Virustemizligi

03 Ocak 2010

Malware Defense

Gönderen admin zaman: 00:12

Bu program bir rogue (sahte) yazılımdır.
Nedir Rogue (Sahte) Yazılım ?
Sahte güvenlik programı olarak adlandırdığımız bu programlar kötü niyetli programlardır.
Olmayan zararlıları var gibi göstermek,
sürekli system alert ,
your computer infected vs. uyarıları vermek ,
reklam pencereleri veya site yönlendirmeleri yaparak
sizi kendi sitesine veya bazı porno ve crack sitelerine
yönlendirmek ,sizi dolandırmayı amaçlamak vs. bu tip programların genel özellikleridir.

Hijackthis Raporunda Görünen Girdileri :

O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan

Etiketler :

Temizlik

http://www.malwarebytes.org/mbam/program/mbam-setup.exe
veya
http://rapidshare.com/files/278308278/mbam-setup1.41.zip

İlk olarak yukarıdan Malwarebytes'Anti Malware'i indirin.(4 mb)
Programı kurun.

Update bölümünden güncelleyin.

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

Remove selected deyip ; biraz bekliyorsunuz.

Bilgisayarınızı yeniden başlatın.
Restart sonunda Bulduğu nesneler karantinaya geldi..
Buradakileri de delete all diyerek silebilirsiniz..
Eğer varsa Başlat > Programlar menüsünde kalan artıkları ( tıklanınca hatalı kısayol uyarısı veren kısayol ve klasörü el ile silin)

Malwarebytes' Anti-Malware ile temizleyebileceğiniz Malware Defense girdileri

Kayıt Defteri Girdileri
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Malware Defense"

Klasör ve Dosyalar:
c:\Program Files\Malware Defense
c:\Program Files\Malware Defense\help.ico
c:\Program Files\Malware Defense\md.db
c:\Program Files\Malware Defense\mdefense.exe
c:\Program Files\Malware Defense\mdext.dll
c:\Program Files\Malware Defense\uninstall.exe
%UserProfile%\Desktop\Malware Defense Support.lnk
%UserProfile%\Desktop\Malware Defense.lnk
%UserProfile%\Start Menu\Programs\Malware Defense
%UserProfile%\Start Menu\Programs\Malware Defense\Malware Defense Support.lnk
%UserProfile%\Start Menu\Programs\Malware Defense\Malware Defense.lnk
%UserProfile%\Start Menu\Programs\Malware Defense\Uninstall Malware Defense.lnk

04 Aralık 2009

Desktop Defender 2010

Gönderen admin zaman: 20:52

Hijackthis Raporunda Görünen Girdileri :

O2 - BHO: StatusBarPane - {CCB5551D-8594-4999-85F9-1E3EABCB95AC} - C:\Program Files\Desktop Defender 2010\IEAddon.dll
O4 - HKLM\..\Run: [lk] C:\WINDOWS\system32\lk.exe
O4 - HKLM\..\Run: [Desktop Defender 2010] C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe
O10 - Unknown file in Winsock LSP: c:\program files\desktop defender 2010\siglsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\desktop defender 2010\siglsp.dll

Etiketler :

You have been infected by a proxy-relay trojan server with new and danger "SpamBots".
You have a computer with a virus that sends spam.
This is a mass-mailing worm with backdoor thus allowing un-authorized access to the infected system.
It spreads by mass-mailing itself to e-mail addresses harvested from the local computer or by querying on-line search engines such as google.com.
The IP address that YOU are getting from Internet Service Provider (ISP) for YOU personal computer is on some major blacklist, like SpamHaus.
Your computer has been used to send a huge amount of junk e-mail messages during the last days.
You IP will be marked in the Police log file as mass-mailing spam assist.
Upgrading to the full version Desktop Defender 2010 it will eliminate the majority of Spam attempts.

Temizlik

Update bölümünden güncelleyin.

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

Malwarebytes' Anti-Malware ile temizleyebileceğiniz Desktop Defender 2010 girdileri

Kayıt Defteri Girdileri
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\antivirus_contextscan
HKEY_CLASSES_ROOT\AppID\{C0E56AC2-9F72-436E-B6E7-AEC28AF9E4EB}
HKEY_CLASSES_ROOT\AppID\IEAddon.DLL
HKEY_CLASSES_ROOT\CLSID\{08EEC6AD-7486-487F-89B7-5A3716DDAE14}
HKEY_CLASSES_ROOT\CLSID\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\antivirus_contextscan
HKEY_CLASSES_ROOT\Drives\shellex\ContextMenuHandlers\antivirus_contextscan
HKEY_CLASSES_ROOT\IEAddon.StatusBarPane
HKEY_CLASSES_ROOT\IEAddon.StatusBarPane.1
HKEY_CLASSES_ROOT\Interface\{5B184B9D-B7BD-4FEA-8D1F-5E27182206A5}
HKEY_CLASSES_ROOT\TypeLib\{3ED0E410-5C8E-47B6-A75D-D10B886E903C}
HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Defender 2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Defender 2010
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdifw_drv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform "Desktop Defender 2010"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Desktop Defender 2010"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdidis32.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDIDIS32.SYS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDIDIS32.SYS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidis32.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDIDIS32.SYS
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run ""
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDIDIS32.sys

Klasör ve Dosyalar:
c:\Documents and Settings\All Users\Desktop\Desktop Defender 2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010
c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010\Activate Desktop Defender 2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010\Desktop Defender 2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010\How to Activate Desktop Defender 2010.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Defender 2010.lnk
c:\Program Files\Desktop Defender 2010
c:\Program Files\Desktop Defender 2010\AF.dll
c:\Program Files\Desktop Defender 2010\daily.cvd
c:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe
c:\Program Files\Desktop Defender 2010\guide.chm
c:\Program Files\Desktop Defender 2010\hjengine.dll
c:\Program Files\Desktop Defender 2010\IEAddon.dll
c:\Program Files\Desktop Defender 2010\MFC71.dll
c:\Program Files\Desktop Defender 2010\MFC71ENU.DLL
c:\Program Files\Desktop Defender 2010\msvcp71.dll
c:\Program Files\Desktop Defender 2010\msvcr71.dll
c:\Program Files\Desktop Defender 2010\MyTaskMgrDll.dll
c:\Program Files\Desktop Defender 2010\pthreadVC2.dll
c:\Program Files\Desktop Defender 2010\shellext.dll
c:\Program Files\Desktop Defender 2010\siglsp.dll
c:\Program Files\Desktop Defender 2010\tdifw_drv_WLH.sys
c:\Program Files\Desktop Defender 2010\tdifw_drv_WXP.sys
c:\Program Files\Desktop Defender 2010\uninstall.exe
c:\WINDOWS\system32\
c:\WINDOWS\system32\tdidis32.sys

Pc Live Guard

Gönderen admin zaman: 20:39

Hijackthis Raporunda Görünen Girdileri :

O4 - HKLM\..\Run: [PC Live Guard] "C:\Documents and Settings\All Users\Application Data\117fc\PC339.exe" /s /d

Etiketler :

Temizlik

Update bölümünden güncelleyin.

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

Malwarebytes' Anti-Malware ile temizleyebileceğiniz Pc Live Guard girdileri

Kayıt Defteri Girdileri
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\xp_edb11.DocHostUIHandler
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://search-gala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "IIL"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "[xSP_2:117fc3395e69e29f71abba93a68c4181_7]"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://search-gala.com/?&uid=7&q={searchTerms}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "PC Live Guard"

Klasör ve Dosyalar:
c:\Documents and Settings\All Users\Application Data\117fc\
c:\Documents and Settings\All Users\Application Data\117fc\PC339.exe
c:\Documents and Settings\All Users\Application Data\117fc\PCLG.ico
c:\Documents and Settings\All Users\Application Data\117fc\573.mof
c:\Documents and Settings\All Users\Application Data\117fc\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\117fc\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\117fc\PCLGSys
c:\Documents and Settings\All Users\Application Data\117fc\PCLGSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\117fc\BackUp\
c:\Documents and Settings\All Users\Application Data\117fc\Quarantine Items\
c:\Documents and Settings\All Users\Application Data\PCYZDUHBELG
c:\Documents and Settings\All Users\Application Data\PCYZDUHBELG\PCAWWLG.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Live Guard.lnk
%UserProfile%\Application Data\PC Live Guard
%UserProfile%\Application Data\PC Live Guard\cookies.sqlite
%UserProfile%\Desktop\PC Live Guard.lnk
%UserProfile%\Recent\gid.tmp
%UserProfile%\Recent\SICKBOY.tmp
%UserProfile%\Recent\sld.drv
%UserProfile%\Start Menu\PC Live Guard.lnk
%UserProfile%\Start Menu\Programs\PC Live Guard.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml

Live Pc Care

Gönderen admin zaman: 20:34

Hijackthis Raporunda Görünen Girdileri :

O4 - HKLM\..\Run: [Live PC Care] "C:\Documents and Settings\All Users\Application Data\117fc\LP339.exe" /s /d

Etiketler :

Temizlik

Update bölümünden güncelleyin.

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

Malwarebytes' Anti-Malware ile temizleyebileceğiniz Live Pc Care girdileri

Kayıt Defteri Girdileri
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\xp_5ea56.DocHostUIHandler
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://search-gala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "[xSP_2:117fc3395e69e29f71abba93a68c4181_7]"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://search-gala.com/?&uid=7&q={searchTerms}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Live PC Care"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"

Klasör ve Dosyalar:
c:\Documents and Settings\All Users\Application Data\117fc
c:\Documents and Settings\All Users\Application Data\117fc\LP339.exe
c:\Documents and Settings\All Users\Application Data\117fc\LPCG.ico
c:\Documents and Settings\All Users\Application Data\117fc\8233.mof
c:\Documents and Settings\All Users\Application Data\117fc\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\117fc\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\117fc\LPCGSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\LPCGSys
c:\Documents and Settings\All Users\Application Data\LPCGSys\lpcg.cfg
%UserProfile%\Application Data\Live PC Care
%UserProfile%\Application Data\Live PC Care\cookies.sqlite
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Live PC Care.lnk
%UserProfile%\Desktop\Live PC Care.lnk
%UserProfile%\Recent\cb.drv
%UserProfile%\Recent\CLSV.sys
%UserProfile%\Recent\DBOLE.exe
%UserProfile%\Recent\DBOLE.sys
%UserProfile%\Recent\exec.dll
%UserProfile%\Recent\fan.exe
%UserProfile%\Recent\FW.dll
%UserProfile%\Recent\hymt.drv
%UserProfile%\Recent\kernel32.drv
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\ppal.dll
%UserProfile%\Recent\ppal.sys
%UserProfile%\Recent\runddl.dll
%UserProfile%\Recent\SM.dll
%UserProfile%\Start Menu\Live PC Care.lnk
%UserProfile%\Start Menu\Programs\Live PC Care.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml

AntiKeep

Gönderen admin zaman: 20:26

Hijackthis Raporunda Görünen Girdileri :

O4 - HKLM\..\Run: [AntiKeep] C:\Program Files\AntiKeep Software\AntiKeep\AntiKeep.exe -min

Etiketler :

Temizlik

Update bölümünden güncelleyin.

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

Malwarebytes' Anti-Malware ile temizleyebileceğiniz AntiKeep girdileri

Kayıt Defteri Girdileri
HKEY_CURRENT_USER\Software\AntiKeep
HKEY_LOCAL_MACHINE\SOFTWARE\AntiKeep
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiKeep
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AntiKeep.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "AntiKeep"

Klasör ve Dosyalar:
c:\Documents and Settings\All Users\Desktop\AntiKeep.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\AntiKeep
c:\Documents and Settings\All Users\Start Menu\Programs\AntiKeep\1 AntiKeep.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\AntiKeep\2 Homepage.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\AntiKeep\3 Uninstall.lnk
c:\Program Files\AntiKeep Software
c:\Program Files\AntiKeep Software\AntiKeep
c:\Program Files\AntiKeep Software\AntiKeep\AntiKeep.exe
c:\Program Files\AntiKeep Software\AntiKeep\main_config.xml
c:\Program Files\AntiKeep Software\AntiKeep\uninstall.exe

23 Kasım 2009

AntiAID

Gönderen admin zaman: 17:51

Hijackthis Raporunda Görünen Girdileri :

O4 - HKCU\..\Run: [8enyqcv1.exe] C:\WINDOWS\system32\8enyqcv1.exe
O4 - HKCU\..\Run: [AntiAID] C:\Program Files\AntiAID Software\AntiAID\AntiAID.exe -min

Etiketler :

Temizlik

Update bölümünden güncelleyin.

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

Malwarebytes' Anti-Malware ile temizleyebileceğiniz AntiAID girdileri

Kayıt Defteri Girdileri
HKEY_CURRENT_USER\Software\AntiAID
HKEY_LOCAL_MACHINE\SOFTWARE\AntiAID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiAID
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "8enyqcv1.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AntiAID"

Klasör ve Dosyalar:
c:\Documents and Settings\All Users\Desktop\AntiAID.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\AntiAID
c:\Documents and Settings\All Users\Start Menu\Programs\AntiAID\1 AntiAID.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\AntiAID\2 Homepage.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\AntiAID\3 Uninstall.lnk
c:\Program Files\AntiAID Software
c:\Program Files\AntiAID Software\AntiAID
c:\Program Files\AntiAID Software\AntiAID\AntiAID.exe
c:\Program Files\AntiAID Software\AntiAID\uninstall.exe
c:\WINDOWS\100849pambotz85.bin
c:\WINDOWS\1019wo5m65bz.dll
c:\WINDOWS\10568hack9o5l5z5.dll
c:\WINDOWS\system32\2901sp55za.bin
c:\WINDOWS\system32\29290wozm6795.cpl
c:\WINDOWS\system32\29418tro5ez.ocx
%Temp%\8enyqcv1.exe

30 Ekim 2009

BlockWatcher

Gönderen admin zaman: 22:33

Hijackthis Raporunda Görünen Girdileri :

O4 - HKCU\..\Run: [yxh5.tmp.exe] C:\WINDOWS\system32\yxh5.tmp.exe
O4 - HKCU\..\Run: [BlockWatcher] C:\Program Files\BlockWatcher Software\BlockWatcher\BlockWatcher.exe -min

Etiketler :

Insecure Internet activity. Threat of virus attack!

Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, which can lead to system slowdowns, freezes and crashes. Also insecure Internet activity can result in revealing your personal information.
To get full advanced real-time protection for PC and Internet activity, register BlockWatcher. We recommend you to protect your PC now and continue safe Internet browsing.

Temizlik

Update bölümünden güncelleyin.

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

Malwarebytes' Anti-Malware ile temizleyebileceğiniz BlockWatcher girdileri

Kayıt Defteri Girdileri
HKEY_CURRENT_USER\Software\BlockWatcher
HKEY_LOCAL_MACHINE\SOFTWARE\BlockWatcher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BlockWatcher
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "BlockWatcher"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "yxh5.tmp.exe"

Klasör ve Dosyalar:
c:\Documents and Settings\All Users\Desktop\BlockWatcher.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\BlockWatcher
c:\Documents and Settings\All Users\Start Menu\Programs\BlockWatcher\1 BlockWatcher.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\BlockWatcher\2 Homepage.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\BlockWatcher\3 Uninstall.lnk
%Temp%\yxh5.tmp.exe
c:\Program Files\BlockWatcher Software
c:\Program Files\BlockWatcher Software\BlockWatcher
c:\Program Files\BlockWatcher Software\BlockWatcher\BlockWatcher.exe
c:\WINDOWS\10068tro9zd85.exe
c:\WINDOWS\10258z9amb5t73a.bin
c:\WINDOWS\10518virzs5f9.ocx
c:\WINDOWS\system32\19z89s5y663.dll
c:\WINDOWS\system32\1a605tzal32359.dll
c:\WINDOWS\system32\1aa8tzi952064.cpl

25 Eylül 2009

Google Chrome 4.0.213.1 Beta

Gönderen admin zaman: 18:38

Google'ın internet tarayıcısı olan
Google Chrome'nin beta 4 versiyonunun
yeni sürümü çıktı.

Download Google Chrome 4.0.213.1 Beta (12 mb)

http://dl.google.com/chrome/install/213.1/chrome_installer.exe

18 Eylül 2009

TrustWarrior

Gönderen admin zaman: 00:49

Hijackthis Raporunda Görünen Girdileri :

O4 - HKCU\..\Run: [xinoprpc.exe] C:\WINDOWS\system32\xinoprpc.exe
O4 - HKCU\..\Run: [TrustWarrior] C:\Program Files\TrustWarrior Software\TrustWarrior\TrustWarrior.exe -min
O23 - Service: TrustWarrior Security Service (TrustWarriorSvc) - Unknown owner - C:\Program Files\TrustWarrior Software\TrustWarrior\TrustWarriorSvc.exe (file missing)

Temizlik

Update bölümünden güncelleyin.

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

Malwarebytes' Anti-Malware ile temizleyebileceğiniz TrustWarrior girdileri

Kayıt Defteri Girdileri
HKEY_CURRENT_USER\Software\TrustWarrior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TrustWarrior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\RebootWatch
HKEY_LOCAL_MACHINE\SOFTWARE\TrustWarrior
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TRUSTWARRIORSVC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustWarriorSvc
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "TrustWarrior"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "xinoprpc.exe"

Klasör ve Dosyalar:
c:\Program Files\TrustWarrior Software
c:\Program Files\TrustWarrior Software\TrustWarrior
c:\Program Files\TrustWarrior Software\TrustWarrior\TrustWarrior.exe
c:\Program Files\TrustWarrior Software\TrustWarrior\uninstall.exe
c:\WINDOWS\1074hazktool7905.bin
c:\WINDOWS\10a89acz5oor1785.cpl
c:\WINDOWS\10z58s9ambo54d0.exe
c:\WINDOWS\system32\52d39tea522z.cpl
c:\WINDOWS\system32\52z6ba5kdoor21529.dll
c:\WINDOWS\system32\5309zddwar5515.cpl
c:\Documents and Settings\All Users\Desktop\TrustWarrior.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\TrustWarrior
c:\Documents and Settings\All Users\Start Menu\Programs\TrustWarrior\1 TrustWarrior.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\TrustWarrior\2 Homepage.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\TrustWarrior\3 Uninstall.lnk
%Temp%\Local Settings\Temp\xinoprpc.exe

16 Eylül 2009

Windows Pc Defender

Gönderen admin zaman: 21:13

Hijackthis Raporunda Görünen Girdileri :

O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O4 - HKCU\..\Run: [Windows PC Defender] "C:\Documents and Settings\All Users\Application Data\345d567\WP345d.exe" /s /d

Temizlik

Update bölümünden güncelleyin.

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

Malwarebytes' Anti-Malware ile temizleyebileceğiniz Windows Pc Defender girdileri

Kayıt Defteri Girdileri
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\WP345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" => "http://search-gala.com/?&uid=201&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "UID" = "201"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "89770891803"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows PC Defender"

Klasör ve Dosyalar:
c:\Documents and Settings\All Users\Application Data\345d567
c:\Documents and Settings\All Users\Application Data\345d567\8424.mof
c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\345d567\WP345d.exe
c:\Documents and Settings\All Users\Application Data\345d567\WPCD.ico
c:\Documents and Settings\All Users\Application Data\345d567\WPCDSys
c:\Documents and Settings\All Users\Application Data\345d567\WPCDSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\WPCDSys
c:\Documents and Settings\All Users\Application Data\WPCDSys\wpcd.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows PC Defender.lnk
%UserProfile%\Application Data\Windows PC Defender
%UserProfile%\Application Data\Windows PC Defender\cookies.sqlite
%UserProfile%\Application Data\Windows PC Defender\Instructions.ini
%UserProfile%\Desktop\Windows PC Defender.lnk
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\eb.exe
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\energy.sys
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\fix.exe
%UserProfile%\Recent\FS.drv
%UserProfile%\Recent\kernel32.drv
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\ppal.exe
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\tempdoc.dll
%UserProfile%\Start Menu\Windows PC Defender.lnk
%UserProfile%\Start Menu\Programs\Windows PC Defender.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml

14 Eylül 2009

SoftSafeness

Gönderen admin zaman: 20:30

Hijackthis Raporunda Görünen Girdileri :

O4 - HKCU\..\Run: [ozn695m5.exe] C:\WINDOWS\system32\ozn695m5.exe
O4 - HKCU\..\Run: [SoftSafeness] C:\Program Files\SoftSafeness Software\SoftSafeness\SoftSafeness.exe -min
O23 - Service: SoftSafeness Security Service (SoftSafenessSvc) - Unknown owner - C:\Program Files\SoftSafeness Software\SoftSafeness\SoftSafenessSvc.exe (file missing)

Temizlik

Update bölümünden güncelleyin.

Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.

Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.

Malwarebytes' Anti-Malware ile temizleyebileceğiniz SoftSafeness girdileri

Kayıt Defteri Girdileri
HKEY_CURRENT_USER\Software\SoftSafeness
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftSafeness
HKEY_LOCAL_MACHINE\SOFTWARE\SoftSafeness
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOFTSAFENESSSVC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SoftSafenessSvc
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ozn695m5.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "SoftSafeness"

Klasör ve Dosyalar:
c:\Documents and Settings\All Users\Desktop\SoftSafeness.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SoftSafeness
c:\Documents and Settings\All Users\Start Menu\Programs\SoftSafeness\1 SoftSafeness.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SoftSafeness\2 Homepage.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SoftSafeness\3 Uninstall.lnk
%Temp%\ozn695m5.exe
c:\Program Files\SoftSafeness Software
c:\Program Files\SoftSafeness Software\SoftSafeness
c:\Program Files\SoftSafeness Software\SoftSafeness\SoftSafeness.exe
c:\Program Files\SoftSafeness Software\SoftSafeness\uninstall.exe
c:\WINDOWS\10081not-z-vi5us3999.dll
c:\WINDOWS\10191spy595z.dll
c:\WINDOWS\1039sz5c5.dll
c:\WINDOWS\system32\2fz7downloader2985.ocx
c:\WINDOWS\system32\2z118w95m312.cpl
c:\WINDOWS\system32\2z125spambot679.exe

Virustemizligi

03 Ocak 2010

Temizlik

Malwarebytes' Anti-Malware ile temizleyebileceğiniz Malware Defense girdileri

04 Aralık 2009

Temizlik

Malwarebytes' Anti-Malware ile temizleyebileceğiniz Desktop Defender 2010 girdileri

Temizlik

Malwarebytes' Anti-Malware ile temizleyebileceğiniz Pc Live Guard girdileri

Temizlik

Malwarebytes' Anti-Malware ile temizleyebileceğiniz Live Pc Care girdileri

Temizlik

Malwarebytes' Anti-Malware ile temizleyebileceğiniz AntiKeep girdileri

23 Kasım 2009

Temizlik

Malwarebytes' Anti-Malware ile temizleyebileceğiniz AntiAID girdileri

30 Ekim 2009

Temizlik

Malwarebytes' Anti-Malware ile temizleyebileceğiniz BlockWatcher girdileri

25 Eylül 2009

18 Eylül 2009

Temizlik

Malwarebytes' Anti-Malware ile temizleyebileceğiniz TrustWarrior girdileri

16 Eylül 2009

Temizlik

Malwarebytes' Anti-Malware ile temizleyebileceğiniz Windows Pc Defender girdileri

14 Eylül 2009

Temizlik

Malwarebytes' Anti-Malware ile temizleyebileceğiniz SoftSafeness girdileri

Arama

Son Konular

Son Yorumlar

Abonelik