RSS
Zararlı İsmi : XP Protection Center
Hijackthis raporunda görünen girdileri :
O4 - HKLM\..\Run: [XP Protection Center] "C:\Program Files\XPProtectionCenter\XPProtectionCenter.exe" /hide
|
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
veya
http://rapidshare.com/files/156856918/mbam-setup1.30.zip
İlk olarak yukarıdan Malwarebytes'Anti Malware'i indirin.(2 mb)
Programı kurun.
Update bölümünden güncelleyin.
Perform full scan diyip bütün sürücüleri işaretleyip ; taramanın bitmesini bekliyorsunuz.
Tarama bittiğinde show results diyince bulduğu zararlıları görebilirsiniz.
Remove selected deyip ; biraz bekliyorsunuz.
Bilgisayarınızı yeniden başlatın.
Restart sonunda Bulduğu nesneler karantinaya geldi..
Buradakileri de delete all diyerek uçurabilirsiniz.
Başlat > Programlar menüsünde kalan artıkları ( tıklanınca hatalı kısayol uyarısı veren kısayol ve klasörü el ile silin)
Malwarebytes' Anti-Malware ile temizleyebileceğiniz XP Protection Center girdileri
Kayıt Defteri Girdileri:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
XPProtectionCenter
HKEY_LOCAL_MACHINE\SOFTWARE\XPProtectionCenter
HKEY_CURRENT_USER\Control Panel\don't load "scui.cpl"
HKEY_CURRENT_USER\Control Panel\don't load "wscui.cpl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run "XP Protection Center"
Klasörler :
c:\Program Files\XPProtectionCenter
%UserProfile%\Start Menu\Programs\XPProtectionCenter
Dosyalar :
c:\Program Files\XPProtectionCenter\AVEngn.dll
c:\Program Files\XPProtectionCenter\htmlayout.dll
c:\Program Files\XPProtectionCenter\pthreadVC2.dll
c:\Program Files\XPProtectionCenter\Uninstall.exe
c:\Program Files\XPProtectionCenter\wscui.cpl
c:\Program Files\XPProtectionCenter\XPProtectionCenter.cfg
c:\Program Files\XPProtectionCenter\XPProtectionCenter.exe
c:\Program Files\XPProtectionCenter\data
c:\Program Files\XPProtectionCenter\data\daily.cvd
c:\Program Files\XPProtectionCenter\Microsoft.VC80.CRT
c:\Program Files\XPProtectionCenter\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\Program Files\XPProtectionCenter\Microsoft.VC80.CRT\msvcm80.dll
c:\Program Files\XPProtectionCenter\Microsoft.VC80.CRT\msvcp80.dll
c:\Program Files\XPProtectionCenter\Microsoft.VC80.CRT\msvcr80.dll
c:\WINDOWS\agof.sys
c:\WINDOWS\fykutejudi.sys
c:\WINDOWS\nojeneqy.bin
c:\WINDOWS\olis._dl
c:\WINDOWS\totewake.db
c:\WINDOWS\uzoxapylu.reg
c:\WINDOWS\system32\_scui.cpl
c:\WINDOWS\system32\foxubory.dll
c:\WINDOWS\system32\gihakigobu.dat
c:\Documents and Settings\All Users\Application Data\aqugomafa.reg
c:\Documents and Settings\All Users\Application Data\kiwivaxav.inf
c:\Documents and Settings\All Users\Documents\ozipajy.reg
%UserProfile%\Application Data\hewifehaby._dl
%UserProfile%\Application Data\ojas.scr
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\XPProtectionCenter.lnk
%UserProfile%\Cookies\esed._dl
%UserProfile%\Cookies\ogituqiv.dll
%UserProfile%\Cookies\ojow.dll
%UserProfile%\Cookies\zygewusyfa.pif
%UserProfile%\Desktop\XPProtectionCenter.lnk
%UserProfile%\Local Settings\Application Data\aboh.com
%UserProfile%\Local Settings\Application Data\alarefuqe.exe
%UserProfile%\Local Settings\Application Data\mokofyf.exe
%UserProfile%\Local Settings\Application Data\pyxixu.exe
%UserProfile%\Local Settings\Application Data\sefyjemasy.vbs
%UserProfile%\Local Settings\Application Data\tuqijorujo.reg
%UserProfile%\Local Settings\Application Data\weci.bat
%UserProfile%\Local Settings\Temporary Internet Files\lavev.exe
%UserProfile%\Local Settings\Temporary Internet Files\ruhuf.sys
%UserProfile%\Start Menu\Programs\XPProtectionCenter\Uninstall.lnk
%UserProfile%\Start Menu\Programs\XPProtectionCenter\XPProtectionCenter.lnk
c:\Program Files\Common Files\liguzynaku.pif
c:\Program Files\Common Files\palozace.vbs
c:\Program Files\Common Files\usuk.scr
0 yorum:
Yorum Gönder
Konu ile ilgili görüşlerinizi , soru ve sorunlarınızı
buradan bize iletebilir , diğer ziyaretçiler ile de
paylaşabilirsiniz.