32\drivers\prodigy.sys
2014-02-27 21:34 . 2014-02-27 21:34 -------- d-----w- c:\program files\NSS
2014-02-27 21:28 . 2005-08-03 14:05 35892 ----a-w- c:\windows\system32\SER9PL.sys
2014-02-27 21:28 . 2005-08-03 14:04 26719 ----a-w- c:\windows\system32\SERSPL.VXD
2014-02-27 21:26 . 2014-02-27 21:31 -------- d-----w- c:\programdata\WPM
2014-02-27 21:11 . 2014-02-27 21:11 -------- d-----w- c:\windows\Profiles
2014-02-27 20:16 . 2014-03-01 07:42 -------- d-----w- c:\programdata\PC Suite
2014-02-27 20:16 . 2014-02-27 22:38 -------- d-----w- c:\programdata\Nokia
2014-02-27 20:16 . 2014-02-27 20:16 -------- dc----w- c:\windows\system32\DRVSTORE
2014-02-27 20:16 . 2014-02-27 20:16 -------- d-----w- c:\program files\DIFX
2014-02-27 20:16 . 2012-10-17 12:53 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2014-02-27 20:16 . 2014-02-27 20:16 -------- d-----w- c:\program files\PC Connectivity Solution
2014-02-27 20:12 . 2014-02-27 22:38 -------- d-----w- c:\program files\Nokia
2014-02-24 16:31 . 2008-07-31 08:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2014-02-24 16:31 . 2008-07-31 08:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2014-02-24 16:31 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2014-02-24 16:31 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2014-02-24 16:31 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2014-02-24 16:31 . 2014-02-24 16:31 -------- d-----w- c:\windows\system32\AI_RecycleBin
2014-02-24 16:31 . 2014-02-24 16:31 -------- dc----w- C:\Riot Games
2014-02-24 16:30 . 2014-02-24 16:30 -------- d-----w- c:\programdata\PMB Files
2014-02-24 16:30 . 2014-02-24 16:30 -------- d-----w- c:\program files\Pando Networks
2014-02-24 14:20 . 2014-02-24 14:20 -------- d-----w- c:\programdata\TTNetIlkYardim
2014-02-15 06:26 . 2014-02-15 06:26 -------- d-----w- c:\program files\ASIO4ALL v2
2014-02-15 06:25 . 2014-02-15 06:25 -------- d-----w- c:\program files\VstPlugins
2014-02-15 06:25 . 2013-03-12 10:47 1431552 ----a-w- c:\windows\system32\rewire.dll
2014-02-15 06:25 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
2014-02-15 06:25 . 2014-02-15 06:25 -------- d-----w- c:\program files\DSPRobotics
2014-02-15 06:20 . 2014-02-15 06:25 -------- d-----w- c:\program files\Image-Line
2014-02-13 08:43 . 2010-04-14 12:28 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2014-02-13 08:43 . 2010-03-02 12:57 105856 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2014-02-13 08:43 . 2010-03-02 12:57 105856 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2014-02-13 08:43 . 2010-03-02 12:57 105856 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2014-02-13 08:43 . 2014-02-13 08:43 -------- d-----w- c:\windows\massfilter
2014-02-13 08:43 . 2014-02-13 08:43 -------- d-----w- c:\program files\Turkcell
2014-02-13 08:40 . 2013-11-02 20:14 210 ----a-w- c:\programdata\gizliaktifolsun.bat
2014-02-11 20:00 . 2014-02-11 20:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-02-11 11:59 . 2014-02-11 11:59 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys
2014-02-10 14:27 . 2014-02-10 14:27 -------- d-----w- c:\windows\PIF
2014-02-08 13:05 . 2014-02-08 14:05 -------- d-----w- c:\program files\KONAMI
2014-02-08 13:05 . 2014-02-08 13:05 -------- d-----w- c:\programdata\KONAMI
2014-02-08 12:39 . 2014-02-08 12:39 -------- d-----w- c:\users\Murat\.android
2014-02-08 12:38 . 2014-02-08 12:40 -------- d-----w- c:\program files\Mobogenie
2014-02-08 12:06 . 2014-02-09 16:31 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2014-02-08 12:03 . 2014-02-08 12:03 -------- d-----w- c:\program files\Reference Assemblies
2014-02-08 12:03 . 2014-02-08 12:03 -------- d-----w- c:\program files\MSBuild
2014-02-08 12:02 . 2014-02-08 12:02 -------- d-----w- c:\windows\system32\XPSViewer
2014-02-08 12:01 . 2012-07-06 02:02 778856 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2014-02-08 12:01 . 2012-07-06 02:02 35400 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-02-08 12:01 . 2012-07-06 02:02 102528 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-02-08 11:44 . 2014-02-08 11:44 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2014-02-08 11:44 . 2014-02-12 18:14 -------- d-----w- c:\program files\Common Files\Adobe
2014-02-08 10:57 . 2014-02-08 10:57 -------- d-----w- c:\program files\Adobe Download Assistant
2014-02-08 10:57 . 2014-02-08 10:57 -------- d-----w- c:\program files\Common Files\Adobe AIR
2014-02-08 10:47 . 2014-02-08 10:48 -------- d-----w- c:\program files\Google
2014-02-06 12:56 . 2014-02-06 12:56 -------- d-----w- c:\programdata\Age of Empires 3
2014-02-06 12:29 . 2014-02-19 15:39 -------- d-----w- c:\programdata\Kaspersky Lab
2014-02-06 12:29 . 2014-02-06 12:29 -------- d-----w- c:\program files\Kaspersky Lab
2014-02-06 12:29 . 2012-08-13 16:24 75096 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-02-05 16:23 . 2012-10-18 14:57 94720 ----a-w- c:\windows\system32\SLCHook.dll
2014-02-05 16:12 . 2014-02-27 20:17 -------- d-----w- c:\program files\InstallShield Installation Information
2014-02-05 15:47 . 2014-02-05 15:47 -------- d-----w- c:\program files\Common Files\InstallShield
2014-02-05 15:27 . 2014-02-05 15:27 -------- d-----w- c:\programdata\ATI
2014-02-05 15:26 . 2014-02-05 15:26 -------- d-----w- c:\programdata\AMD
2014-02-05 15:26 . 2014-02-05 15:26 -------- d-----w- c:\program files\AMD AVT
2014-02-05 15:26 . 2014-02-05 15:26 -------- d-----w- c:\program files\AMD APP
2014-02-05 15:26 . 2014-02-05 15:26 -------- d-----w- c:\program files\Common Files\ATI Technologies
2014-02-05 15:24 . 2014-02-05 15:26 -------- d-----w- c:\program files\ATI Technologies
2014-02-05 15:24 . 2014-02-05 15:24 -------- d-----w- c:\program files\ATI
2014-02-05 15:22 . 2014-02-05 15:22 -------- d-----w- c:\program files\Cheat Engine 6.1
2014-02-05 15:19 . 2014-02-05 15:19 -------- d-----w- c:\programdata\Package Cache
2014-02-05 15:18 . 2014-02-05 15:18 -------- d-----w- c:\program files\Win8codecs
2014-02-05 15:17 . 2014-02-05 15:17 -------- d-----w- c:\program files\Notepad++
2014-02-05 15:16 . 2014-02-05 15:19 -------- d-----w- c:\programdata\win8codecs
2014-02-05 15:13 . 2013-02-27 13:37 53248 ----a-w- c:\windows\system32\CSVer.dll
2014-02-05 15:13 . 2014-02-05 15:13 -------- d-----w- c:\program files\Intel
2014-02-05 14:52 . 2014-02-05 14:52 -------- d-sh--we c:\programdata\Belgeler
2014-02-05 14:52 . 2014-02-05 14:52 -------- d-sh--we c:\users\Default\Belgelerim
2014-02-05 14:45 . 2014-02-05 14:45 0 ----a-w- c:\windows\ativpsrm.bin
2014-02-05 14:37 . 2014-02-05 15:01 -------- d-----w- c:\windows\Panther
2014-02-05 14:29 . 2014-02-05 15:09 -------- d-----w- C:\Windows.old
2014-02-04 16:49 . 2014-02-05 14:37 -------- d-----w- C:\Boot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-02 07:50 . 2012-07-26 06:53 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-02-12 15:10 . 2006-01-24 21:07 61440 ----a-w- c:\windows\VM303_STI.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\MURAT\AppData\Roaming\uTorrent\uTorrent.exe" [2014-02-12 1519696]
"NextLive"="c:\users\MURAT\AppData\Roaming\newnext.me\nengine.dll" [2013-11-14 1283584]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2013-10-02 1090912]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-03-02 3739216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"BigDog303"="c:\windows\VM303_STI.EXE" [2014-02-12 61440]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-03 472984]
"Antirun"="c:\program files\Antirun\antirun.exe" [2013-11-17 2328576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R0 klelam;klelam;c:\windows\system32\DRIVERS\klelam.sys [2012-07-27 24496]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 24408]
R1 klwfp;klwfp;c:\windows\system32\DRIVERS\klwfp.sys [2012-08-03 41816]
R1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 144344]
R2 AdobeActiveFileMonitor12.0;Adobe Active File Monitor V12;c:\program files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [2014-02-10 181152]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 217088]
R2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-06-27 104928]
R2 Update GrabRez;Update GrabRez;c:\program files\GrabRez\updateGrabRez.exe [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 32896]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-05-25 25432]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-07-25 25944]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-04-14 9216]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2013-01-23 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2013-01-23 8576]
R3 RTL8168;Realtek 8168 NT Sürücüsü;c:\windows\system32\DRIVERS\Rt630x86.sys [2012-07-25 495104]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [2014-02-11 16128]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S3 huawei_enumerator;huawei_enumerator;c:\windows\System32\drivers\ew_jubusenum.sys [2011-01-30 73216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-27 19:59 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-08 10:47]
.
2014-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-08 10:47]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Bütün linkleri IDM ile indir - c:\program files\Internet Download Manager\IEGetAll.htm
IE: IDM ile indir - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2754F7D3-B5CF-4423-A3AF-51A9646DC6D5}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{9B6995C3-1E44-4380-96FE-BDA06B2711F3}: NameServer = 188.59.248.109 188.59.246.12
TCP: Interfaces\{AE4DB47B-5088-4E11-9756-4CE7A38F5AD0}: NameServer = 188.59.248.109 188.59.246.12
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
AddRemove-Metin2_is1 - c:\program files\GameforgeLive\Games\TUR_tur\Metin2\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-03-03 23:20:43
ComboFix-quarantined-files.txt 2014-03-03 21:20
ComboFix2.txt 2014-02-03 08:49
ComboFix3.txt 2013-10-06 09:52
ComboFix4.txt 2013-10-04 17:16
.
Pre-Run: 56.706.260.992 bytes free
Post-Run: 56.797.057.024 bytes free
.
- - End Of File - - 6608052FCD0039FF1927A683AAD014E6
A36C5E4F47E84449FF07ED3517B43A31
Gönderildi : 05/03/2014 21:55
Aşağıdaki kodları temizle.vbs yaparak dener misin?
{\rtf1\ansi\ansicpg1254\deff0\deflang1055{\fonttbl{\f0\fswiss\fcharset162{\*\fname Arial;}Arial TUR;}}
{\*\generator Msftedit 5.41.21.2500;}\viewkind4\uc1\pard\f0\fs20 on Error Resume Next\par
\par
Dim objShell, objFileSystem, objTextStream, objRegex\par
Dim colRegexMatches1, colRegexMatches2\par
Dim nReturnCode\par
Dim strIpFileText\par
Dim element, i\par
\par
Dim Lista\par
Lista=array("n1de?ect.com","nide?ect.com","nlde?ect.com","j*.bat","m*.com","d*.com","copy.exe","host.exe",_\par
"a0*.com","ntdeiect.com","ntdelect.com", "u?de*.com","ntde1ect.com", "x*.com", "tio*.*",_\par
"80*.com","semo*.exe")\par
\par
\par
Set geekside=WScript.CreateObject("WScript.Shell")\par
Set objShell = WScript.CreateObject("WScript.Shell")\par
Set objFileSystem = CreateObject("Scripting.FileSystemObject")\par
\par
Set objFSO = CreateObject("Scripting.FileSystemObject")\par
Set colDrives = objFSO.Drives\par
\par
\par
Wscript.Echo "Bu yaz\'fdl\'fdm amvo, avpo, n1detect ckvo kavo t\'fcr\'fcndeki zararl\'fd yaz\'fdl\'fdmlar\'fd temizlemek i\'e7in yaz\'fdlm\'fd\'fet\'fdr."\par
Wscript.Echo "Arama ve temizleme i\'felemi birka\'e7 dakika s\'fcrecektir."\par
\par
\par
i=0\par
For Each objDrive in colDrives\par
If objDrive.IsReady = True Then\par
nret=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\\autorun.inf",0,TRUE)\par
Set objTextStream = objFileSystem.OpenTextFile(objDrive.DriveLetter&":\\autorun.inf",1)\par
strIpFileText = objTextStream.ReadAll\par
objTextStream.Close\par
End If\par
Next\par
\par
\par
Set objRegex = new RegExp\par
\par
objRegex.Pattern = "=\\w+(.com|.bat|.exe|.pif|.scr|.svd|.dat|.tmp)"\par
objRegex.Global = True\par
objRegex.IgnoreCase = True\par
Set colRegexMatches1 = objRegex.Execute(strIpFileText)\par
\par
\par
\par
i=0\par
For Each element In colRegexMatches1\par
element = Replace(element,"=","")\par
WScript.Echo "Temizlenecek vir\'fcs dosyas\'fdn\'fdn ad\'fd:" & element\par
For Each objDrive in colDrives\par
If objDrive.IsReady = True Then\par
Wscript.Echo "Temizlenen s\'fcr\'fcc\'fc: " & objDrive.DriveLetter\par
\par
nret=geekside.Run("cmd /C taskkill /f /im amvo.exe",0,TRUE)\par
nret=geekside.Run("cmd /C taskkill /f /im avpo.exe",0,TRUE)\par
nret=geekside.Run("cmd /C taskkill /f /im ckvo0.exe",0,TRUE)\par
nret=geekside.Run("cmd /C taskkill /f /im ckvo.exe",0,TRUE)\par
nret=geekside.Run("cmd /C taskkill /f /im kavo.exe",0,TRUE)\par
\par
nret=geekside.Run("cmd /C taskkill /f /im semo2x.exe.tmp",0,TRUE)\par
nret=geekside.Run("cmd /C taskkill /f /im semo2x.exe",0,TRUE)\par
nret=geekside.Run("cmd /C taskkill /f /im help.exe.tmp",0,TRUE)\par
\par
nret=geekside.Run("cmd /C attrib -s -h -r " &objDrive.DriveLetter&":\\" & element &"",0,TRUE)\par
nret=geekside.Run("cmd /C cd \\ & del "&objDrive.DriveLetter&":\\" & element & "/f /q /a",0,TRUE)\par
nret=geekside.Run("cmd /C cd \\ & del "&objDrive.DriveLetter&":\\autorun.inf",0,TRUE)\par
\par
End If\par
Next\par
i = i + 1\par
Next\par
\par
\par
Set objRegex= Nothing\par
Set objTextStream = Nothing\par
Set objFileSystem = Nothing\par
Set objShell = Nothing\par
\par
nret15=geekside.Run("cmd /C attrib -s -h -r c:\\windows\\system32\\amvo*.*",0,TRUE)\par
nret16=geekside.Run("cmd /C attrib -s -h -r c:\\windows\\system32\\avpo*.*",0,TRUE)\par
nret17=geekside.Run("cmd /C attrib -s -h -r c:\\windows\\system32\\ckv*.*",0,TRUE)\par
nret18=geekside.Run("cmd /C attrib -s -h -r c:\\windows\\system32\\kav*.*",0,TRUE)\par
nret20=geekside.Run("cmd /C attrib -s -h -r c:\\windows\\system32\\help.exe.tmp",0,TRUE)\par
\par
\par
nret56=geekside.Run("cmd /C attrib -s -h -r c:\\windows\\system32\\semo*.*",0,TRUE)\par
nret60=geekside.Run("cmd /C attrib -s -h -r c:\\windows\\system32\\semo*.*.*",0,TRUE)\par
\par
\par
nret23=geekside.Run("cmd /C del /f c:\\windows\\system32\\amvo*.*",0,TRUE)\par
nret24=geekside.Run("cmd /C del /f c:\\windows\\system32\\avpo*.*",0,TRUE)\par
\par
nret25=geekside.Run("cmd /C del /f c:\\windows\\system32\\ckv*.*",0,TRUE)\par
nret26=geekside.Run("cmd /C del /f c:\\windows\\system32\\kav*.*",0,TRUE)\par
nret27=geekside.Run("cmd /C del /f c:\\windows\\system32\\help.exe.tmp",0,TRUE)\par
\par
\par
nret57=geekside.Run("cmd /C del /f c:\\windows\\system32\\semo*.*.*",0,TRUE)\par
nret59=geekside.Run("cmd /C del /f c:\\windows\\system32\\semo*.*",0,TRUE)\par
\par
\par
WScript.Echo "Gizli dosyalar\'fd g\'f6stermek i\'e7in registry ayarlan\'fdyor."\par
\par
nret31=geekside.Run("cmd /C reg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ /v amva /f",0,TRUE)\par
nret32=geekside.Run("cmd /C reg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ /v avpo /f",0,TRUE)\par
\par
nret68=geekside.Run("cmd /C reg delete HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ /v avpa /f",0,TRUE)\par
\par
\par
nret33=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ /v Hidden /t REG_DWORD /d 1 /f",0,TRUE)\par
nret43=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ /v SuperHidden /t REG_DWORD /d 1 /f",0,TRUE)\par
nret44=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ /v ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE)\par
\par
\par
nret45=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ /v Hidden /t REG_DWORD /d 1 /f",0,TRUE)\par
nret46=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ /v SuperHidden /t REG_DWORD /d 1 /f",0,TRUE)\par
nret47=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ /v ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE)\par
\par
\par
nret34=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Folder\\Hidden\\NOHIDDEN\\ /v CheckedValue /t REG_DWORD /d 2 /f",0,TRUE)\par
nret35=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Folder\\Hidden\\NOHIDDEN\\ /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE)\par
\par
\par
nret36=geekside.Run("cmd /C reg delete HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Folder\\Hidden\\SHOWALL\\ /v CheckedValue /f",0,TRUE)\par
nret37=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Folder\\Hidden\\SHOWALL\\ /v CheckedValue /t REG_DWORD /d 1 /f",0,TRUE)\par
nret38=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Folder\\Hidden\\SHOWALL\\ /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE)\par
\par
\par
nret39=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Folder\\SuperHidden\\ /v CheckedValue /t REG_DWORD /d 0 /f",0,TRUE)\par
nret40=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Folder\\SuperHidden\\ /v DefaultValue /t REG_DWORD /d 0 /f",0,TRUE)\par
\par
nret48=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Folder\\Hidden\\ /v Type /t REG_SZ /d Group /f",0,TRUE)\par
\par
\par
nret49=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f",0,TRUE)\par
nret50=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer\\ /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f",0,TRUE)\par
\par
\par
nret61=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ /v NoFolderOptions /t REG_DWORD /d 0 /f",0,TRUE)\par
nret62=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ /v NoFolderOptions /t REG_DWORD /d 0 /f",0,TRUE)\par
nret63=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\ /v DisableRegistryTools /t REG_DWORD /d 0 /f",0,TRUE)\par
\par
\par
nret78=geekside.Run("cmd /C taskkill /f /im explorer.exe",0,TRUE)\par
nret79=geekside.Run("cmd /C start explorer.exe",0,TRUE)\par
\par
\par
nret15=geekside.Run("cmd /C attrib -s -h -r c:\\windows\\system32\\amvo*.*",0,TRUE)\par
nret16=geekside.Run("cmd /C attrib -s -h -r c:\\windows\\system32\\avpo*.*",0,TRUE)\par
nret17=geekside.Run("cmd /C attrib -s -h -r c:\\windows\\system32\\ckv*.*",0,TRUE)\par
nret18=geekside.Run("cmd /C attrib -s -h -r c:\\windows\\system32\\kav*.*",0,TRUE)\par
nret20=geekside.Run("cmd /C attrib -s -h -r c:\\windows\\system32\\help.exe.tmp",0,TRUE)\par
\par
\par
\par
nret56=geekside.Run("cmd /C attrib -s -h -r c:\\windows\\system32\\semo*.*.*",0,TRUE)\par
nret60=geekside.Run("cmd /C attrib -s -h -r c:\\windows\\system32\\semo*.*",0,TRUE)\par
\par
\par
nret23=geekside.Run("cmd /C del /f c:\\windows\\system32\\amvo*.*",0,TRUE)\par
nret24=geekside.Run("cmd /C del /f c:\\windows\\system32\\avpo*.*",0,TRUE)\par
\par
nret25=geekside.Run("cmd /C del /f c:\\windows\\system32\\ckv*.*",0,TRUE)\par
nret26=geekside.Run("cmd /C del /f c:\\windows\\system32\\kav*.*",0,TRUE)\par
nret27=geekside.Run("cmd /C del /f c:\\windows\\system32\\help.exe.tmp",0,TRUE)\par
\par
\par
nret57=geekside.Run("cmd /C del /f c:\\windows\\system32\\semo*.*.*",0,TRUE)\par
nret59=geekside.Run("cmd /C del /f c:\\windows\\system32\\semo*.*",0,TRUE)\par
\par
\par
For Each objDrive in colDrives\par
If objDrive.IsReady = True Then\par
For X=0 to UBound(Lista)\par
nret=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\\"&Lista(X)&"",0,TRUE)\par
nret=geekside.Run("cmd /C cd \\ & del "&objDrive.DriveLetter&":\\" &Lista(X)& "/f /q /a",0,TRUE)\par
Next\par
End If\par
Next\par
\par
WScript.Echo "Tebrikler! Bilgisayar\'fdn\'fdz amvo-ckvo-kavo vir\'fcs ve t\'fcrevlerinden temizlendi."\par
\par
\par
WScript. Quit(0)\par
\par
\par
}
Gönderildi : 06/03/2014 11:06
Konu başlatıcı
[url= http://i.hizliresim.com/xYLMqA.pn g" target="_blank">http://i.hizliresim.com/xYLMqA.pn g"/> [/img][/url]
Gönderildi : 07/03/2014 03:15
Aşağıdakileri temizle.bat yaparak dener misiniz?
{\rtf1\ansi\ansicpg1254\deff0\deflang1055{\fonttbl{\f0\fswiss\fcharset162{\*\fname Arial;}Arial TUR;}}
{\*\generator Msftedit 5.41.21.2500;}\viewkind4\uc1\pard\f0\fs20 copy kill.* C:\\ /y\par
c:\par
cd \\\par
echo L\'fctfen gelen mesajlarda TAMAM a basarak devam ediniz....\par
pause\par
kill\par
attrib -r -h -s autoru*.*\par
del autoru*.*\par
cd %temp%\par
del *.* /f /q\par
cd \\windows\\temp\par
del *.* /f /q\par
cd \\windows\\apppatch\par
del acllayer.dll /f\par
del AcXtrnel.bpl /f\par
del DesktopWin.dll /f\par
cd \\windows\par
del update.dll /f\par
del p_981116.exe /f\par
cd \\windows\\system32\par
attrib -r -h -s ckv*.*\par
del ckv*.*\par
attrib -r -h -s kav*.*\par
del kav*.*\par
attrib -r -h -s amv*.*\par
del amv*.*\par
cd\\\par
attrib -r -h -s 1*.*\par
del 1*.*\par
attrib -r -h -s 6*.*\par
del 6*.*\par
attrib -r -h -s 8*.*\par
del 8*.*\par
\par
attrib -r -h -s d*.com\par
del d*.com\par
attrib -r -h -s d*.exe\par
del d*.exe\par
attrib -r -h -s d*.bat\par
del d*.bat\par
attrib -r -h -s d*.cmd\par
del d*.cmd\par
\par
attrib -r -h -s e*.com\par
del e*.com\par
attrib -r -h -s e*.exe\par
del e*.exe\par
attrib -r -h -s e*.bat\par
del e*.bat\par
attrib -r -h -s e*.cmd\par
del e*.cmd\par
\par
attrib -r -h -s f*.com\par
del f*.com\par
attrib -r -h -s f*.exe\par
del f*.exe\par
attrib -r -h -s f*.bat\par
del f*.bat\par
attrib -r -h -s f*.cmd\par
del f*.cmd\par
\par
attrib -r -h -s g*.com\par
del g*.com\par
attrib -r -h -s i*.bat\par
del i*.bat\par
attrib -r -h -s i*.com\par
del i*.com\par
attrib -r -h -s i*.exe\par
del i*.exe\par
attrib -r -h -s i*.cmd\par
del i*.cmd\par
\par
attrib -r -h -s k*.com\par
del k*.com\par
attrib -r -h -s k*.exe\par
del k*.exe\par
attrib -r -h -s k*.bat\par
del k*.bat\par
attrib -r -h -s k*.cmd\par
del k*.cmd\par
\par
attrib -r -h -s nj*.com\par
del nj*.com\par
attrib -r -h -s s*.cmd\par
del s*.cmd\par
\par
d:\par
cd\\\par
attrib -r -h -s 1*.*\par
del 1*.*\par
attrib -r -h -s 6*.*\par
del 6*.*\par
attrib -r -h -s 8*.*\par
del 8*.*\par
\par
attrib -r -h -s d*.com\par
del d*.com\par
attrib -r -h -s d*.exe\par
del d*.exe\par
attrib -r -h -s d*.bat\par
del d*.bat\par
attrib -r -h -s d*.cmd\par
del d*.cmd\par
\par
attrib -r -h -s e*.com\par
del e*.com\par
attrib -r -h -s e*.exe\par
del e*.exe\par
attrib -r -h -s e*.bat\par
del e*.bat\par
attrib -r -h -s e*.cmd\par
del e*.cmd\par
\par
attrib -r -h -s f*.com\par
del f*.com\par
attrib -r -h -s f*.exe\par
del f*.exe\par
attrib -r -h -s f*.bat\par
del f*.bat\par
attrib -r -h -s f*.cmd\par
del f*.cmd\par
\par
attrib -r -h -s g*.com\par
del g*.com\par
attrib -r -h -s i*.bat\par
del i*.bat\par
attrib -r -h -s i*.com\par
del i*.com\par
attrib -r -h -s i*.exe\par
del i*.exe\par
attrib -r -h -s i*.cmd\par
del i*.cmd\par
\par
attrib -r -h -s k*.com\par
del k*.com\par
attrib -r -h -s k*.exe\par
del k*.exe\par
attrib -r -h -s k*.bat\par
del k*.bat\par
attrib -r -h -s k*.cmd\par
del k*.cmd\par
\par
attrib -r -h -s nj*.com\par
del nj*.com\par
attrib -r -h -s s*.cmd\par
del s*.cmd\par
\par
\par
e:\par
cd\\\par
attrib -r -h -s 1*.*\par
del 1*.*\par
attrib -r -h -s 6*.*\par
del 6*.*\par
attrib -r -h -s 8*.*\par
del 8*.*\par
\par
attrib -r -h -s d*.com\par
del d*.com\par
attrib -r -h -s d*.exe\par
del d*.exe\par
attrib -r -h -s d*.bat\par
del d*.bat\par
attrib -r -h -s d*.cmd\par
del d*.cmd\par
\par
attrib -r -h -s e*.com\par
del e*.com\par
attrib -r -h -s e*.exe\par
del e*.exe\par
attrib -r -h -s e*.bat\par
del e*.bat\par
attrib -r -h -s e*.cmd\par
del e*.cmd\par
\par
attrib -r -h -s f*.com\par
del f*.com\par
attrib -r -h -s f*.exe\par
del f*.exe\par
attrib -r -h -s f*.bat\par
del f*.bat\par
attrib -r -h -s f*.cmd\par
del f*.cmd\par
\par
attrib -r -h -s g*.com\par
del g*.com\par
attrib -r -h -s i*.bat\par
del i*.bat\par
attrib -r -h -s i*.com\par
del i*.com\par
attrib -r -h -s i*.exe\par
del i*.exe\par
attrib -r -h -s i*.cmd\par
del i*.cmd\par
\par
attrib -r -h -s k*.com\par
del k*.com\par
attrib -r -h -s k*.exe\par
del k*.exe\par
attrib -r -h -s k*.bat\par
del k*.bat\par
attrib -r -h -s k*.cmd\par
del k*.cmd\par
\par
attrib -r -h -s nj*.com\par
del nj*.com\par
attrib -r -h -s s*.cmd\par
del s*.cmd\par
\par
\par
\par
\par
echo Temizleme tamamlanm\'fd\'fet\'fdr l\'fctfen bir tu\'fea bas\'fdn\'fdz.....\par
PAUSE\par
}
Gönderildi : 07/03/2014 11:09
Ücretsiz sunulan şu programı denermisin ? pif dosyalarını rahatlıkla silebilirsin.
Genel Virüs Çözümleri 2
Gönderildi : 07/03/2014 12:15
Merhaba,
Sistemler güvenli mod ile çalışabiliyorsa hatta ağ destekli güvenli kip olarak başlatılırsa combofix ya da antivirüs programlarının tarama programları ile temizlik yaptıktan sonra sistemi tekrar çalıştırmayı deneyebilirsiniz.
Bir de ağ üzerindeki bir bilgisayar ise ağdan virüsün tekrar bulaşmasıda olası.
Kolay gelsin.
Gönderildi : 07/03/2014 13:35
Konu başlatıcı
Sayın DoganYildiz denedim ancak aynısı tekrar oluyor.
Gönderildi : 07/03/2014 19:25
Konu başlatıcı
Sayın serkany gerçekten harika program c,d,f,x disklerini aşıladım bir daha autorunun bulaşmayacağını düşünüyorum çok teşekkür ederim
Gönderildi : 07/03/2014 19:53
Sayın DoganYildiz denedim ancak aynısı tekrar oluyor.
Aynısı tekrar oluyorsa virüsü tam olarak temizleyemediğinizi düşünüyorum. Virüsün kaynağını bulmadığınız sürece açık olan sistemlere bulaşma gösterecek kanaatindeyim.
iyi çalışmalar.
Gönderildi : 07/03/2014 20:17
