Yeni Kayıt
Konudaki Resimler
önceki
|
Hızlı 
Bildirim
HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (460. sayfa)
Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Victorinox 0.7250.13 Smart Card Cüzdan, Siyah : Amazon.com.tr: Moda
https://www.amazon.com.tr/dp/B092ZNM5J1
7 sa. önce paylaşıldı
Daha Fazla 
Bu Konudaki Kullanıcılar:
Daha Az 
4 Misafir - 4 Masaüstü
Giriş
Mesaj
-
-
İlgin için Teşekkür ederim Serji. -
Firefox kullanıyorum. Her yeni sekme açışımla beraber yeni bir sekme olarak bir reklam açılıyor. :S :D Bıktım artık. Durup dururken reklamlar açılıyor, kendiliğinden... Bir hafta öncesine kadar böyle değildi. :S Bir de konumuzla alakası yok ama yine de sorayım biliyorsundur belki. gameztar diye bir şey var. Ben geçen günlerde yüklemiştim ne olduğunu bilmeden. Sonra sildim tekrar. Ama bir site adı yazıp Ctrl enter yaptığımda gameztar arama motorunda aramaya başlıyor. Onu nasıl kaldırabilirim? :S Teşekkürler şimdiden. :)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:59, on 26.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Safe Section\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.2.0.5360\ACEIEAddOn.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Customized Platform Advancer - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\4.2.0.2050\CPAIEAddOn.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\4.2.0.2150\wso.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c starthttp://www.avg.com/tr.special-uninstallation-feedback-app?lic=OQBJAC0AQQA0AEcAWgBLAC0ANgBRAFIAMwBSAC0AUAA"&"inst=NwA4AC0AMQA5ADUA"&"prod=94"&"ver=9.0.724
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Safe Section\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = D:\Programmes\LimeWire\LimeWire.exe
O4 - Startup: Reboot.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{75845C1B-4DF1-4B25-B218-65C607AB09DC}: NameServer = 8.8.8.8,8.8.4.4
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5607 bytes
< Bu mesaj bu kişi tarafından değiştirildi xamplee -- 27 Aralık 2009; 0:25:47 >
-
@serji
"rezip" hakkında hiçbir bilgim yok
ne olabilir ki sence
< Bu mesaj bu kişi tarafından değiştirildi Peerless -- 27 Aralık 2009; 3:41:17 > -
Serji dostum bakabilirmisin, daha sonra ne yapacagım hakkında da kısa bir açıklamaya ihtiyaacım var
ComboFix 09-12-26.02 - serap 27.12.2009 8:14.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1254.90.1055.18.1022.508 [GMT 2:00]
Running from: c:\documents and settings\serap\Desktop\7011-ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091224-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.
2009-12-09 20:32 . 2009-11-21 15:58 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 05:30 . 2006-03-27 07:53 61682 ----a-w- c:\windows\system32\perfc01F.dat
2009-12-27 05:30 . 2006-03-27 07:53 369492 ----a-w- c:\windows\system32\perfh01F.dat
2009-12-26 22:44 . 2009-04-23 03:40 -------- d-----w- c:\documents and settings\serap\Application Data\Winamp
2009-12-13 06:08 . 2009-04-22 17:25 60928 ----a-w- c:\documents and settings\serap\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-27 17:53 . 2009-10-27 10:40 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-24 23:54 . 2009-04-26 14:20 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-04-26 14:20 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-04-26 14:20 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-04-26 14:20 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-04-26 14:20 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-04-26 14:20 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-22 22:54 . 2009-11-04 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\DynEd
2009-11-21 15:58 . 2004-08-04 21:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 20:25 . 2009-11-17 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-11-17 20:23 . 2006-09-20 21:06 -------- d-----w- c:\program files\Hp
2009-11-17 20:22 . 2009-11-17 20:22 -------- d--h--w- c:\program files\Avago-HP
2009-11-05 08:29 . 2009-11-05 08:29 -------- d-----w- c:\program files\OzgurBar
2009-11-04 22:02 . 2006-09-20 21:06 -------- d-----w- c:\program files\Java
2009-11-04 22:00 . 2009-11-04 22:00 152576 ----a-w- c:\documents and settings\serap\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-04 16:09 . 2009-11-04 16:06 -------- d-----w- c:\program files\DynEd
2009-10-29 07:41 . 2004-08-04 21:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-27 10:40 . 2009-10-27 10:40 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-10-25 12:01 . 2009-10-25 12:01 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-21 05:39 . 2004-08-04 21:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-04 21:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2009-04-22 21:23 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2004-08-04 21:00 270848 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2004-08-04 21:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2004-08-04 21:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 02:17 . 2009-04-22 21:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2006-09-21 06:07 . 2009-04-23 03:16 22 --sha-w- c:\windows\SMINST\HPCD.SYS
.
((((((((((((((((((((((((((((( SnapShot_2009-12-13_00.25.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-13 15:09 . 2009-12-13 15:09 16384 c:\windows\Temp\Perflib_Perfdata_6d0.dat
+ 2009-12-13 05:55 . 2006-03-04 05:48 86108 c:\windows\system32\ReinstallBackups\0019\DriverFiles\SynTPLpr.exe
+ 2009-12-13 05:55 . 2006-03-04 05:47 69724 c:\windows\system32\ReinstallBackups\0019\DriverFiles\SynTPFcs.dll
+ 2009-12-13 05:55 . 2006-03-04 05:35 41065 c:\windows\system32\ReinstallBackups\0019\DriverFiles\SynTPCOM.dll
+ 2009-12-13 05:55 . 2006-03-04 05:50 81920 c:\windows\system32\ReinstallBackups\0019\DriverFiles\SynTPCo2.dll
+ 2009-12-13 05:55 . 2006-03-04 05:35 94300 c:\windows\system32\ReinstallBackups\0019\DriverFiles\SynTPAPI.dll
+ 2009-12-13 05:55 . 2006-03-04 05:34 82015 c:\windows\system32\ReinstallBackups\0019\DriverFiles\SynCOM.dll
+ 2009-12-13 05:55 . 2006-03-04 05:50 81920 c:\windows\system32\ReinstallBackups\0019\DriverFiles\InstNT.exe
+ 2009-12-13 05:55 . 2008-04-14 15:33 23168 c:\windows\system32\ReinstallBackups\0019\DriverFiles\i386\mouclass.sys
+ 2009-12-13 05:55 . 2008-04-14 15:38 51840 c:\windows\system32\ReinstallBackups\0019\DriverFiles\i386\i8042prt.sys
- 2006-03-27 07:53 . 2009-11-04 22:02 53098 c:\windows\system32\perfc009.dat
+ 2006-03-27 07:53 . 2009-12-27 05:30 53098 c:\windows\system32\perfc009.dat
- 2009-04-22 21:22 . 2008-04-14 15:33 23168 c:\windows\system32\drivers\mouclass.sys
+ 2009-04-22 21:22 . 2008-04-14 16:33 23168 c:\windows\system32\drivers\mouclass.sys
+ 2009-04-22 21:22 . 2008-04-14 16:38 51840 c:\windows\system32\drivers\i8042prt.sys
- 2009-04-22 21:22 . 2008-04-14 15:38 51840 c:\windows\system32\drivers\i8042prt.sys
+ 2009-04-22 21:22 . 2008-04-14 16:33 23168 c:\windows\system32\dllcache\mouclass.sys
+ 2009-04-22 21:22 . 2008-04-14 16:38 51840 c:\windows\system32\dllcache\i8042prt.sys
- 2009-04-23 03:48 . 2009-12-09 20:38 23040 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-04-23 03:48 . 2009-12-19 16:08 23040 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-04-23 03:48 . 2009-12-09 20:38 61440 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-04-23 03:48 . 2009-12-19 16:08 61440 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-04-23 03:48 . 2009-12-09 20:38 27136 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-04-23 03:48 . 2009-12-19 16:08 27136 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-04-23 03:48 . 2009-12-19 16:08 11264 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-04-23 03:48 . 2009-12-09 20:38 11264 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-04-23 03:48 . 2009-12-09 20:38 86016 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-04-23 03:48 . 2009-12-19 16:08 86016 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-04-23 03:48 . 2009-12-19 16:08 12288 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-04-23 03:48 . 2009-12-09 20:38 12288 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-04-23 03:48 . 2009-12-09 20:38 4096 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-04-23 03:48 . 2009-12-19 16:08 4096 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-09-15 00:50 . 2007-09-15 00:50 110592 c:\windows\system32\SynTPCo4.dll
+ 2006-05-21 23:09 . 2007-09-15 00:21 147456 c:\windows\system32\SynTPAPI.dll
+ 2006-05-21 23:09 . 2007-09-15 00:13 196608 c:\windows\system32\SynCtrl.dll
+ 2006-05-21 23:09 . 2007-09-15 00:13 163840 c:\windows\system32\SynCOM.dll
+ 2009-12-13 05:55 . 2006-03-04 05:48 225280 c:\windows\system32\ReinstallBackups\0019\DriverFiles\Tutorial.exe
+ 2009-12-13 05:55 . 2006-03-04 05:30 163840 c:\windows\system32\ReinstallBackups\0019\DriverFiles\SynZMetr.exe
+ 2009-12-13 05:55 . 2006-03-04 05:46 761948 c:\windows\system32\ReinstallBackups\0019\DriverFiles\SynTPEnh.exe
+ 2009-12-13 05:55 . 2006-03-04 05:31 192736 c:\windows\system32\ReinstallBackups\0019\DriverFiles\SynTP.sys
+ 2009-12-13 05:55 . 2006-03-04 05:30 147456 c:\windows\system32\ReinstallBackups\0019\DriverFiles\SynMood.exe
+ 2009-12-13 05:55 . 2006-03-04 05:48 557056 c:\windows\system32\ReinstallBackups\0019\DriverFiles\SynISDLL.dll
+ 2009-12-13 05:55 . 2006-03-04 05:34 114688 c:\windows\system32\ReinstallBackups\0019\DriverFiles\SynCtrl.dll
- 2006-03-27 07:53 . 2009-11-04 22:02 380684 c:\windows\system32\perfh009.dat
+ 2006-03-27 07:53 . 2009-12-27 05:30 380684 c:\windows\system32\perfh009.dat
- 2006-03-27 07:49 . 2009-11-12 06:04 238352 c:\windows\system32\FNTCACHE.DAT
+ 2006-03-27 07:49 . 2009-12-13 06:08 238352 c:\windows\system32\FNTCACHE.DAT
+ 2006-05-21 23:09 . 2007-09-15 00:09 213696 c:\windows\system32\drivers\SynTP.sys
- 2009-04-23 03:48 . 2009-12-09 20:38 409600 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-04-23 03:48 . 2009-12-19 16:08 409600 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-04-23 03:48 . 2009-12-19 16:08 286720 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-04-23 03:48 . 2009-12-09 20:38 286720 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-04-23 03:48 . 2009-12-19 16:08 249856 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-04-23 03:48 . 2009-12-09 20:38 249856 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-04-23 03:48 . 2009-12-09 20:38 794624 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-04-23 03:48 . 2009-12-19 16:08 794624 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-04-23 03:48 . 2009-12-09 20:38 135168 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-04-23 03:48 . 2009-12-19 16:08 135168 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-04-23 03:48 . 2009-12-19 16:08 593920 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-04-23 03:48 . 2009-12-09 20:38 593920 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-12-18 20:48 . 2007-01-09 06:19 110592 c:\windows\Downloaded Program Files\PURtr-tr.dll
+ 2006-11-20 09:04 . 2006-11-20 09:04 117088 c:\windows\Downloaded Program Files\PURen-us.dll
+ 2009-08-19 09:55 . 2009-08-19 09:55 829288 c:\windows\Downloaded Program Files\MsnPUpld.dll
+ 2009-12-13 05:55 . 2006-03-04 05:38 6135900 c:\windows\system32\ReinstallBackups\0019\DriverFiles\SynTPCpl.dll
+ 2009-12-16 20:58 . 2009-12-16 20:58 5382144 c:\windows\Installer\f0aad.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-15 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-15 86016]
"nwiz"="nwiz.exe" [2006-04-15 1519616]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-11 102400]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-10-27 520024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Samsung\Samsung PC Studio 7\PcSync2.exe" [2006-06-27 1449984]
c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
AirTies ADSL Hizmet Program.lnk - c:\program files\AirTies\ADSL Hizmet Program\AirTies_util3.exe [2009-4-26 2350592]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-27 581693]
HP Photosmart Premier Hzl BaŸlat.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29.04.2009 22:34 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [26.04.2009 17:15 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26.04.2009 17:15 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 1028432]
S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [23.04.2009 05:55 135680]
S3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [23.04.2009 05:55 8320]
S3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [23.04.2009 05:55 12288]
S3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [23.04.2009 05:55 12288]
S3 ZSMC0305;Shiny SH2166 Webcam;c:\windows\system32\drivers\usbVM305.sys [18.10.2009 19:30 391643]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-12-27 08:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????X??????(?@???????@
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3340)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-12-27 08:20:39
ComboFix-quarantined-files.txt 2009-12-27 06:20
ComboFix2.txt 2009-10-20 09:47
ComboFix3.txt 2009-10-03 00:53
ComboFix4.txt 2009-10-01 23:04
ComboFix5.txt 2009-12-13 00:18
Pre-Run: 37.887.709.184 bayt boş
Post-Run: 37.886.455.808 bayt boş
- - End Of File - - FB7897A94B3FC19A212422EDA27CAF3B
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:43, on 12/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Accurate 4\BIN\Accurate40.exe
C:\Documents and Settings\Anonim\Belgelerim\Downloads\Programs\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =http://www.tvfilmizle.net/soft.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll
O2 - BHO: Textual Content Provider - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Internet Today Task] "C:\Program Files\Internet Today\1.1.0.1260\InternetToday.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Kısayol RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) -http://80.237.209.20/objects/NpFv501.dll
O23 - Service: Acunetix WVS Scheduler v6 (AcuWVSSchedulerv6) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5207 bytes
-
quote:
Orijinalden alıntı: BabyIcey
İlgin için Teşekkür ederim Serji.
Rica ederim. -
quote:
Orijinalden alıntı: xamplee
Firefox kullanıyorum. Her yeni sekme açışımla beraber yeni bir sekme olarak bir reklam açılıyor. :S :D Bıktım artık. Durup dururken reklamlar açılıyor, kendiliğinden... Bir hafta öncesine kadar böyle değildi. :S Bir de konumuzla alakası yok ama yine de sorayım biliyorsundur belki. gameztar diye bir şey var. Ben geçen günlerde yüklemiştim ne olduğunu bilmeden. Sonra sildim tekrar. Ama bir site adı yazıp Ctrl enter yaptığımda gameztar arama motorunda aramaya başlıyor. Onu nasıl kaldırabilirim? :S Teşekkürler şimdiden. :)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.2.0.5360\ACEIEAddOn.dll
O2 - BHO: Customized Platform Advancer - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\4.2.0.2050\CPAIEAddOn.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\4.2.0.2150\wso.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Reboot.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
ComboFix adlı programı masaüstünüze indirin.
http://www.buraksonmez.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
quote:
Orijinalden alıntı: Peerless_1
@serji
"rezip" hakkında hiçbir bilgim yokne olabilir ki sence
Oyleyse baslat - calistir - services.msc yazip entera basip daha sonra da Rezip cift tiklayip durdur ve baslangic turunu devre disi olarak ayarla.
-
quote:
Orijinalden alıntı: kelcevat1976
Serji dostum bakabilirmisin, daha sonra ne yapacagım hakkında da kısa bir açıklamaya ihtiyaacım var
Malwarebytes Antimalware adlı programı indirin.
http://www.buraksonmez.com/dosyalar/mbam-setup.exe
* Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
* Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
* Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
* Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
* Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
* Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
* Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
* Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
* Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.
NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.
-
serji kardeşim bunada bi bakarmısın
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:43, on 12/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Accurate 4\BIN\Accurate40.exe
C:\Documents and Settings\Anonim\Belgelerim\Downloads\Programs\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =http://www.tvfilmizle.net/soft.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll
O2 - BHO: Textual Content Provider - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Internet Today Task] "C:\Program Files\Internet Today\1.1.0.1260\InternetToday.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Kısayol RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) -http://80.237.209.20/objects/NpFv501.dll
O23 - Service: Acunetix WVS Scheduler v6 (AcuWVSSchedulerv6) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5207 bytes
serji kardeşim bunada bi bakarmısın
-
Serji dediklerini yaptım. Antivirüs ve Antispyware olarak AVG 9.0'u kullanıyordum. Sistemi çok kasıyor diye direk sildim. Önerdiğin, hafif bir şey varsa onu yükleyeyim? :) Combofix logları burada buyur. Kolay gelsin.
ComboFix 09-12-22.09 - Safe Section 27.12.2009 14:44:39.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1254.90.1055.18.511.339 [GMT 2:00]
Running from: c:\documents and settings\Safe Section\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\scrrntr.dll
.
((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.
2009-12-22 21:02 . 2009-12-22 21:02 -------- d-----w- c:\documents and settings\Other Zone.HOME-1FEFD6A908\Local Settings\Application Data\Web Search Operator
2009-12-22 21:02 . 2009-12-22 21:02 -------- d-----w- c:\documents and settings\Other Zone.HOME-1FEFD6A908\Local Settings\Application Data\Gameztar Toolbar
2009-12-22 21:02 . 2009-12-22 21:02 -------- d-----w- c:\documents and settings\Other Zone.HOME-1FEFD6A908\Local Settings\Application Data\Customized Platform Advancer
2009-12-22 21:02 . 2009-12-22 21:02 -------- d-----w- c:\documents and settings\Other Zone.HOME-1FEFD6A908\Local Settings\Application Data\Automated Content Enhancer
2009-12-22 19:30 . 2009-12-22 19:30 -------- d-----w- c:\documents and settings\Other Zone.HOME-1FEFD6A908\Local Settings\Application Data\Internet Today
2009-12-22 18:48 . 2009-12-22 18:48 -------- d-----w- c:\documents and settings\Safe Section\Local Settings\Application Data\Internet Today
2009-12-22 18:48 . 2009-12-22 18:48 -------- d-----w- c:\program files\Internet Today
2009-12-22 18:47 . 2009-12-22 18:47 -------- d-----w- c:\documents and settings\Safe Section\Local Settings\Application Data\Customized Platform Advancer
2009-12-22 18:47 . 2009-12-22 18:47 -------- d-----w- c:\program files\Customized Platform Advancer
2009-12-22 18:47 . 2009-12-22 18:47 -------- d-----w- c:\documents and settings\Safe Section\Local Settings\Application Data\Automated Content Enhancer
2009-12-22 18:47 . 2009-12-22 18:47 -------- d-----w- c:\program files\Automated Content Enhancer
2009-12-22 18:47 . 2009-12-22 18:47 -------- d-----w- c:\documents and settings\Safe Section\Local Settings\Application Data\Web Search Operator
2009-12-22 18:47 . 2009-12-22 18:47 -------- d-----w- c:\program files\Web Search Operator
2009-12-22 18:45 . 2009-12-23 14:30 -------- d-----w- c:\program files\Gameztar Toolbar
2009-12-22 18:44 . 2009-12-23 14:30 -------- d-----w- c:\documents and settings\Safe Section\Local Settings\Application Data\Gameztar Toolbar
2009-12-10 23:38 . 2009-12-10 23:38 -------- d-----w- c:\documents and settings\Other Zone.HOME-1FEFD6A908\Application Data\DivX
2009-11-27 21:47 . 2009-11-27 21:47 -------- d-----w- c:\documents and settings\Safe Section\Application Data\PlayFirst
2009-11-27 21:47 . 2009-11-27 21:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PlayFirst
2009-11-27 21:46 . 2009-11-27 21:46 -------- d-----w- c:\program files\ReflexiveArcade
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 12:57 . 2009-10-14 14:04 -------- d-----w- c:\documents and settings\Safe Section\Application Data\LimeWire
2009-12-12 13:01 . 2009-06-24 11:49 -------- d-----w- c:\program files\FlashGet
2009-12-04 14:55 . 2009-10-22 19:15 -------- d-----w- c:\program files\Oyna65
2009-11-23 20:42 . 2009-08-03 21:08 -------- d-----w- c:\program files\Java
2009-11-23 20:41 . 2009-11-23 20:41 152576 ----a-w- c:\documents and settings\Safe Section\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-23 20:19 . 2009-11-23 20:19 79488 ----a-w- c:\documents and settings\Safe Section\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-04 20:44 . 2009-11-04 20:44 49936 ----a-w- c:\documents and settings\Other Zone.HOME-1FEFD6A908\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-31 21:26 . 2009-10-31 21:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Messenger Plus!
2009-10-31 20:59 . 2009-10-31 20:59 -------- d-----w- c:\program files\Messenger Plus! Live
2009-10-31 20:58 . 2009-08-07 12:25 49936 ----a-w- c:\documents and settings\Safe Section\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-29 08:14 . 2009-08-07 12:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2009-10-25 07:57 . 2004-08-04 12:00 67438 ----a-w- c:\windows\system32\perfc01F.dat
2009-10-25 07:57 . 2004-08-04 12:00 380692 ----a-w- c:\windows\system32\perfh01F.dat
2009-10-14 13:56 . 2009-10-14 13:56 152576 ----a-w- c:\documents and settings\Safe Section\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-11 02:17 . 2009-10-14 13:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
------- Sigcheck -------
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-04 . 6A603809F598332DBEDD535BDBCE313E . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Safe Section\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-13 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"nwiz"="nwiz.exe" [2005-02-24 1495040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-24 86016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
c:\documents and settings\Safe Section\Start Menu\Programlar\BaŸlang‡\
LimeWire On Startup.lnk - d:\programmes\LimeWire\LimeWire.exe [2009-9-30 503808]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programlar\BaŸlang‡\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2009-6-23 1183744]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Games\\Ultima Online Mondain's Legacy\\plugin.ini"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Documents and Settings\\Other Zone.HOME-1FEFD6A908\\Desktop\\KuzeyScript\\mirc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"d:\\Programmes\\LimeWire\\LimeWire.exe"=
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
TCP: {75845C1B-4DF1-4B25-B218-65C607AB09DC} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Safe Section\Application Data\Mozilla\Firefox\Profiles\ap1kziio.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://www.google.com.tr/
FF - component: c:\program files\Automated Content Enhancer\4.2.0.5360\FF\components\ACEFFAddOn.dll
FF - component: c:\program files\Customized Platform Advancer\4.2.0.2050\FF\components\CPAFFAddOn.dll
FF - component: c:\program files\Web Search Operator\4.2.0.2150\FF\components\WSOFFAddOn.dll
FF - plugin: c:\documents and settings\Safe Section\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-12-27 14:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(4056)
c:\windows\system32\browselc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2009-12-27 15:01:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-27 13:01
Pre-Run: 36.238.053.376 bayt boş
Post-Run: 37.401.419.776 bayt boş
- - End Of File - - 91789FE138B03ACA28D80E362049059D
-
Combofix logum:
ComboFix 09-12-25.02 - Owner 25.12.2009 22:57:13.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1254.90.1055.18.511.179 [GMT 2:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Downloaded Installations\{282B5224-698C-4638-96F7-6B2B184DC429}\1033.MST
c:\documents and settings\All Users\Application Data\Downloaded Installations\{282B5224-698C-4638-96F7-6B2B184DC429}\AVGIDP_setup.msi
c:\documents and settings\All Users\Application Data\Downloaded Installations\{70ADDA88-7F88-46A1-A9C4-5BD9EA9934A1}\1033.MST
c:\documents and settings\All Users\Application Data\Downloaded Installations\{70ADDA88-7F88-46A1-A9C4-5BD9EA9934A1}\AVGIDP_setup.msi
c:\windows\180ax.exe
c:\windows\default.htm
c:\windows\hosts
c:\windows\mssvr.exe
c:\windows\swin32.dll
c:\windows\system32\drivers\4_stars.gif
c:\windows\system32\drivers\5_stars.gif
c:\windows\system32\drivers\alert_icon.gif
c:\windows\system32\drivers\buy_btn.gif
c:\windows\system32\drivers\close_icon.gif
c:\windows\system32\drivers\detect.htm
c:\windows\system32\drivers\download_btn.gif
c:\windows\system32\drivers\features.gif
c:\windows\system32\drivers\header_bg.gif
c:\windows\system32\drivers\icon_warning.gif
c:\windows\system32\drivers\logo_bg.gif
c:\windows\system32\drivers\perfect_cleaner_box.jpg
c:\windows\system32\drivers\perfect_cleaner_box_small.jpg
c:\windows\system32\drivers\perfect_cleaner_header.gif
c:\windows\system32\drivers\perfect_cleaner_header_small.gif
c:\windows\system32\drivers\protect.gif
c:\windows\system32\drivers\pt.htm
c:\windows\system32\drivers\remove_spyware_button.gif
c:\windows\system32\drivers\s_detect.htm
c:\windows\system32\drivers\secuity_center_logo.gif
c:\windows\system32\drivers\spy_away_box.jpg
c:\windows\system32\drivers\spy_away_box_small.jpg
c:\windows\system32\drivers\spy_away_header.gif
c:\windows\system32\drivers\spy_away_header_small.gif
c:\windows\system32\drivers\users_rating.gif
c:\windows\system32\drivers\v.gif
c:\windows\system32\drivers\x.gif
c:\windows\system32\gtv_sd.bin
c:\windows\system32\lclcfg32.ini
c:\windows\system32\lfd32.ini
c:\windows\system32\ntSVc.ocx
c:\windows\system32\scrrntr.dll
c:\windows\system32\sl.bin
c:\windows\system32\stfv.bin
c:\windows\system32\wer8274.dll
c:\windows\voiceip.dll
.
((((((((((((((((((((((((( Files Created from 2009-11-25 to 2009-12-25 )))))))))))))))))))))))))))))))
.
2009-12-25 16:31 . 2009-12-25 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-12-25 00:11 . 2009-12-25 00:11 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-12-22 16:42 . 2009-12-14 20:47 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2009-12-22 16:42 . 2009-12-14 20:47 4043032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-12-22 16:42 . 2009-12-14 20:47 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2009-12-18 14:47 . 2009-12-21 01:50 294656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglngx.dll
2009-12-14 20:57 . 2009-12-14 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG IDS
2009-12-14 20:47 . 2009-12-14 20:47 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-14 20:47 . 2009-12-14 20:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-14 20:47 . 2009-12-14 20:47 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-14 20:47 . 2009-12-14 20:47 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-14 20:47 . 2009-12-25 17:25 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-14 17:35 . 2009-12-14 17:35 -------- d-----w- c:\documents and settings\LocalService\Application Data\ESET
2009-12-14 16:03 . 2009-12-14 16:03 -------- d-----w- c:\documents and settings\Owner\Application Data\ESET
2009-12-11 18:38 . 2009-12-20 22:36 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 20:53 . 2007-01-25 18:28 -------- d-----w- c:\program files\Google
2009-12-25 20:46 . 2007-07-01 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-25 17:24 . 2009-10-22 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-25 17:15 . 2009-10-23 00:41 0 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
2009-12-25 00:10 . 2005-10-12 13:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-14 20:47 . 2009-11-12 17:14 3967256 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-14 17:46 . 2007-07-15 14:33 -------- d-----w- c:\program files\ESET
2009-12-14 16:02 . 2008-03-12 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-12-10 13:07 . 2004-08-04 12:00 62518 ----a-w- c:\windows\system32\perfc01F.dat
2009-12-10 13:07 . 2004-08-04 12:00 372014 ----a-w- c:\windows\system32\perfh01F.dat
2009-12-10 13:07 . 2009-05-10 21:10 62206 ----a-w- c:\windows\system32\perfc041.dat
2009-12-10 13:07 . 2009-05-10 21:10 371308 ----a-w- c:\windows\system32\perfh041.dat
2009-11-22 16:59 . 2009-01-11 16:41 -------- d-----w- c:\program files\AVG
2009-11-15 13:47 . 2009-11-14 14:57 -------- d-----w- c:\program files\DivX
2009-11-14 14:59 . 2009-11-14 14:59 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2009-10-29 07:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:39 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2004-08-04 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-09 13:02 . 2009-10-09 13:02 74760 ----a-w- c:\windows\system32\drivers\UniversalDD.sys
2009-10-09 13:02 . 2009-10-09 13:02 25608 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-14 2033432]
"AVGIDS"="c:\program files\AVG\Identity Protection\agent\bin\AVGIDSUI.exe" [2009-10-09 1640968]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-20 86016]
"nwiz"="nwiz.exe" [2005-07-20 1519616]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,2e,65,78,65,00,00
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Emule\\emule.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSEH.sys [09.10.2009 15:02 25608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [14.12.2009 22:47 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [14.12.2009 22:47 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [14.12.2009 22:47 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [14.12.2009 22:47 285392]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\Identity Protection\agent\Bin\AVGIDSWatcher.exe [09.10.2009 15:02 559624]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSDriver.sys [09.10.2009 15:02 122376]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSFilter.sys [09.10.2009 15:02 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSShim.sys [09.10.2009 15:02 25736]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe [09.10.2009 15:02 5832712]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.tr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\progra~1\KATKAT~1\sliplsp.dll
TCP: {DC791C56-4D91-4348-B5C9-067BEBFC051A} = 4.2.2.1,4.2.2.2
DPF: {D9A98D08-9B09-465D-97A0-687A27399092} - hxxp://www.viewtec.ch/downloads/TerrainViewWebOCX.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gibfphg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Spyware Cleaner - c:\program files\Spyware Cleaner\SpywareCleaner.Exe
HKLM-Run-SpySpotter System Defender - c:\program files\SpySpotter3\Defender.exe
HKLM-Run-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
Notify-avgrsstarter - (no file)
Notify-crypt32chain - (no file)
Notify-cryptnet - (no file)
Notify-cscdll - (no file)
Notify-igfxcui - (no file)
Notify-ScCertProp - (no file)
Notify-Schedule - (no file)
Notify-sclgntfy - (no file)
Notify-SensLogn - (no file)
Notify-termsrv - (no file)
Notify-WgaLogon - (no file)
Notify-wlballoon - (no file)
AddRemove-Adobe SVG Viewer - c:\program files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-12-25 23:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(564)
c:\progra~1\KATKAT~1\sliplsp.dll
- - - - - - - > 'explorer.exe'(1228)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-25 23:03:20
ComboFix-quarantined-files.txt 2009-12-25 21:03
Pre-Run: 1.180.811.264 bayt boş
Post-Run: 1.144.176.640 bayt boş
- - End Of File - - 83EDB840D3F1BFC5EA53EDAFB6583C15
-
@serji
teşekkürler dostum yaptım dediğini
neydi ki o rezip?
-
Hocam benim sorunum PCde , Yavaşlamalar var. loglar aşagıda
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:57, on 27.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LClock\LClock.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [tsnp2std] C:\Program Files\Common Files\snp2std\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TransBar] C:\Documents and Settings\Admin\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe /s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5682 bytes
-
quote:
Orijinalden alıntı: serji
quote:
Orijinalden alıntı: djinn_inc
İstemiş olduğunuz Malwarebytes logu aşağıdadır sn.Serji bakabilirseniz sevinirim.
Bir sorun gozukmuyor hepsi temizlenmis. Problemler devam ediyo rmu?
Sorunlarım halloldu, yardımlarınız için çok teşekkürler Serji. -
Serji tekrar merhabalar, aşağıdaki loga bakabilirsen sevinirim. Sistemde genel bir yavaşlık, kendiliğinden açılan pop-up ekranları var ve bazı internet sitelerindeki doğrulama kodlarını göstermiyor.
quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:46, on 28.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp1\winampa.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\PP_Ajanda\Ajanda.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\kayacan\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://search.myheritage.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll (file missing)
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll (file missing)
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Customized Platform Advancer - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\4.1.0.1960\CPAIEAddOn.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\4.1.0.2080\wso.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp1\winampa.exe
O4 - HKLM\..\Run: [Windows Config] WINSERV.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SimkaStudio] "C:\Program Files\Simka Çeviri Demo\SimkaStudio.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Sekreterim] "C:\MoSekreterimV2\MoBiMSekreterimV2.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [BearShare] "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" --lightmode
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ajanda.LNK = C:\Program Files\PP_Ajanda\Ajanda.exe
O4 - Startup: Ey DSL! Beta3.lnk = C:\Program Files\Ey DSL! Beta3\EyDSL.exe
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Startup: Mopy Points Collector.lnk = C:\MOPYFISH\GETPOINT.EXE
O4 - Startup: Purrint.lnk = C:\Program Files\Purrint\Purrint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone:http://*.reliablestats.com
O15 - Trusted Zone:http://*.winantispyware.com
O15 - Trusted Zone:http://*.winantivirus.com
O15 - Trusted Zone:http://*.winantiviruspro.com
O15 - Trusted Zone:http://*.winnanny.com
O15 - Trusted Zone:http://*.winsoftware.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -http://tuncmlbyl.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} -http://www.gamegarden.net/game/ggsecure.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) -http://www.myheritage.com.tr/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) -http://www.facebook.com/controls/contactx.dll
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) -http://88.231.250.64/activex/AMC.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) -http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} (JaguarEditControl-ISBANK) -https://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv27.CAB
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) -http://88.231.250.64:85/activex/AMC.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{56172B8E-92FB-44D5-A674-1EB686635947}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O24 - Desktop Component 0: (no name) -http://www.alevci.com/clientscript/vbulletin_global.js
O24 - Desktop Component 1: (no name) -http://80.237.205.52/k/res/2007/04/20070406_357800_1175872666_uofo.jpg
--
End of file - 12905 bytes
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48:23, on 28/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PANDA SOFTWARE\AVTC\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PANDA SOFTWARE\AVTC\PsCtrlS.exe
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PSKMsSvc.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PsImSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
D:\IObit SmartDefrag\IObit SmartDefrag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\rndll.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Sony\VAIO Launcher\Launcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe
C:\Program Files\Panda Software\Panda Administrator 3\PavUpg\pavupg.exe
C:\Documents and Settings\Arda\Desktop\HiJackThis.exe
C:\Program Files\PANDA SOFTWARE\AVTC\panicsh.exe
C:\Program Files\PANDA SOFTWARE\AVTC\panicsh.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://freeart1cile.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SmartDefrag] "D:\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [Firevall Administrating] rndll.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Arastir - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} (JaguarEditControl-ISBANK) -https://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv27.CAB
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} (TeamOn Import Object) -https://bis.eu.blackberry.com/html/web/client_tools/TOImport.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9936461ebc9a8) (gupdate1c9936461ebc9a8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Security - C:\Program Files\PANDA SOFTWARE\AVTC\PsCtrlS.exe
O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Security, S.L. - C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Program Files\PANDA SOFTWARE\AVTC\PavSrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda AntiSpam Engine (PMShellSrv) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\PSKMsSvc.exe
O23 - Service: Panda IManager Service (PsImSvc) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVTC\PsImSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
--
End of file - 12993 bytes
-
serji kardesim benim sikintimda diger arkadaslar gibi explorer actigimdahttp://www.freeart1cile.com/ sitesi gelip duruyor avast kurdum tarattim olmadi avg antispyware kurdum tarattim bir sey olmadi ayrica bilgisayar bazen kendiliginden kilitleniyor sonra cozuluyor. acilis cok yavas msnde yazisirken sikintilar var. sana HiJackThis programinin sonuclarini da yukariya yapistirdim ilgilenirsen cok sevinirim. -
Serji bide bunlara bakabilirmisin.
ComboFix 09-12-27.03 - Ortak Avukat 28.12.2009 15:56:07.1.2 - x86
Microsoft Windows 7 Home Basic 6.1.7600.0.1254.90.1055.18.2013.1282 [GMT 2:00]
Running from: c:\users\Ortak Avukat\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-967650418-2278184393-3434319591-500
.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-28 )))))))))))))))))))))))))))))))
.
2009-12-28 14:00 . 2009-12-28 14:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-23 07:59 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-23 07:59 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-23 07:59 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-23 07:59 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-23 07:59 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-23 07:59 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-23 07:59 . 2009-09-15 11:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-12-23 07:59 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-12-23 07:59 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-12-23 07:59 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-12-23 07:59 . 2009-12-23 07:59 -------- d-----w- c:\program files\Alwil Software
2009-12-04 16:12 . 2009-11-02 18:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-04 15:55 . 2008-05-22 10:15 434 ----a-w- c:\windows\myClean.bat
2009-12-04 14:28 . 2009-12-04 14:30 -------- d-----w- C:\etcbase
2009-12-04 14:09 . 2009-12-04 14:09 -------- d-----w- c:\users\Ortak Avukat\AppData\Local\Monotype Imaging Inc
2009-12-02 16:12 . 2009-12-02 16:20 -------- d-----w- c:\users\Ortak Avukat\AppData\Local\Microsoft Games
2009-12-02 15:52 . 2009-12-02 15:52 -------- d-----w- c:\programdata\InstallShield
2009-12-02 15:52 . 2007-11-08 11:10 288768 ----a-w- c:\windows\system32\drivers\RTL8187B.sys
2009-12-02 15:52 . 2009-12-02 15:52 -------- d-----w- c:\program files\Linksys
2009-12-02 15:25 . 2009-12-02 15:25 -------- d-----w- c:\windows\system32\Macromed
2009-12-02 15:14 . 2009-12-02 15:14 109240 ----a-w- c:\users\Ortak Avukat\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-02 14:21 . 2007-09-10 13:12 229888 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HP1006S.DLL
2009-12-02 13:50 . 2009-12-02 13:50 -------- d-----w- c:\users\Public\Juniper Networks
2009-12-02 13:50 . 2009-06-19 05:51 345384 ----a-w- c:\windows\system32\dsNcCredProv.dll
2009-12-02 13:50 . 2009-12-02 13:50 -------- d-----w- c:\program files\Juniper Networks
2009-12-02 13:49 . 2009-12-02 13:50 -------- d-----w- c:\users\Ortak Avukat\AppData\Roaming\Juniper Networks
2009-12-02 13:48 . 2009-12-02 13:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-02 13:48 . 2009-12-02 13:48 -------- d-----w- c:\program files\Java
2009-12-02 11:47 . 2009-12-02 11:47 -------- d-----w- c:\users\Ortak Avukat\AppData\Local\ElevatedDiagnostics
2009-12-02 11:22 . 2005-08-18 17:22 94720 ----a-w- c:\windows\system32\dneinobj.dll
2009-12-02 11:22 . 2005-08-18 17:22 110080 ----a-w- c:\windows\system32\drivers\dne2000.sys
2009-12-02 11:22 . 2009-12-04 14:30 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2009-12-02 11:22 . 2009-12-02 11:22 -------- d-----w- c:\program files\Cisco Systems
2009-12-02 11:22 . 2009-12-04 14:29 -------- d-----w- c:\windows\24C67B540718445EB6633138D9246BD1.TMP
2009-12-02 10:52 . 2009-12-04 12:43 -------- d-----w- c:\users\Ortak Avukat\AppData\Local\Diagnostics
2009-12-02 10:26 . 2009-12-02 10:26 -------- d-----w- c:\program files\AirTies
2009-12-02 10:26 . 2007-09-06 10:10 493568 ----a-w- c:\windows\system32\drivers\AIRWGU.sys
2009-12-02 10:26 . 2009-12-02 10:26 -------- d-----w- c:\programdata\AirTies
2009-12-02 10:26 . 2009-12-02 10:26 -------- d-----w- c:\users\Ortak Avukat\AppData\Roaming\InstallShield
2009-12-02 10:22 . 2009-12-03 14:46 -------- d-----w- c:\users\Ortak Avukat\AppData\Roaming\Hewlett-Packard
2009-12-02 10:22 . 2009-12-02 10:22 -------- d-----w- c:\users\Ortak Avukat\AppData\Local\PDFC
2009-12-02 10:21 . 2009-12-02 10:22 -------- d-----w- c:\users\Ortak Avukat\AppData\Local\Hewlett-Packard
2009-12-02 10:21 . 2009-12-02 10:21 -------- d-----w- c:\users\Ortak Avukat\AppData\Local\Hewlett-Packard_Company
2009-12-02 10:19 . 2009-12-02 10:19 -------- d-----w- c:\users\Ortak Avukat\AppData\Roaming\HP TCS
2009-12-02 10:18 . 2009-12-02 10:18 40 ----a-w- c:\windows\system\hpsysdrv.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 13:49 . 2009-11-07 05:19 609650 ----a-w- c:\windows\system32\perfh01F.dat
2009-12-28 13:49 . 2009-11-07 05:19 118138 ----a-w- c:\windows\system32\perfc01F.dat
2009-12-28 13:40 . 2009-12-23 08:32 -------- d-----w- c:\programdata\Lavasoft
2009-12-24 10:23 . 2009-12-24 10:23 388096 ----a-r- c:\users\Ortak Avukat\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-23 07:40 . 2009-11-07 04:43 -------- d-----w- c:\programdata\PDFC
2009-12-14 09:06 . 2009-11-07 04:38 -------- d-----w- c:\programdata\Microsoft Help
2009-12-03 15:03 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2009-12-03 15:03 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2009-12-03 15:03 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2009-12-03 15:03 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2009-12-03 15:03 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2009-12-02 15:52 . 2009-11-07 04:29 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-02 15:52 . 2009-11-07 04:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-02 10:21 . 2009-11-07 04:30 -------- d-----w- c:\programdata\Hewlett-Packard
2009-12-02 10:18 . 2009-12-02 10:18 0 --sha-r- c:\windows\system32\drivers\103C_HP_bPC_500B_Y53307F_0U_QCZC944_EVW047EA#AB8_4A_2A8Ch_SFOXCONN_V1.0_5.05_T090925_WU2-0_L41F_M2014_J320_7 ntel_867A_92.60_#091202_N10EC8136_(VW047EA#AB8)_X_CD3_Z_2_G80862E32_Ohp DVD A DH16AAL ATA Device.MRK
2009-11-07 05:19 . 2009-11-07 05:19 37160 ----a-w- c:\windows\system32\perfd01F.dat
2009-11-07 05:19 . 2009-11-07 05:19 285034 ----a-w- c:\windows\system32\perfi01F.dat
2009-11-07 05:19 . 2009-11-07 05:19 37160 ----a-w- c:\windows\inf\PERFLIB\041F\perfd.dat
2009-11-07 05:19 . 2009-11-07 05:19 37160 ----a-w- c:\windows\inf\PERFLIB\041F\perfc.dat
2009-11-07 05:19 . 2009-11-07 05:19 285034 ----a-w- c:\windows\inf\PERFLIB\041F\perfi.dat
2009-11-07 05:19 . 2009-11-07 05:19 285034 ----a-w- c:\windows\inf\PERFLIB\041F\perfh.dat
2009-11-07 04:43 . 2009-11-07 04:43 -------- d-----w- c:\program files\PDF Complete
2009-11-07 04:43 . 2009-11-07 04:43 -------- d-----w- c:\program files\Microsoft Office Suite Activation Assistant
2009-11-07 04:40 . 2009-11-07 04:40 -------- d-----w- c:\program files\Microsoft Works
2009-11-07 04:40 . 2009-11-07 04:40 -------- d-----w- c:\program files\Microsoft.NET
2009-11-07 04:36 . 2009-11-07 04:28 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-07 04:36 . 2009-11-07 04:36 -------- d-----w- c:\programdata\Corel
2009-11-07 04:36 . 2009-11-07 04:36 -------- d-----w- c:\program files\Common Files\Protexis
2009-11-07 04:36 . 2009-11-07 04:36 -------- d-----w- c:\program files\Common Files\InterVideo
2009-11-07 04:36 . 2009-11-07 04:35 -------- d-----w- c:\program files\InterVideo
2009-11-07 04:29 . 2009-11-07 04:29 -------- d--h--w- c:\program files\Temp
2009-11-07 04:26 . 2009-11-07 04:26 -------- d-----w- c:\program files\Realtek
2009-11-07 04:26 . 2009-11-07 04:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-02 15:49 . 2009-12-10 12:50 381704 ----a-w- c:\windows\Help\OEM\Scripts\HPSAUpgrade.exe
2009-10-29 13:03 . 2009-12-10 12:50 58632 ----a-w- c:\windows\Help\OEM\Scripts\HPSAUpdaterObj.exe
2009-10-08 12:10 . 2009-12-10 12:50 23816 ----a-w- c:\windows\Help\OEM\Scripts\HPSAScript.exe
2009-10-07 09:33 . 2009-12-10 12:50 49152 ----a-w- c:\windows\Help\OEM\Scripts\Interop.TaskScheduler.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-02 149280]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-10 151064]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-10 174104]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [23.12.2009 09:59 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [23.12.2009 09:59 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [23.12.2009 09:59 53328]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [07.11.2009 06:43 635416]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18.04.2007 06:09 11032]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [23.05.2009 08:52 167936]
R3 RTL8187B;Linksys WUSB54GC Compact Wireless-G USB Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [02.12.2009 17:52 288768]
S3 WN4501HLFFA;WUS-201 Wireless USB Adapter;c:\windows\System32\drivers\AIRWGU.sys [02.12.2009 12:26 493568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
------- Supplementary Scan -------
.
uStart Page =https://fbvpn.finansbank.com.tr/dana/nc/ncrun.cgi?launch_nc=1&redir_url=/dana/home/index.cgi
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=tr_TR&c=93&bd=all&pf=cmdt
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2009-12-28 16:01:15
ComboFix-quarantined-files.txt 2009-12-28 14:01
Pre-Run: 290.267.590.656 bayt boş
Post-Run: 290.256.343.040 bayt boş
- - End Of File - - CFB86284EE8D320A0EBB8BB3BA475EBE
-
Avanger'in loguda bu..
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: could not open driver "bxttiavs"
Disablement of driver "bxttiavs" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: could not open driver "iaekrz"
Disablement of driver "iaekrz" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: could not open driver "jnop"
Disablement of driver "jnop" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\bxttiavs" not found!
Deletion of driver "bxttiavs" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\iaekrz" not found!
Deletion of driver "iaekrz" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\jnop" not found!
Deletion of driver "jnop" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
Ip işlemleri
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
