Webmaster Araçları

Windowslive communications platform hatasına son günlerde sıkça rastlamaya başladım.Bu hata dan sonra msn cevrim dışı oluyor ve aşırı derecede kasmaya başlıyor.Bu sadece msnden kaynaklanan bir sorun değil bilgisayarınızda virüs var.Bu virüsü yok etmek için ;
Combofix adlı küçük programı yükleyin ve hiç bir probleminiz kalmasın
Kendi taramm sonunda çıkan log dosyasını veriyorum.
Programı konunun en altındaki linkten indirebilirsiniz.

ComboFix 09-04-01.01 - Engin 2009-04-02 19:26:48.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1254.1.1055.18.1023.630 [GMT 3:00]
Running from: c:\documents and settings\Engin\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\olhrwef.exe
D:\Autorun.inf

2009-03-27 23:06    ———    d–h–w    c:\program files\InstallShield Installation Information
2009-03-17 11:42    410,984    —-a-w    c:\windows\system32\deploytk.dll
2009-03-17 11:42    ———    d—–w    c:\program files\Java
2009-03-17 10:02    ———    d—–w    c:\program files\Windows Live SkyDrive
2009-03-17 10:02    ———    d—–w    c:\program files\Windows Live
2009-03-17 10:02    ———    d—–w    c:\program files\Microsoft
2009-03-17 10:00    ———    d—–w    c:\program files\Common Files\Windows Live
2009-03-17 09:59    ———    d—–w    c:\program files\Apoint2K
2009-03-17 09:57    ———    d—–w    c:\program files\Realtek
2009-03-17 09:56    ———    d—–w    c:\program files\Intel
2009-03-17 09:54    ———    d—–w    c:\program files\Toshiba
2009-03-17 09:53    ———    d—–w    c:\program files\Asus
2009-03-17 09:52    ———    d—–w    c:\program files\DIFX
2009-03-17 09:51    ———    d—–w    c:\program files\Common Files\InstallShield
2009-03-17 09:34    ———    d—–w    c:\program files\microsoft frontpage
2009-02-06 15:52    49,504    —-a-w    c:\windows\system32\sirenacm.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=”c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
“msnmsgr”=”c:\program files\Windows Live\Messenger\msnmsgr.exe” [2009-02-06 3885408]
“MSMSGS”=”c:\program files\Messenger\msmsgs.exe” [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=”c:\windows\system32\NvCpl.dll” [2006-09-06 7585792]
“NvMediaCenter”=”c:\windows\system32\NvMcTray.dll” [2006-09-06 86016]
“SMSERIAL”=”c:\windows\sm56hlpr.exe” [2006-03-30 544768]
“Apoint”=”c:\program files\Apoint2K\Apoint.exe” [2006-02-21 176128]
“SunJavaUpdateSched”=”c:\program files\Java\jre6\bin\jusched.exe” [2009-03-17 148888]
“NeroFilterCheck”=”c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]
“egui”=”c:\program files\ESET\ESET NOD32 Antivirus\egui.exe” [2008-10-24 1451264]
“QuickTime Task”=”c:\program files\QuickTime\QTTask.exe” [2008-05-27 413696]
“GrooveMonitor”=”c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 31016]
“nwiz”=”nwiz.exe” [2006-09-06 c:\windows\system32\nwiz.exe]
“RTHDCPL”=”RTHDCPL.EXE” [2006-06-13 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=”c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]

c:\documents and settings\Engin\Start Menu\Programlar\BaŸlang‡\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-05-24 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
“UpdatesDisableNotify”=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtPCS.exe”=
“c:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“c:\\Program Files\\iTunes\\iTunes.exe”=
“c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe”=
“c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE”=
“c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE”=
“c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe”=
“c:\\Program Files\\Messenger\\msmsgs.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-10-24 34824]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-10-24 468224]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [2009-03-17 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2009-03-17 7808]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e9d4ac3-12e5-11de-ac52-806d6172696f}]
\Shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6df7c60f-158e-11de-ac57-0018f3b934f6}]
\Shell\AutoRun\command - F:\q0dhfjf.exe
\Shell\open\Command - F:\q0dhfjf.exe
.
Contents of the ‘Scheduled Tasks’ folder

2009-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe
HKLM-Run-NWEReboot - (no file)

.
——- Supplementary Scan ——-
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {2ECD2B9C-7F50-46DD-AE7D-805A98E45A4C} = 4.2.2.4
FF - ProfilePath - c:\documents and settings\Engin\Application Data\Mozilla\Firefox\Profiles\2rk2hhy6.default\
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 19:30:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.
——————— LOCKED REGISTRY KEYS ———————

[HKEY_USERS\S-1-5-21-1454471165-1757981266-1801674531-1003\Software\Microsoft\MessengerService\GroupStateCacheU\i*_
]
“Name”=hex:69,00,5f,01,00,00
“Collapsed”=hex:00,00,00,00
.
———————— Other Running Processes ————————
.
c:\windows\system32\rundll32.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Apoint2K\hidfind.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2009-04-02 19:32:21 - machine was rebooted
ComboFix-quarantined-files.txt  2009-04-02 16:32:18

Pre-Run: 33.074.143.232 bayt boş
Post-Run: 33,129,635,840 bayt boş

199
PROGRAMI İNDİR