Giriş  | |
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
3 Mayıs 2010; 12:26:28
|
|
|
|
@express
Loglarınız temiz gözükmekte.
|
|
|
|
|
|
3 Mayıs 2010; 12:56:11
|
|
|
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:37:33, on 5/3/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PS Tray Factory\PSTrayFactory.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\AIMP2\AIMP2.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Rhinoceros 4.0\System\Rhino4.exe C:\Program Files\Common Files\McNeel Shared\License Manager\RhinoLM.exe D:\murat\Z#murat\yedek\####\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O1 - Hosts: 85.17.216.45 www.easy-share.com easy-share.com O1 - Hosts: 85.17.223.193 d01.easy-share.com O1 - Hosts: 85.17.230.87 d02.easy-share.com O1 - Hosts: 94.75.223.81 d03.easy-share.com O1 - Hosts: 85.17.250.177 d04.easy-share.com O1 - Hosts: 85.17.230.66 d05.easy-share.com O1 - Hosts: 94.75.223.57 d06.easy-share.com O1 - Hosts: 94.75.232.145 d07.easy-share.com O1 - Hosts: 94.75.232.41 d08.easy-share.com O1 - Hosts: Dns 127.0.0.1 adobe 2.adobe.com O1 - Hosts: Dns 127.0.0.1 adobe 3.adobe.com O1 - Hosts: 192.121.86.15 http://www.thepiratebay.org O1 - Hosts: 91.191.138.15 thepiratebay.org O1 - Hosts: 91.191.138.15 www.thepiratebay.org O1 - Hosts: 91.191.138.18 static.thepiratebay.org O1 - Hosts: 91.191.138.2 eztv.tracker.thepiratebay.org vip.tracker.thepiratebay.org O1 - Hosts: 91.191.138.4 vtv.tracker.thepiratebay.org tv.tracker.thepiratebay.org O1 - Hosts: 91.191.138.5 open.tracker.thepiratebay.org tpb.tracker.thepiratebay.org O1 - Hosts: 91.191.138.6 a.tracker.thepiratebay.org O1 - Hosts: 91.191.138.8 tracker.thepiratebay.org O1 - Hosts: 91.191.138.19 torrents.thepiratebay.org O1 - Hosts: 91.191.138.17 rss.thepiratebay.org O1 - Hosts: 91.191.138.17 captcha.thepiratebay.org O1 - Hosts: 91.191.138.16 upload.thepiratebay.org O1 - Hosts: 194.71.107.15 thepiratebay.org O1 - Hosts: 194.71.107.15 http://www.thepiratebay.org O1 - Hosts: 194.71.107.18 static.thepiratebay.org O1 - Hosts: 194.71.107.2 eztv.tracker.thepiratebay.org O1 - Hosts: 194.71.107.2 vip.tracker.thepiratebay.org O1 - Hosts: 194.71.107.4 vtv.tracker.thepiratebay.org O1 - Hosts: 194.71.107.4 tv.tracker.thepiratebay.org O1 - Hosts: 194.71.107.5 open.tracker.thepiratebay.org O1 - Hosts: 194.71.107.5 tpb.tracker.thepiratebay.org O1 - Hosts: 194.71.107.6 a.tracker.thepiratebay.org O1 - Hosts: 194.71.107.8 tracker.thepiratebay.org O1 - Hosts: 194.71.107.19 torrents.thepiratebay.org O1 - Hosts: 194.71.107.17 rss.thepiratebay.org O1 - Hosts: 194.71.107.17 captcha.thepiratebay.org O1 - Hosts: 194.71.107.16 upload.thepiratebay.org O1 - Hosts: 192.121.86.15 thepiratebay.org O1 - Hosts: 192.121.86.15 www.thepiratebay.org O1 - Hosts: 192.121.86.18 static.thepiratebay.org O1 - Hosts: 192.121.86.3 open.tracker.thepiratebay.org O1 - Hosts: 192.121.86.2 tracker.thepiratebay.org O1 - Hosts: 192.121.86.3 tracker.thepiratebay.org O1 - Hosts: 192.121.86.4 tracker.thepiratebay.org O1 - Hosts: 192.121.86.5 tracker.thepiratebay.org O1 - Hosts: 192.121.86.6 tracker.thepiratebay.org O1 - Hosts: 192.121.86.7 tracker.thepiratebay.org O1 - Hosts: 192.121.86.8 tracker.thepiratebay.org O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.exe /start O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [smss] C:\WINDOWS\security\smss.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Rhino 4-5 Recent] C:\WINDOWS\recent.bat O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\RunServices: [Microsoft Update Machine] hydubl.exe O4 - HKLM\..\RunOnce: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.exe /start O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Tümünü FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted IP range: http://88.247.60.84 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefe...ces/en/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.micro..._site.cab?1230967027375 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.micro..._site.cab?1230966696046 O16 - DPF: {7E866715-C9B6-4C64-AAB8-342E0D137212} (Net Client Control) - http://192.168.2.41/EDVR.CAB O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.m...ary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.m...tsPAClient.cab56907.cab O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} (JaguarEditControl-ISBANK) - https://www.isbank.com....b/JaguarEdit4ISBv27.CAB O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.m...nary/Chess.cab57176.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{69EE3CF6-7AFA-47A5-8AFA-FD01C3AA3512}: NameServer = 8.8.8.8,8.8.4.4 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McNeel Update (32-bit) (McNeelUpdates32) - Unknown owner - C:\Program Files\Rhinoceros 5.0 WIP\System\RhinoVersionCheckSvc32.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 12736 bytes C:\WINDOWS\System32\smss.exe dosyasından kıllandım ama.....
_____________________________
kimse eşit doğmaz.
ama herkes eşit ölür.
işte onun için
ölüm, acı bir son değildir.
hayatımızın yegane adil başlangıcı ve biricik fırsat eşitliğidir.(E.Y.)
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
3 Mayıs 2010; 15:36:21
|
|
|
C:\Program Files\Rhinoceros 4.0\System\Rhino4.exe C:\Program Files\Common Files\McNeel Shared\License Manager\RhinoLM.exe O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [smss] C:\WINDOWS\security\smss.exe O4 - HKLM\..\RunServices: [Microsoft Update Machine] hydubl.exe O16 - DPF: {7E866715-C9B6-4C64-AAB8-342E0D137212} (Net Client Control) - http://192.168.2.41/EDVR.CAB O23 - Service: McNeel Update (32-bit) (McNeelUpdates32) - Unknown owner - C:\Program Files\Rhinoceros 5.0 WIP\System\RhinoVersionCheckSvc32.exe (file missing) Satırlarını fix'leyip. HostXpert programıyla hosts dosyanızı restore edip.Sisteminizi MalwareBytes ile taratırmısınız.Birde OpenDNS kullanırsanız yasaklı sitelere girebilirsiniz.Hosts dosyanızı hiç bir zaman değiştiricek programlar kullanmayın.
|
|
|
|
|
|
3 Mayıs 2010; 16:19:14
|
|
|
|
etc/host dosyasını elle değiştirdim.
RhinoVersionCheckSvc32.exe kulladığım 3D cad yazılımının programcıklarından biri.
satırlarını seçip fix yapacam
8.8.8.8 & 8.8.4.4 google DNS sıkıntı yaratırmı?
_____________________________
kimse eşit doğmaz.
ama herkes eşit ölür.
işte onun için
ölüm, acı bir son değildir.
hayatımızın yegane adil başlangıcı ve biricik fırsat eşitliğidir.(E.Y.)
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
3 Mayıs 2010; 16:26:25
|
|
|
|
Google DNS hizmeti sıkıntı yapmaz.
|
|
|
|
|
|
3 Mayıs 2010; 23:41:59
|
|
|
benim sonucuda bi analiz edelim lütfen. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:36:38, on 03.05.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Opera\Opera.exe C:\Users\Xanadu\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Local Service') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Local Service') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: HP Smart Web Printing göster veya gizle - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macr.../cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AA248F22-1A0C-4C6A-8B31-3F0FF35876F6}: NameServer = 4.2.2.1,4.2.2.2 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7451 bytes
_____________________________
|
|
|
|
|
|
4 Mayıs 2010; 0:30:35
|
|
|
omboFix 10-05-03.02 - ACER 03.05.2010 23:29:06.2.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1254.90.1055.18.758.348 [GMT 3:00] Running from: c:\documents and settings\ACER\Belgelerim\Karşıdan Yüklenenler\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\WindowsUpdate . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DAC970NT -------\Legacy_NVMINI -------\Service_dac970nt ((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 ))))))))))))))))))))))))))))))) . 2010-04-17 05:49 . 2010-04-17 05:49 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2010-04-17 05:49 . 2010-04-17 05:49 -------- d-----w- c:\program files\DVDVideoSoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-03 20:36 . 2010-03-14 19:38 5637 ----a-w- c:\windows\system32\drivers\jmdiko.sys 2010-05-03 20:27 . 2008-11-03 14:28 3890890 ----a-w- c:\windows\setupconfig.dat 2010-03-30 18:29 . 2009-05-24 21:28 19124 ------w- c:\windows\system32\wincab.sys 2010-02-20 18:12 . 2006-09-29 18:31 104816 ----a-w- c:\documents and settings\ACER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-11-03 14:28 . 2008-11-03 14:28 155648 --sha-r- c:\windows\myproc.dll 2007-02-25 10:06 . 2009-05-24 15:59 122880 --sha-r- c:\windows\system32\blat.dll 1997-06-23 00:00 . 1997-06-23 00:00 123664 --sha-w- c:\windows\system32\Msjint35.dll 1997-06-23 09:06 . 1997-06-23 09:06 24848 --sha-w- c:\windows\system32\Msjter35.dll 1997-07-21 16:30 . 1997-07-21 16:30 1045776 --sha-w- c:\windows\system32\Msjet35.dll 1997-06-23 09:06 . 1997-06-23 09:06 252176 --sha-w- c:\windows\system32\Msrd2x35.dll 1997-06-23 09:06 . 1997-06-23 09:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll 2008-11-03 14:28 . 2008-11-03 14:28 20480 --sha-r- c:\windows\security\services.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 106496] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 167936] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698] "SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 73728] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 73728] "PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 135168] "LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-11-08 184320] "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 61440] "LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 282624] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-11-08 122880] "EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-10 253952] "Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3122688] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-02 438272] "ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2501120] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 188416] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 90112] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-09-07 49263] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 233472] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 138240] AirTies ADSL Hizmet Program.lnk - c:\program files\AirTies\ADSL Hizmet Program\AirTies_util3.exe [2007-9-20 2886144] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\AirTies\\ADSL Hizmet Programı\\AirTies_util3.exe"= "c:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\HP1006MC.EXE"= "c:\\WINDOWS\\system32\\igfxtray.exe"= "c:\\WINDOWS\\security\\services.exe"= "c:\\Windows\\RUNXMLPL.exe"= "c:\\WINDOWS\\system32\\NeroCheck.exe"= "c:\\WINDOWS\\system32\\netsh.exe"= "c:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"= "c:\\Program Files\\Launch Manager\\LaunchAp.exe"= "c:\\WINDOWS\\system32\\wuauclt.exe"= "c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"= "c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\regsvr32.exe"= "c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"= "c:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"= "c:\\Program Files\\JetAudio\\jetAudio.exe"= "c:\\Program Files\\Launch Manager\\HotkeyApp.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\igfxsrvc.exe"= "c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"= R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [13.08.2006 21:33 2343] S1 mailKmd;mailKmd; [x] --- Other Services/Drivers In Memory --- *NewlyCreated* - DAC970NT *NewlyCreated* - NVMINI *Deregistered* - nvmini . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.babylon.com/home uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/ IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: {076C99B3-6CD1-46CF-95C2-CE92A3C0872E} = 4.2.2.1,4.2.2.2 FF - ProfilePath - c:\documents and settings\ACER\Application Data\Mozilla\Firefox\Profiles\yd1b3o8i.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tr/ FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe AddRemove-ComandoMPDDeinstKey - c:\program files\Eidos Interactive\Pyro\Commandos AddRemove-Der Vokabulator II - c:\progra~1\VOKABELN\UNWISE32 ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-03 23:36 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvmini] "ImagePath"="system32\DRIVERS\nvmini.sys" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(328) c:\windows\system32\MSNChatHook.dll c:\windows\system32\sysenv.dll c:\windows\system32\MSVCR71.dll c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\acer\Empowering Technology\admServ.exe c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE c:\windows\SOUNDMAN.EXE c:\program files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe . ************************************************************************** . Completion time: 2010-05-03 23:38:43 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-03 20:38 Pre-Run: 1.181.925.376 bayt boş Post-Run: 2.961.833.984 bayt boş - - End Of File - - 35551261DAA908CF61726B0B2D44F9BD arkadaslar benım combo fıx log sayfam şimdi ne yapmam gerkır,gorev yonetıcımın acılması için,ayrıca gızlı dosyalar da gozukmemekte...
_____________________________
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
4 Mayıs 2010; 12:22:28
|
|
|
@faust13 Log'unuz temiz. @b_sevki Flash Disinfector programını indirin.Daha sonra tüm flash bellek,harici harddiski bilgisayarınıza takın ve programı çalıştırın.Zararlıları kendisi temizliyecektir.Görev yöneticisini açmanız içinde aşağıdaki yönergeleri takip edin.  gpedit.msc yazıp enterlayın.  Buradan sirayla kullanici yapilandirmasi-yonetim sablonlari-sistem-ctrl+alt+del seceneklerini isaretliyoruz. Burada gorev yoneticisini devre kaldir ozelliklerini tikliyoruz.3.yeri isaretliyoruz uygula tamam. Ayrıca Hijackthis logu vermeniz mümkünmü.Sisteminizde zararlılar bulunuyor.
< Bu mesaj bu kişi tarafından değiştirildi Eraybar -- 4 Mayıs 2010; 12:25:36 >
|
|
|
|
|
|
4 Mayıs 2010; 13:25:26
|
|
|
Ustam. Benim problemden aldığım dosya şu şekilde benim için Maya klavyesi gibi bir şey yardımın için teşekürlerim peşinLogfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:21, on 2010-05-04 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.c...ource=10&ctid=CT1750559 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://developer.intel....oftware/EN.htm#D102GGC2 R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file) O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft..._site.cab?1229608846187 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.m...tsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.../getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Fix-It Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe -- End of file - 6316 bytes
_____________________________
Saygılarımla
Celal Öztürk
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
4 Mayıs 2010; 15:09:23
|
|
|
@Dinozorus R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.c...ource=10&ctid=CT1750559 R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file) Satırlarını fix'lermisiniz.Ayrıca MalwareBytes ile sisteminizi komple taratırmısınız.
|
|
|
|
|
|
4 Mayıs 2010; 16:24:11
|
|
|
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:20:32, on 04.05.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\RTHDCPL.EXE C:\windows\system32\wuaucldt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Documents and Settings\erdem\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gooogla.net/seek.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar R3 - URLSearchHook: Gecekondu.org Toolbar - {a17d37b8-3768-4afb-a7b6-51d021abf32b} - C:\Program Files\Gecekondu.org\tbGec1.dll O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Gecekondu.org Toolbar - {a17d37b8-3768-4afb-a7b6-51d021abf32b} - C:\Program Files\Gecekondu.org\tbGec1.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Gecekondu.org Toolbar - {a17d37b8-3768-4afb-a7b6-51d021abf32b} - C:\Program Files\Gecekondu.org\tbGec1.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [syncman] c:\windows\system32\wuaucldt.exe O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [syncman] c:\documents and settings\erdem\wuaucldt.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com...ad/MySpaceUploader2.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{03F18FA7-E4AC-4687-AF67-1C3AD28B45A2}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\..\{09EC2516-233B-4DCD-8C5A-1E51723125E7}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\..\{4F48EEF4-C8DB-4C59-80E8-D1EE8582BC8A}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS1\Services\Tcpip\..\{03F18FA7-E4AC-4687-AF67-1C3AD28B45A2}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS2\Services\Tcpip\..\{03F18FA7-E4AC-4687-AF67-1C3AD28B45A2}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 8706 bytes
_____________________________
|
|
|
|
|
|
4 Mayıs 2010; 16:26:19
|
|
|
|
inş. sayenızde kurtulacam bu vırusten yoksa pc yı kıracam ilgilerınıze cok tesekkur ederım gercekten ılk defa bı sıte bu kadar yardımcı olundugunu gordum sagolun
SAYGILAR...!
_____________________________
|
|
|
|
|
|
4 Mayıs 2010; 17:11:49
|
|
|
|
cevap için teşekkürler
kolay gelsin
_____________________________
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
4 Mayıs 2010; 17:15:13
|
|
|
@erdem0618 İlk önce Program Ekle/Kaldır'dan Ask Toolbar'ı kaldırın.Daha sonra aşağıdaki satırları fix'leyiniz. C:\windows\system32\wuaucldt.exe R3 - URLSearchHook: Gecekondu.org Toolbar - {a17d37b8-3768-4afb-a7b6-51d021abf32b} - C:\Program Files\Gecekondu.org\tbGec1.dll O2 - BHO: Gecekondu.org Toolbar - {a17d37b8-3768-4afb-a7b6-51d021abf32b} - C:\Program Files\Gecekondu.org\tbGec1.dll O3 - Toolbar: Gecekondu.org Toolbar - {a17d37b8-3768-4afb-a7b6-51d021abf32b} - C:\Program Files\Gecekondu.org\tbGec1.dll O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKCU\..\Run: [syncman] c:\documents and settings\erdem\wuaucldt.exe O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com...ad/MySpaceUploader2.cab O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe Daha sonra sisteminizi MalwareBytes ile taratırmısınız. @faust13 Ben teşekkür ederim. 
< Bu mesaj bu kişi tarafından değiştirildi Eraybar -- 4 Mayıs 2010; 17:16:31 >
|
|
|
|
|
|
4 Mayıs 2010; 19:02:17
|
|
|
Siteden kontrol ettiğimde bir tanesinin üzerinde kırmızı çarpı işareti var ama  Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:00:43, on 04.05.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\M\Documents\Downloads\Programs\HiJackThis.exe
C:\windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Local Service')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Local Service')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Görüntüyü &Bluetooth Aygıtına Gönder... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Sayfayı &Bluetooth Aygıtına Gönder... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Web Printing göster veya gizle - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Güncelleme Hizmeti (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Rezip - Unknown owner - C:\windows\SYSTEM32\Rezip.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
--
End of file - 7413 bytes
_____________________________
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
4 Mayıs 2010; 19:18:36
|
|
|
|
@iyinin kötüsü
O23 - Service: Rezip - Unknown owner - C:\windows\SYSTEM32\Rezip.exe
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
Satırlarını fix'leyip MalwareBytes ile komple sisteminizi taratırmısınız.
|
|
|
|
|
|
4 Mayıs 2010; 19:28:33
|
|
|
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:20:32, on 04.05.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\RTHDCPL.EXE C:\windows\system32\wuaucldt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Documents and Settings\erdem\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gooogla.net/seek.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar R3 - URLSearchHook: Gecekondu.org Toolbar - {a17d37b8-3768-4afb-a7b6-51d021abf32b} - C:\Program Files\Gecekondu.org\tbGec1.dll O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Gecekondu.org Toolbar - {a17d37b8-3768-4afb-a7b6-51d021abf32b} - C:\Program Files\Gecekondu.org\tbGec1.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Gecekondu.org Toolbar - {a17d37b8-3768-4afb-a7b6-51d021abf32b} - C:\Program Files\Gecekondu.org\tbGec1.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [syncman] c:\windows\system32\wuaucldt.exe O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [syncman] c:\documents and settings\erdem\wuaucldt.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com...ad/MySpaceUploader2.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{03F18FA7-E4AC-4687-AF67-1C3AD28B45A2}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\..\{09EC2516-233B-4DCD-8C5A-1E51723125E7}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\..\{4F48EEF4-C8DB-4C59-80E8-D1EE8582BC8A}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS1\Services\Tcpip\..\{03F18FA7-E4AC-4687-AF67-1C3AD28B45A2}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS2\Services\Tcpip\..\{03F18FA7-E4AC-4687-AF67-1C3AD28B45A2}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe --
_____________________________
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
4 Mayıs 2010; 19:43:24
|
|
|
|
@erdem0618
Yukarıda ne yapmanız gerektiğini belirttim.
|
|
|
|
|
|
4 Mayıs 2010; 21:11:53
|
|
|
quote:
Orijinalden alıntı: Eraybar
@iyinin kötüsü
O23 - Service: Rezip - Unknown owner - C:\windows\SYSTEM32\Rezip.exe
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
Satırlarını fix'leyip MalwareBytes ile komple sisteminizi taratırmısınız.
Dediklerinizi yaptım. 2 tane trojan downloader bulup sildi. Ayrıca görev yöneticisinden baktığımda rezip görünmüyor artık. Normalde 30mb ram yiyordu. Teşekkür ederim.
_____________________________
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
4 Mayıs 2010; 22:23:48
|
|
|
@iyinin kötüsü Ben teşekkür ederim. 
|
|
|
|
|
|
5 Mayıs 2010; 2:22:28
|
|
|
@eraybar ask tollbar sılınmıyor...bılıgsayar sılemıyor sorun yaratırmı? ayrıca vırus gıttı sayenızde kurtuldum gercekten cok sagolun bıktıydım su anda yanımda olsaydın alnından operdım gercekten cok sagolun ya supersınız...sonucları buraya yazıyorum Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Veritabanı sürümü: 4066 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 05.05.2010 01:55:40 mbam-log-2010-05-05 (01-55-40).txt Tarama kipi: Hızlı tarama Taranmış öğeler: 127331 Geçen süre: 8 dakika, 16 saniye Etkilenmiş Hafıza İşlemleri: 0 Etkilenmiş Hafıza Modülleri: 0 Etkilenmiş Kayıt Anahtarları: 0 Etkilenmiş Kayıt Değerleri: 0 Etkilenmiş Veri Öğeleri: 0 Etkilenmiş Klasörler: 0 Etkilenmiş Dosyalar: 0 Etkilenmiş Hafıza İşlemleri: ( Zararlı öğe tespit edilmedi) Etkilenmiş Hafıza Modülleri: ( Zararlı öğe tespit edilmedi) Etkilenmiş Kayıt Anahtarları: ( Zararlı öğe tespit edilmedi) Etkilenmiş Kayıt Değerleri: ( Zararlı öğe tespit edilmedi) Etkilenmiş Veri Öğeleri: ( Zararlı öğe tespit edilmedi) Etkilenmiş Klasörler: ( Zararlı öğe tespit edilmedi) Etkilenmiş Dosyalar: ( Zararlı öğe tespit edilmedi) harbıden supersınız ya gercekten cok cok tesekkurler sagolun!!!  SAYGILARIM LA!!!  SIZ BI TANESINIZ GERCEKTEN SAGOLUN YA BU SITE CALISANLARINA GERCEKTEN COK TESEKKURLER ELLERINIZE KOLLARINIZA SAGLIK...! 
_____________________________
|
|
|
|
|
|
5 Mayıs 2010; 12:51:18
|
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:24, on 05.05.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Işıl & Alper\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yma3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yma3
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) - https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243936722865
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244008155421
O16 - DPF: {BD966829-738E-471C-AB53-2A0008D161E7} (TebEdit Control) - https://esube.teb.com.tr/bireysel/TebEdit.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
--
End of file - 7068 bytes
benim sıkıntım harici hardiskimin içinde bir klasör olustu ve 4 tane dll dosyası var ' vsscenario.dll ' vsbasereqs.dll ' gencomp.dll ' dlmgr.dll ' ilginize teşekkürler kolay gelsin
_____________________________
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
5 Mayıs 2010; 15:09:01
|
|
|
@ranula O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O16 - DPF: {BD966829-738E-471C-AB53-2A0008D161E7} (TebEdit Control) - https://esube.teb.com.tr/bireysel/TebEdit.cab Log'unuz temiz. @erdem0618 Yok sorun yaratmaz.Ben teşekkür ederim.
< Bu mesaj bu kişi tarafından değiştirildi Eraybar -- 5 Mayıs 2010; 15:14:47 >
|
|
|
|
|
|
6 Mayıs 2010; 2:14:46
|
|
|
KARDES GENE BI SORUN AYNI VIRUS: C:\System Volume Informatıon\_restore{935B7C87-F6DF-4D49-8B53-7FD5646C732C}\RP271\A152500.sys boyut:84800 neden:Win32/Protector.Ivirus buldugu vırus bu walware-bytes bulamıyor ama nod32 arada bır bu vırusu buluyor ne yapcam? delırtecek bu vırus nasıl bır sey anlayamadım tam kurtulduk dedık ortaya cıktı  SAYGILARIMLA!!!
_____________________________
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
6 Mayıs 2010; 15:41:20
|
|
|
A-Squared ile sisteminizi komple bi taratırmısınız.
< Bu mesaj bu kişi tarafından değiştirildi Eraybar -- 6 Mayıs 2010; 15:43:32 >
|
|
|
|
|
|
7 Mayıs 2010; 11:59:37
|
|
|
Merhaba, Bilgisayarimin performansi cok dusuk, ikinci bir program calistirmaya kalktigimda donup kaliyor.. Bir goz atabilecek olan var mi..? Simdiden cok tesekkur ederim..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:10, on 5/7/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\defrag.exe
C:\Documents and Settings\ss\Belgelerim\Karşıdan Yüklenenler\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SMSNews] C:\Program Files\SMS Makinesi\SMS Makinesi\SMSMakinesiINFO.exe
O4 - HKCU\..\Run: [AUTOSMS] C:\Program Files\SMS Makinesi\SMS Makinesi\SMSMakinesiOTOMSG.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260863944733
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271681998845
O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} (JaguarEditControl-ISBANK) - https://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv27.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E964D74-D3B2-49C3-8CF6-23A05EFF4121}: NameServer = 4.2.2.4,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD75C857-4B56-492F-8341-0FAE4BDB84C9}: NameServer = 4.2.2.3,4.2.2.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 8026 bytes
< Bu mesaj bu kişi tarafından değiştirildi sebnemsibumi -- 7 Mayıs 2010; 12:15:44 >
_____________________________
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
7 Mayıs 2010; 12:16:31
|
|
|
|
@sebnemsibumi
Log temiz gözüküyor.Fakat A-Squared programıyla sisteminizi komple taratmanızda fayda var.Tarama bittikten sonra durumu belirtirseniz ona göre yapıcak bir kaç şey var.
|
|
|
|
|
|
7 Mayıs 2010; 15:14:25
|
|
|
|
tarama sonucu bu:
a-squared Ücretsiz - Sürüm 4.5
En son güncelleme: N/A
Tarama ayarları:
Tarama türü: Akıllı Tarama
Nesneler: Hafıza, İzler, Çerezler, C:\WINDOWS\, C:\Program Files
Tarama arşivi: Açık
Yöntemler: Kapalı
ADS Tara: Açık
Tarama başlangıcı: 07.05.2010 14:27:54
[340] C:\Program Files\Internet Download Manager\IDMan.exe Algılandı: Riskware.Patch.IDM!IK
c:\program files\boonty Algılandı: Trace.Directory.BoontyBox!A2
c:\program files\burn4free Algılandı: Trace.Directory.Burn4Free!A2
c:\documents and settings\all users\start menu\programlar\msn chat monitor Algılandı: Trace.Directory.MSN Chat Monitor!A2
c:\program files\msn chat monitor Algılandı: Trace.Directory.MSN Chat Monitor!A2
c:\program files\elcomsoft\advanced archive password recovery Algılandı: Trace.Directory.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft Algılandı: Trace.Directory.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery Algılandı: Trace.Directory.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> InstallDir Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> Start Menu Folder Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> DisplayIcon Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> DisplayName Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> DisplayVersion Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> HelpLink Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> HelpTelephone Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> InstallLocation Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> NoModify Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> NoRepair Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> Publisher Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> UninstallString Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> URLInfoAbout Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> URLUpdateInfo Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> VersionMajor Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> VersionMinor Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> CPUs/Threads don't care Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> Stat param #1 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> Stat param #2 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> Use # cpu(s) Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Language --> FileName Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Paths --> ProjectPath Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Stats --> StatParam1 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Stats --> StatParam2 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllCaps Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllCombinations Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllDigits Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllPrint Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllSmall Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllSpecial Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AttackOnSelect Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AttackType Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> Autosave Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AutosaveDirectory Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AutosaveFilename Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AutosaveTimer Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> BinaryOK Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> CodeOptFor Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> DictionaryStartLine Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> EKey0 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> EKey1 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> EKey2 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> EndAt Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> IsDictOEM Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> IsLogging Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> IsOEM Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> KnownByte1 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> KnownByte2 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> KnownByte3 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> KnownByte4 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> Mask Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> MaskSymbol Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> MaxLen Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> MinimizeToTray Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> MinLen Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> Priority Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> PTStartFromValue Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> SmartMutations Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> Space Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> StartFrom Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> UpdateTimer Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> UseKnownStart Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> UserDefined Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> UserDefinedCharsetII Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> UseWinzip Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> WinzipPercent Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
c:\documents and settings\all users\start menu\programlar\msn chat monitor\msn chat monitor on the web.lnk Algılandı: Trace.File.MSN Chat Monitor!A2
c:\documents and settings\all users\start menu\programlar\msn chat monitor\msn chat monitor.lnk Algılandı: Trace.File.MSN Chat Monitor!A2
c:\program files\msn chat monitor\msnchatmonitor.exe Algılandı: Trace.File.MSN Chat Monitor!A2
c:\program files\msn chat monitor\msnchatmonitor.url Algılandı: Trace.File.MSN Chat Monitor!A2
c:\program files\msn chat monitor\msncm.chm Algılandı: Trace.File.MSN Chat Monitor!A2
c:\program files\elcomsoft\advanced archive password recovery\archpr.chm Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\digits.chr Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\english.chr Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\english.dic Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\english.lng Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\file_id.diz Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\german.chr Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\german.dic Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\german.lng Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\license.txt Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\order.txt Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\readme.txt Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\russian.chr Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\russian.dic Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\russian.lng Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\special.chr Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery\advanced archive password recovery help.lnk Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery\advanced archive password recovery.lnk Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery\end-user license agreement.lnk Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery\how to order.lnk Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery\readme.lnk Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32 --> ThreadingModel Algılandı: Trace.Registry.Bara de instrumente web a ISJ Bacau!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32 --> ThreadingModel Algılandı: Trace.Registry.Bara de instrumente web a ISJ Bacau!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> DisplayName Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> HelpLink Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: App Path Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: Deselected Tasks Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: Icon Group Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: Selected Tasks Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: Setup Version Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: User Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Publisher Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> UninstallString Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> URLInfoAbout Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> URLUpdateInfo Algılandı: Trace.Registry.MSN Chat Monitor!A2
C:\Documents and Settings\erdem\Cookies\erdem@bs.serving-sys[1].txt Algılandı: Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\erdem\Cookies\erdem@com[1].txt Algılandı: Trace.TrackingCookie.com!A2
C:\Documents and Settings\erdem\Cookies\erdem@counter16.sextracker[1].txt Algılandı: Trace.TrackingCookie.counter16.sextracker!A2
C:\Documents and Settings\erdem\Cookies\erdem@doubleclick[1].txt Algılandı: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\erdem\Cookies\erdem@fastclick[1].txt Algılandı: Trace.TrackingCookie.fastclick!A2
C:\Documents and Settings\erdem\Cookies\erdem@google.com[1].txt Algılandı: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\erdem\Cookies\erdem@google.com[2].txt Algılandı: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\erdem\Cookies\erdem@mediaplex[2].txt Algılandı: Trace.TrackingCookie.mediaplex!A2
C:\Documents and Settings\erdem\Cookies\erdem@serving-sys[2].txt Algılandı: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\erdem\Cookies\erdem@sextracker[1].txt Algılandı: Trace.TrackingCookie.sextracker!A2
C:\Documents and Settings\erdem\Cookies\erdem@smartadserver[2].txt Algılandı: Trace.TrackingCookie.smartadserver!A2
C:\Documents and Settings\erdem\Cookies\erdem@statcounter[1].txt Algılandı: Trace.TrackingCookie.statcounter!A2
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe Algılandı: Riskware.Win32.BoontyGames!A2
C:\Program Files\Common Files\eBay\eBayLauncher.exe Algılandı: Trojan.Win32.Click.Yabector!A2
Tarandı
Dosyalar: 111648
İzler: 666688
Çerezler: 394
İşlemler: 38
Bulundu
Dosyalar: 2
İzler: 113
Çerezler: 12
İşlemler: 1
Kayıt anahtarları: 0
Tarama sonu: 07.05.2010 15:08:33
Tarama süresi: 0:40:39
C:\Program Files\Common Files\eBay\eBayLauncher.exe Silindi Trojan.Win32.Click.Yabector!A2
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe Silindi Riskware.Win32.BoontyGames!A2
C:\Documents and Settings\erdem\Cookies\erdem@statcounter[1].txt Silindi Trace.TrackingCookie.statcounter!A2
C:\Documents and Settings\erdem\Cookies\erdem@smartadserver[2].txt Silindi Trace.TrackingCookie.smartadserver!A2
C:\Documents and Settings\erdem\Cookies\erdem@sextracker[1].txt Silindi Trace.TrackingCookie.sextracker!A2
C:\Documents and Settings\erdem\Cookies\erdem@serving-sys[2].txt Silindi Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\erdem\Cookies\erdem@mediaplex[2].txt Silindi Trace.TrackingCookie.mediaplex!A2
C:\Documents and Settings\erdem\Cookies\erdem@google.com[1].txt Silindi Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\erdem\Cookies\erdem@google.com[2].txt Silindi Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\erdem\Cookies\erdem@fastclick[1].txt Silindi Trace.TrackingCookie.fastclick!A2
C:\Documents and Settings\erdem\Cookies\erdem@doubleclick[1].txt Silindi Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\erdem\Cookies\erdem@counter16.sextracker[1].txt Silindi Trace.TrackingCookie.counter16.sextracker!A2
C:\Documents and Settings\erdem\Cookies\erdem@com[1].txt Silindi Trace.TrackingCookie.com!A2
C:\Documents and Settings\erdem\Cookies\erdem@bs.serving-sys[1].txt Silindi Trace.TrackingCookie.bs.serving-sys!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> DisplayName Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> HelpLink Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: App Path Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: Deselected Tasks Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: Icon Group Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: Selected Tasks Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: Setup Version Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: User Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Publisher Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> UninstallString Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> URLInfoAbout Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> URLUpdateInfo Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32 --> ThreadingModel Silindi Trace.Registry.Bara de instrumente web a ISJ Bacau!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32 --> ThreadingModel Silindi Trace.Registry.Bara de instrumente web a ISJ Bacau!A2
c:\program files\elcomsoft\advanced archive password recovery\archpr.chm Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\digits.chr Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\english.chr Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\english.dic Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\english.lng Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\file_id.diz Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\german.chr Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\german.dic Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\german.lng Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\license.txt Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\order.txt Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\readme.txt Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\russian.chr Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\russian.dic Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\russian.lng Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\special.chr Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery\advanced archive password recovery help.lnk Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery\advanced archive password recovery.lnk Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery\end-user license agreement.lnk Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery\how to order.lnk Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery\readme.lnk Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\all users\start menu\programlar\msn chat monitor\msn chat monitor on the web.lnk Silindi Trace.File.MSN Chat Monitor!A2
c:\documents and settings\all users\start menu\programlar\msn chat monitor\msn chat monitor.lnk Silindi Trace.File.MSN Chat Monitor!A2
c:\program files\msn chat monitor\msnchatmonitor.exe Silindi Trace.File.MSN Chat Monitor!A2
c:\program files\msn chat monitor\msnchatmonitor.url Silindi Trace.File.MSN Chat Monitor!A2
c:\program files\msn chat monitor\msncm.chm Silindi Trace.File.MSN Chat Monitor!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> CPUs/Threads don't care Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> Stat param #1 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> Stat param #2 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> Use # cpu(s) Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Language --> FileName Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Paths --> ProjectPath Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Stats --> StatParam1 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Stats --> StatParam2 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllCaps Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllCombinations Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllDigits Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllPrint Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllSmall Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllSpecial Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AttackOnSelect Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AttackType Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> Autosave Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AutosaveDirectory Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AutosaveFilename Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AutosaveTimer Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> BinaryOK Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> CodeOptFor Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> DictionaryStartLine Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> EKey0 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> EKey1 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> EKey2 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> EndAt Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> IsDictOEM Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> IsLogging Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> IsOEM Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> KnownByte1 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> KnownByte2 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> KnownByte3 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> KnownByte4 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> Mask Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> MaskSymbol Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> MaxLen Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> MinimizeToTray Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> MinLen Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> Priority Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> PTStartFromValue Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> SmartMutations Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> Space Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> StartFrom Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> UpdateTimer Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> UseKnownStart Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> UserDefined Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> UserDefinedCharsetII Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> UseWinzip Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> WinzipPercent Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> InstallDir Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> Start Menu Folder Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> DisplayIcon Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> DisplayName Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> DisplayVersion Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> HelpLink Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> HelpTelephone Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> InstallLocation Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> NoModify Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> NoRepair Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> Publisher Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> UninstallString Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> URLInfoAbout Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> URLUpdateInfo Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> VersionMajor Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> VersionMinor Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery Silindi Trace.Directory.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft Silindi Trace.Directory.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\all users\start menu\programlar\msn chat monitor Silindi Trace.Directory.MSN Chat Monitor!A2
c:\program files\msn chat monitor Silindi Trace.Directory.MSN Chat Monitor!A2
c:\program files\burn4free Silindi Trace.Directory.Burn4Free!A2
c:\program files\boonty Silindi Trace.Directory.BoontyBox!A2
[340] C:\Program Files\Internet Download Manager\IDMan.exe Silindi Riskware.Patch.IDM!IK
Silindi
Dosyalar: 2
İzler: 116
Çerezler: 12
_____________________________
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
7 Mayıs 2010; 15:46:23
|
|
|
|
@erdem0618
Peki şuan durum nedir ?
|
|
|
|
|
|
7 Mayıs 2010; 15:46:29
|
|
|
quote:
Orijinalden alıntı: Eraybar
@sebnemsibumi
Log temiz gözüküyor.Fakat A-Squared programıyla sisteminizi komple taratmanızda fayda var.Tarama bittikten sonra durumu belirtirseniz ona göre yapıcak bir kaç şey var.
cok tesekkur ederim, taratıyorum ama bugun biter mi bilmem  bitince sonuclari yazacagim ins..
_____________________________
|
|
|
|
|
|
7 Mayıs 2010; 18:29:53
|
|
|
Durum boyle..
a-squared Ücretsiz - Sürüm 4.5
En son güncelleme: 5/7/2010 13:03:29
Tarama ayarları:
Tarama türü: Derin Tarama
Nesneler: Hafıza, İzler, Çerezler, C:\
Tarama arşivi: Açık
Yöntemler: Kapalı
ADS Tara: Açık
Tarama başlangıcı: 5/7/2010 13:06:11
c:\documents and settings\networkservice\local settings\temp\perflib_perfdata_288.dat Algılandı: Trace.File.StarwareToolbar!A2
Value: HKEY_CLASSES_ROOT\CLSID\{0C1F87AE-AE62-11D3-911C-00105A17B608}\InprocServer32 --> ThreadingModel Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_CLASSES_ROOT\CLSID\{371D0743-7A57-11D2-AD5A-00105A17B608}\InprocServer32 --> ThreadingModel Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_CLASSES_ROOT\CLSID\{4F99A075-5227-11D2-AD06-00105A17B608}\InprocServer32 --> ThreadingModel Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_CLASSES_ROOT\CLSID\{B22FE43C-D1E8-432A-A862-9F83D5F04732}\InprocServer32 --> ThreadingModel Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_CLASSES_ROOT\CLSID\{CA4FC24B-C65C-11D1-AA6F-000000000000}\InprocServer32 --> ThreadingModel Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_CLASSES_ROOT\CLSID\{DDD136CE-517B-11D2-AD03-00105A17B608}\InprocServer32 --> ThreadingModel Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_CLASSES_ROOT\CLSID\{E9D55102-9683-11D2-BA68-0040053687FE}\InprocServer32 --> ThreadingModel Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C1F87AE-AE62-11D3-911C-00105A17B608}\InprocServer32 --> ThreadingModel Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{371D0743-7A57-11D2-AD5A-00105A17B608}\InprocServer32 --> ThreadingModel Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F99A075-5227-11D2-AD06-00105A17B608}\InprocServer32 --> ThreadingModel Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B22FE43C-D1E8-432A-A862-9F83D5F04732}\InprocServer32 --> ThreadingModel Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA4FC24B-C65C-11D1-AA6F-000000000000}\InprocServer32 --> ThreadingModel Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDD136CE-517B-11D2-AD03-00105A17B608}\InprocServer32 --> ThreadingModel Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9D55102-9683-11D2-BA68-0040053687FE}\InprocServer32 --> ThreadingModel Algılandı: Trace.Registry.SpyPc 8.0!A2
C:\Documents and Settings\ss\Cookies\ss@247realmedia[1].txt Algılandı: Trace.TrackingCookie.247realmedia!A2
C:\Documents and Settings\ss\Cookies\ss@2o7[2].txt Algılandı: Trace.TrackingCookie.2o7!A2
C:\Documents and Settings\ss\Cookies\ss@2o7[3].txt Algılandı: Trace.TrackingCookie.2o7!A2
C:\Documents and Settings\ss\Cookies\ss@adtech[1].txt Algılandı: Trace.TrackingCookie.adtech!A2
C:\Documents and Settings\ss\Cookies\ss@advertising[1].txt Algılandı: Trace.TrackingCookie.advertising!A2
C:\Documents and Settings\ss\Cookies\ss@advertising[3].txt Algılandı: Trace.TrackingCookie.advertising!A2
C:\Documents and Settings\ss\Cookies\ss@atn.com[2].txt Algılandı: Trace.TrackingCookie.atn.com!A2
C:\Documents and Settings\ss\Cookies\ss@bluestreak[2].txt Algılandı: Trace.TrackingCookie.bluestreak!A2
C:\Documents and Settings\ss\Cookies\ss@bluestreak[3].txt Algılandı: Trace.TrackingCookie.bluestreak!A2
C:\Documents and Settings\ss\Cookies\ss@bs.serving-sys[2].txt Algılandı: Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\ss\Cookies\ss@burstnet[2].txt Algılandı: Trace.TrackingCookie.burstnet!A2
C:\Documents and Settings\ss\Cookies\ss@doubleclick[1].txt Algılandı: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\ss\Cookies\ss@doubleclick[2].txt Algılandı: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\ss\Cookies\ss@ehg-cisco.hitbox[1].txt Algılandı: Trace.TrackingCookie.ehg-cisco.hitbox!A2
C:\Documents and Settings\ss\Cookies\ss@ehg-nokiafin.hitbox[2].txt Algılandı: Trace.TrackingCookie.ehg-nokiafin.hitbox!A2
C:\Documents and Settings\ss\Cookies\ss@fastclick[1].txt Algılandı: Trace.TrackingCookie.fastclick!A2
C:\Documents and Settings\ss\Cookies\ss@fastclick[2].txt Algılandı: Trace.TrackingCookie.fastclick!A2
C:\Documents and Settings\ss\Cookies\ss@google.com[1].txt Algılandı: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\ss\Cookies\ss@google.com[2].txt Algılandı: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\ss\Cookies\ss@google.com[3].txt Algılandı: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\ss\Cookies\ss@google.com[4].txt Algılandı: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\ss\Cookies\ss@google.com[5].txt Algılandı: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\ss\Cookies\ss@google.com[6].txt Algılandı: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\ss\Cookies\ss@google.com[8].txt Algılandı: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\ss\Cookies\ss@hitbox[1].txt Algılandı: Trace.TrackingCookie.hitbox!A2
C:\Documents and Settings\ss\Cookies\ss@mediaplex[2].txt Algılandı: Trace.TrackingCookie.mediaplex!A2
C:\Documents and Settings\ss\Cookies\ss@mediaplex[3].txt Algılandı: Trace.TrackingCookie.mediaplex!A2
C:\Documents and Settings\ss\Cookies\ss@pointroll[1].txt Algılandı: Trace.TrackingCookie.pointroll!A2
C:\Documents and Settings\ss\Cookies\ss@pointroll[2].txt Algılandı: Trace.TrackingCookie.pointroll!A2
C:\Documents and Settings\ss\Cookies\ss@pro-market[2].txt Algılandı: Trace.TrackingCookie.pro-market!A2
C:\Documents and Settings\ss\Cookies\ss@questionmarket[2].txt Algılandı: Trace.TrackingCookie.questionmarket!A2
C:\Documents and Settings\ss\Cookies\ss@serving-sys[1].txt Algılandı: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\ss\Cookies\ss@serving-sys[2].txt Algılandı: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\ss\Cookies\ss@serving-sys[4].txt Algılandı: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\ss\Cookies\ss@smartadserver[1].txt Algılandı: Trace.TrackingCookie.smartadserver!A2
C:\Documents and Settings\ss\Cookies\ss@smartadserver[2].txt Algılandı: Trace.TrackingCookie.smartadserver!A2
C:\Documents and Settings\ss\Cookies\ss@specificclick[1].txt Algılandı: Trace.TrackingCookie.specificclick!A2
C:\Documents and Settings\ss\Cookies\ss@specificclick[2].txt Algılandı: Trace.TrackingCookie.specificclick!A2
C:\Documents and Settings\ss\Cookies\ss@statcounter[1].txt Algılandı: Trace.TrackingCookie.statcounter!A2
C:\Documents and Settings\ss\Cookies\ss@statcounter[3].txt Algılandı: Trace.TrackingCookie.statcounter!A2
C:\Documents and Settings\ss\Cookies\ss@statse.webtrendslive[2].txt Algılandı: Trace.TrackingCookie.statse.webtrendslive!A2
C:\Documents and Settings\ss\Cookies\ss@tradedoubler[2].txt Algılandı: Trace.TrackingCookie.tradedoubler!A2
C:\Documents and Settings\ss\Cookies\ss@tribalfusion[1].txt Algılandı: Trace.TrackingCookie.tribalfusion!A2
C:\Documents and Settings\ss\Cookies\ss@tribalfusion[3].txt Algılandı: Trace.TrackingCookie.tribalfusion!A2
C:\Documents and Settings\ss\Cookies\ss@windowsmedia[1].txt Algılandı: Trace.TrackingCookie.windowsmedia!A2
C:\Documents and Settings\ss\Application Data\Mozilla\Firefox\Profiles\vg4mqwkf.default\cookies.sqlite:1250109041102024 Algılandı: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\ss\Application Data\Mozilla\Firefox\Profiles\vg4mqwkf.default\cookies.sqlite:1250109041102025 Algılandı: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\ss\Application Data\Mozilla\Firefox\Profiles\vg4mqwkf.default\cookies.sqlite:1250109041102026 Algılandı: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\ss\Application Data\Mozilla\Firefox\Profiles\vg4mqwkf.default\cookies.sqlite:1250109041102073 Algılandı: Trace.TrackingCookie.doubleclick.net!A2
C:\Documents and Settings\ss\Application Data\Mozilla\Firefox\Profiles\vg4mqwkf.default\cookies.sqlite:1273219598961000 Algılandı: Trace.TrackingCookie.ad.e-kolay.net!A2
C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP172\A0051568.exe Algılandı: HackTool.Win32.Jakuz!IK
C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP177\A0051844.exe Algılandı: HackTool.Win32.Jakuz!IK
C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP177\A0051877.exe/bad_cd_repair_pro_install.exe Algılandı: Riskware.AdTool.Win32.WhenU!IK
C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP177\A0051905.exe Algılandı: Trojan.Win32.Refroso!IK
C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP177\A0051977.exe/cd_install_247.exe Algılandı: Application.Cydoor!IK
Tarandı
Dosyalar: 106319
İzler: 675221
Çerezler: 1650
İşlemler: 47
Bulundu
Dosyalar: 6
İzler: 15
Çerezler: 50
İşlemler: 0
Kayıt anahtarları: 0
Tarama sonu: 5/7/2010 17:55:59
Tarama süresi: 4:49:48
C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP177\A0051977.exe/cd_install_247.exe Karantinada Application.Cydoor!IK
C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP177\A0051905.exe Karantinada Trojan.Win32.Refroso!IK
C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP172\A0051568.exe Karantinada HackTool.Win32.Jakuz!IK
C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP177\A0051844.exe Karantinada HackTool.Win32.Jakuz!IK
Karantinada
Dosyalar: 4
İzler: 0
Çerezler: 0
_____________________________
|
|
|
|
|
|
7 Mayıs 2010; 19:28:57
|
|
|
Selam benim sorunum internetle, internet bağlamtım işlem merkezinde sürekli kullanılıyo gibi görünüyo fakat kullanmıyorum bazen resetten sonra geçiyo ama sonra tekrar başlayabiliyor, sorun ağdaki diğer bilgisayardada olabilir bilmiyorum gerçi onu kapadıktan sonrada devam etti. taratırken sadece ben kulllanıyodum neti sanırım sağlıklıydıda çünki torentin hızı iyiydi, bilmiyorum başka bilmen gereken bişey varmı, eğer ilk sayfada verdiğin uyarılara uymadığım varsa kusura bakma tam olarak ne demek istediğini anlayamadım bazı yerlerde, şimdiden teşekkürler, kolay gelsin. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:22:23, on 07.05.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\vmsnap3.exe C:\Windows\Domino.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Windows Sidebar\sidebar.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\merzitr\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\RunOnce: [SDBOK] C:\Program Files (x86)\GIGABYTE\smart6\dbios\run.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [iemapd8] rundll32.exe "C:\Users\merzitr\AppData\Local\iemapd8\iemapd8.dll", DllInit O4 - HKCU\..\Run: [RGSC] D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [NokiaPCInternetAccess] "C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe" /b O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - Startup: JDownloader.lnk = C:\Program Files (x86)\JDownloader\JDownloader.exe O9 - Extra button: &Sanal klavye - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: URL d&enetimi - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O13 - Gopher Prefix: O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefe...ces/en/scan8/oscan8.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macr...yer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.../getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{59CF2C20-9327-4EBE-BFFB-6A5DCE394F0B}: NameServer = 4.2.2.1,4.2.2.5 O17 - HKLM\System\CS1\Services\Tcpip\..\{59CF2C20-9327-4EBE-BFFB-6A5DCE394F0B}: NameServer = 4.2.2.1,4.2.2.5 O17 - HKLM\System\CS2\Services\Tcpip\..\{59CF2C20-9327-4EBE-BFFB-6A5DCE394F0B}: NameServer = 4.2.2.1,4.2.2.5 O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10475 bytes
_____________________________
|
|
|
|
|
|
8 Mayıs 2010; 2:31:39
|
|
|
su an da sorun gorunmuyor inş. boyle devam eder.Sayende kurtuldum ellerın dert gormesın.. SAYGILAR!!! tesekkurler tekrar!
_____________________________
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
8 Mayıs 2010; 10:08:51
|
|
|
|
@sebnemsibumi
Şuanda durum nasıl hala sisteminizde yavaşlama varmı.
@merzitr
Ask Toolbar'ı sisteminizden kaldırırmısınız.Ayrıca log temiz gözüküyor isterseniz emin olmak için birde MalwareBytes ile komple sisteminizi tarayın sonucu bildirin.
@erdem0618
Sorunun çözüldüğüne sevindim ben teşekkür ederim.
< Bu mesaj bu kişi tarafından değiştirildi Eraybar -- 8 Mayıs 2010; 10:11:12 >
|
|
|
|
|
|
8 Mayıs 2010; 13:06:02
|
|
|
Öncelikle böyle bir yardımda bulunduğunuz için teşekkür ederim. İşte Sonuçlar; Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:27, on 08.05.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Asus\2Ghz Overclocker\eeectl.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kutay Can Ağır\Belgelerim\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2009\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2009\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2009\\Parser.html
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229862858625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229862547906
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D3A3FDF-2013-48F4-8B66-2F5BC43A66A4}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.148,85.255.112.10
O17 - HKLM\System\CS3\Services\Tcpip\..\{28AE57B6-4FE5-4475-83A0-544709BBB98E}: NameServer = 85.255.116.148,85.255.112.10
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.114.34,85.255.112.9
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
--
End of file - 10346 bytes Saygılarımla.
_____________________________
Aygırı...
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
8 Mayıs 2010; 13:19:44
|
|
|
@Macros XP TCP/IP Repair programını kullanarak TCP/IP'yi resetleyip daha sonra Winsock Repair yapın.Sistemi tekrar başlatmak isteyecektir kabul edin.Daha sonra DNS'lerinizi tekrar OpenDNS'ye ayarlayın.Daha sonra MalwareBytes ile sisteminizi komple taratıp sonucu bildirin.Ben teşekkür ederim.
|
|
|
|
|
|
8 Mayıs 2010; 14:09:17
|
|
|
|
Winsock Xp Fix 1.2 mi bahsettiğiniz program acaba ?
Tamam verdiğiniz programa dahilmiş-Teşekkürler-
Open Dns'e göre derken kastınız neydi bu arada ?
Google dns kullanıyorum keza görmüşsünüzdür. Değiştireyim mi ?
Malvare Bytes ın hangi sürümü tam sürüm mü paralı sürüm mü ?
< Bu mesaj bu kişi tarafından değiştirildi Macros -- 8 Mayıs 2010; 14:18:08 >
_____________________________
Aygırı...
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
8 Mayıs 2010; 14:59:36
|
|
|
|
Google DNS'de kullanabilirsiniz.MalwareBytes'ın Free sürümünle taratın kendi sitesinden indirin.
|
|
|
|
|
8 Mayıs 2010; 16:03:43
|
|
|
benim sorunum bilgisayarın cpu usage si explorer.exe cpu usage %80 - %100 arası bigisayar aşırı ısınıyor.explorer.exe kaplıyken bilgisayar iyi çalışıyor şu anda explorer.exe kapalı kullanıyorum.sorun bugün ortaya çıktı. dün bilgisayarda mavi ekranda yazılar çıkıp kapanıyordu.lütfen yardım edin ne denediysem olmadı.(vista kullanıyorum)  ilk defa HijackThis kullanıyorum bu nedenle ne olduğunu bilmiyorum. işte log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:00 Mehmet, on 08.05.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\rserver30\FamItrfc.Exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\ramazan\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: s127.0.0.1 localhost
O1 - Hosts: Youtube Jacker 4 :)
O1 - Hosts: 209.85.229.100 www.youtube.com
O1 - Hosts: 209.85.229.100 youtube.com
O1 - Hosts: 209.85.229.100 tr.youtube.com
O1 - Hosts: 209.85.229.100 fr.youtube.com
O1 - Hosts: 209.85.229.100 au.youtube.com
O1 - Hosts: 209.85.229.100 ca.youtube.com
O1 - Hosts: 208.117.236.71 m.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 209.85.165.102 gdata.youtube.com
O1 - Hosts: 208.117.236.71 ru.youtube.com
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 88.255.41.21 fr.youtube.com
O1 - Hosts: 88.255.41.21 www.fr.youtube.com
O1 - Hosts: 74.125.95.138 de.youtube.com
O1 - Hosts: 209.85.129.104 help.youtube.com
O1 - Hosts: 209.85.129.104 www.help.youtube.com
O1 - Hosts: 74.125.13.80 v1.lscache1.c.youtube.com
O1 - Hosts: 74.125.0.147 v2.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.86 v3.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.89 v4.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.92 v5.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.95 v6.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.98 v7.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.101 v8.lscache1.c.youtube.com
O1 - Hosts: 74.125.97.17 v9.lscache1.c.youtube.com
O1 - Hosts: 74.125.97.84 v10.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.87 v11.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.90 v12.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.93 v13.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.96 v14.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.99 v15.lscache1.c.youtube.com
O1 - Hosts: 74.125.97.38 v16.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.82 v17.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.85 v18.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.88 v19.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.91 v20.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.94 v21.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.97 v22.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.100 v23.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.103 v24.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.80 v1.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.83 v2.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.86 v3.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.89 v4.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.92 v5.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.95 v6.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.98 v7.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.101 v8.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.81 v9.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.84 v10.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.87 v11.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.90 v12.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.93 v13.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.96 v14.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.99 v15.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.102 v16.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.82 v17.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.85 v18.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.88 v19.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.91 v20.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.94 v21.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.97 v22.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.100 v23.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.103 v24.lscache2.c.youtube.com
O1 - Hosts: 74.125.99.80 v1.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.83 v2.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.86 v3.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.89 v4.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.92 v5.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.95 v6.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.98 v7.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.101 v8.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.81 v9.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.84 v10.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.87 v11.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.90 v12.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.93 v13.lscache3.c.youtube.com
O1 - Hosts: 74.125.97.32 v14.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.99 v15.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.102 v16.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.82 v17.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.85 v18.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.88 v19.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.91 v20.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.94 v21.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.97 v22.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.100 v23.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.103 v24.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.80 v1.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.83 v2.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.86 v3.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.89 v4.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.92 v5.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.95 v6.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.98 v7.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.101 v8.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.81 v9.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.84 v10.lscache4.c.youtube.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Reklam Başlığı Engelleyicisine ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Tüm Linkleri BitComet Kullanarak İndir - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Tüm Videoları BitComet Kullanarak İndir - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra button: &Sanal klavye - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll (file missing)
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URL ko&ntrolü - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O13 - Gopher Prefix:
O16 - DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} (Crystal ActiveX Report Viewer Control 11.5) - http://reporteokul.meb.gov.tr/crystalreportviewers115/ActiveXControls/activexviewer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O23 - Service: ArGoSoft Mail Server for .NET (ArGoSoftMailServerNet) - ArGo Software Design - C:\Program Files\ArGo Software Design\ArGoSoft Mail Server .NET\AGMSService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\Windows\system32\rserver30\RServer3.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
--
End of file - 14166 bytes
bide şöyle bişey çıktı bu nedir? 
_____________________________
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
8 Mayıs 2010; 16:11:40
|
|
|
@memolee95 Vista'nın ilk önce bir onarılması gerekiyor.Bunun için Vista cd'sini bilgisayara yerleştirin.Daha sonra komut satırına geçip sfc /scannow yazın.Daha sonra onarma işlemi başlicaktır.Bu bittikten sonra Flash Disinfector yazılımını indirin.Tüm harici harddisk ve flash bellek ne varsa sisteme takın.Ve programı çalıştırın.Daha sonra sisteminizi MalwareBytes ile komple taratın.Sonucu bildirin.
< Bu mesaj bu kişi tarafından değiştirildi Eraybar -- 8 Mayıs 2010; 16:13:07 >
|
|
|
|
|
|
8 Mayıs 2010; 16:12:08
|
|
|
Yukarıda problemimden bahsetmiştim, interneti kullanmama rağmen full kullanılıyomuş gibi görünüyo ve yavaşlıyo, modemi ve bilgisayarı resetlediğim zaman kurtula biliyorum fakat sonra tekrar devam edebiliyor, daha önce gönderdiğim log taranırken problem yoktu fakat bunu taratırken explorer dan başka interneti kullanmama rağmen 2 mbit lik bağlantının neredeyse hepsi kullanılıyomuş gibi oluyor, IObit güvenlik ve ad-aware le taratıyorum bi kaçtane buluyo ikiside bi süre sonra yine taratıyorum sonra yine buluyorlar. Dediğin gibi toolbarıda sildim. Yardımların için tekrar teşekkürler Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:04:41, on 08.05.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\vmsnap3.exe C:\Windows\Domino.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files (x86)\Windows Sidebar\sidebar.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe C:\Program Files (x86)\Winamp\winamp.exe C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe C:\Users\merzitr\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart O4 - HKLM\..\RunOnce: [SDBOK] C:\Program Files (x86)\GIGABYTE\smart6\dbios\run.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [iemapd8] rundll32.exe "C:\Users\merzitr\AppData\Local\iemapd8\iemapd8.dll", DllInit O4 - HKCU\..\Run: [RGSC] D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [NokiaPCInternetAccess] "C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe" /b O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - Startup: JDownloader.lnk = C:\Program Files (x86)\JDownloader\JDownloader.exe O9 - Extra button: &Sanal klavye - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: URL d&enetimi - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O13 - Gopher Prefix: O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefe...ces/en/scan8/oscan8.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macr...yer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.../getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{59CF2C20-9327-4EBE-BFFB-6A5DCE394F0B}: NameServer = 4.2.2.1,4.2.2.5 O17 - HKLM\System\CS1\Services\Tcpip\..\{59CF2C20-9327-4EBE-BFFB-6A5DCE394F0B}: NameServer = 4.2.2.1,4.2.2.5 O17 - HKLM\System\CS2\Services\Tcpip\..\{59CF2C20-9327-4EBE-BFFB-6A5DCE394F0B}: NameServer = 4.2.2.1,4.2.2.5 O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IS360service - IObit - C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10514 bytes
_____________________________
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
8 Mayıs 2010; 16:15:44
|
|
|
|
@merzitr
Ben size üstte çözümü belirttim ama siz uygulamıyorsunuz.Sisteminizi MalwareBytes ile komple taratın ve sonucu belirtin demiştim.Ad-Aware ve IOBIT 360 Security ile sisteminizi taratmanıza gerek yok.Hatta onları kaldırın.
|
|
|
|
|
|
8 Mayıs 2010; 19:14:17
|
|
|
-Tcp ip Resetledim -Winsock repair yaptım -Yeniden başlattım -MalvareBytes ile tarattım -Şimdi bir tarama daha yapıyorum Hijack This ile sonra DNS ayarı yapacağım. Yaptım; Son sonuçlar Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:38, on 08.05.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kutay Can Ağır\Belgelerim\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2009\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2009\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2009\\Parser.html
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229862858625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229862547906
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.148,85.255.112.10
O17 - HKLM\System\CS3\Services\Tcpip\..\{28AE57B6-4FE5-4475-83A0-544709BBB98E}: NameServer = 85.255.116.148,85.255.112.10
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.114.34,85.255.112.9
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
--
End of file - 9428 bytes
_____________________________
Aygırı...
|
|
|
|
|
|
8 Mayıs 2010; 19:18:27
|
|
|
bunu da analiz eder misiniz? Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:13:22, on 08.05.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\mspaint.exe
F:\CryptLoad_1.1.6\CryptLoad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.maxiwe.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.maxiwe.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.maxiwe.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [HostControl] C:\Documents and Settings\Altın Elektronik\Application Data\HostControl.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CurrentVersion] C:\RECYCLER\S-1-5-21-0324232222-888888379-781133308-1995\recyclebin.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Bütün linkleri IDM ile indir - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM ile indir - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tüm Linkleri BitComet Kullanarak İndir - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Tüm Videoları BitComet Kullanarak İndir - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0BE25634-8514-4CDF-AF72-6560533E71D5} (SmartNet.WEB) - https://esube.bankasya.com.tr/BenimAsyamWeb/includes/cap/SmartNet.cab
O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) - https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
O16 - DPF: {4975D552-DB29-4E77-BFDA-84B6E8B16304} (RTNetLauncher Control) - http://www.yapikrediyatirim.com.tr/RealTrade/RTNetLauncher.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238582132921
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE821655-0487-4DE6-A96D-E0E760C168CC}: NameServer = 208.67.222.222,208.67.220.220
O22 - SharedTaskScheduler: Browseui önceden yükleyicisi - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Bileşen Katergorileri önbellek daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Güncelleme Hizmeti (gupdate1c9ceb16bf70e7a) (gupdate1c9ceb16bf70e7a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
--
End of file - 9138 bytes
_____________________________
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
8 Mayıs 2010; 19:33:10
|
|
|
@Macros 85.255.114.34,85.255.112.9 85.255.116.148,85.255.112.10 Bu DNS'ler hakkında bilginiz varmı ? Bu DNS'leri sizmi giriyorsunuz.Ve şuanda durum nasıl ? @Ebrar21 O4 - HKCU\..\Run: [CurrentVersion] C:\RECYCLER\S-1-5-21-0324232222-888888379-781133308-1995\recyclebin.exe O16 - DPF: {0BE25634-8514-4CDF-AF72-6560533E71D5} (SmartNet.WEB) - https://esube.bankasya....cludes/cap/SmartNet.cab O16 - DPF: {4975D552-DB29-4E77-BFDA-84B6E8B16304} (RTNetLauncher Control) - http://www.yapikrediyat...Trade/RTNetLauncher.cab O4 - HKLM\..\Run: [HostControl] C:\Documents and Settings\Altın Elektronik\Application Data\HostControl.exe O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) Satırlarını fix'leyip,MalwareBytes ile sisteminizi komple taratırmısınız.
|
|
|
|
|
|
8 Mayıs 2010; 19:44:02
|
|
|
Tekrar merhaba, güvenli kip te derin tarama yaptırdım, bu raporu verdi, istediğin buydu sanırım. Bide şimdi normal çalıştırmaya başladım bu proğram kendi kendine şunu gösterip duruyo sağ alttan, bilmem şu Ip siteye bağlanılması başarıyla engellendi diye bu bi anlam ifade edermi bilmiyorum. Tekrar saol kolay gelsin. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Veritabanı sürümü: 4052 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 08.05.2010 19:09:35 mbam-log-2010-05-08 (19-09-35).txt Tarama kipi: Derin tarama (C:\|D:\|E:\|) Taranmış öğeler: 307810 Geçen süre: 28 dakika, 41 saniye Etkilenmiş Hafıza İşlemleri: 0 Etkilenmiş Hafıza Modülleri: 0 Etkilenmiş Kayıt Anahtarları: 4 Etkilenmiş Kayıt Değerleri: 1 Etkilenmiş Veri Öğeleri: 0 Etkilenmiş Klasörler: 0 Etkilenmiş Dosyalar: 4 Etkilenmiş Hafıza İşlemleri: ( Zararlı öğe tespit edilmedi) Etkilenmiş Hafıza Modülleri: ( Zararlı öğe tespit edilmedi) Etkilenmiş Kayıt Anahtarları: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f334c7b0-8774-4d5b-bd7a-4f448d03a1ae} (Adware.SkyLab) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{f334c7b0-8774-4d5b-bd7a-4f448d03a1ae} (Adware.SkyLab) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> No action taken. HKEY_CURRENT_USER\Software\SkyMedia (Adware.SkyMedia) -> No action taken. Etkilenmiş Kayıt Değerleri: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iemapd8 (Adware.Agent.N) -> No action taken. Etkilenmiş Veri Öğeleri: ( Zararlı öğe tespit edilmedi) Etkilenmiş Klasörler: ( Zararlı öğe tespit edilmedi) Etkilenmiş Dosyalar: C:\Program Files (x86)\Master Audio Suite\license.exe (Trojan.MultiDropper) -> No action taken. C:\Users\merzitr\Desktop\CoreCodec.CoreAVC.Professional.Edition.v2.0.0.0\KeyGen\KeyGen.exe (Trojan.Agent) -> No action taken. C:\Users\merzitr\Desktop\Malwarebytes' Anti-Malware v1.46 Final\FFF-MBAM145.exe (Spyware.Banker) -> No action taken. C:\Users\merzitr\AppData\Local\iemapd8\iemapd8.dll (Adware.Agent.N) -> No action taken.
_____________________________
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
8 Mayıs 2010; 20:07:04
|
|
|
|
@merzitr
Lütfen korsan yazılım kullanmamaya özen gösterin.Zaten MalwareBytes tarama amaçlı kullanım için idealdir paralı sürümüne gerek yoktur yani Free sürümü yeticektir.IP Engellemesi'nin bir zararı olmaz ama bu uyarılar çok rahatsız ederse MalwareBytes ayarlarından IP Korumasını kapatabilirsiniz.Peki şuan durum nasıl ?
< Bu mesaj bu kişi tarafından değiştirildi Eraybar -- 8 Mayıs 2010; 20:09:37 >
|
|
|
|
|
|
8 Mayıs 2010; 23:52:46
|
|
|
S.a hocam öncelikle sorunum cpu nun %100 kullanılması bilgisayarımın performansı ve özellikleri yüksek olmasına ragmen online oynadıgım ko oyununu açtıgımda cpu %100 kullanıo we explorer da da aynı %100 cpu kullanıo haliyle oyunda takılmalar, internette takılmalar we herhangi bişey kullanmama izin wermiyor ve tarama yaptım hiç bir virüs trojen bulamadı.. log kayıtları aşagıda yardıım edersen sevinirim şimdiden tşkür. selametle.. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:44:12, on 08.05.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AC Tool\ACTool.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Admin\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ^^ ShaneXP Lite ^^
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\Visual Style\Vdrive\vsdrv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: RocketDock.lnk = C:\WINDOWS\Visual Style\RocketDock\RocketDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: UberIcon.lnk = C:\WINDOWS\Visual Style\UberIcon\UberIcon Manager.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Vdrive.lnk = C:\WINDOWS\Visual Style\Vdrive\vsdrv.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: WinInfo.lnk = C:\WINDOWS\Visual Style\WinInfo\wininfo.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: YzShadow.lnk = C:\WINDOWS\Visual Style\YzShadow\YzShadow.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: RocketDock.lnk = C:\WINDOWS\Visual Style\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT Startup: UberIcon.lnk = C:\WINDOWS\Visual Style\UberIcon\UberIcon Manager.exe (User 'Default user')
O4 - .DEFAULT Startup: Vdrive.lnk = C:\WINDOWS\Visual Style\Vdrive\vsdrv.exe (User 'Default user')
O4 - .DEFAULT Startup: WinInfo.lnk = C:\WINDOWS\Visual Style\WinInfo\wininfo.exe (User 'Default user')
O4 - .DEFAULT Startup: YzShadow.lnk = C:\WINDOWS\Visual Style\YzShadow\YzShadow.exe (User 'Default user')
O4 - .DEFAULT User Startup: RocketDock.lnk = C:\WINDOWS\Visual Style\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT User Startup: UberIcon.lnk = C:\WINDOWS\Visual Style\UberIcon\UberIcon Manager.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vdrive.lnk = C:\WINDOWS\Visual Style\Vdrive\vsdrv.exe (User 'Default user')
O4 - .DEFAULT User Startup: WinInfo.lnk = C:\WINDOWS\Visual Style\WinInfo\wininfo.exe (User 'Default user')
O4 - .DEFAULT User Startup: YzShadow.lnk = C:\WINDOWS\Visual Style\YzShadow\YzShadow.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - http://download.speakyweb.com/speakyldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} (Flatcast Viewer 5.2) - http://92.51.137.94/objects/NpFv522.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{83521A55-EABA-4ED0-8305-E7390DA94F88}: NameServer = 4.2.2.2,4.2.2.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7340 bytes
< Bu mesaj bu kişi tarafından değiştirildi goldx_milo -- 9 Mayıs 2010; 0:02:19 >
_____________________________
|
|
|
|
|
|
9 Mayıs 2010; 0:17:52
|
|
|
|
sevgili arkadaŞLAR bilgisaayarımdan hiçbir verim alamaz oldum.Anamdan doğdum daha böyle bişey görmedim, antivirüsle ilgili hiç bir faaliyetime izin vermiyor. zınk kırmızılı çarpı işareti yok açamıyoruz yok bilmem ne en son kablosuzda bağlanamaz oldum, ama iyi bir ders oldu paralı sürüm bir anti virüs alacağım. neyse ocağınıza düştüm ne yapabiliriz d: yi formatlamak istemiyorum benim çocuğun doğumdan itibaren fotografları var.Yardım edenden etmeyenden Allah razı olsun.
yapabildiğim kadarı ile
hijackthis sonucu böyle
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:04:46, on 09.05.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\OGUZ HOCA\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\OGUZHO~1\LOCALS~1\Temp\afmal.exe
C:\DOCUME~1\OGUZHO~1\LOCALS~1\Temp\winggxwn.exe
C:\Documents and Settings\OGUZ HOCA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\OGUZ HOCA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\OGUZ HOCA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: winesm32.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O17 - HKLM\System\CCS\Services\Tcpip\..\{119E420D-1822-419F-8235-E555A14A1539}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{6AEC9ABE-D11B-4F89-8524-98CA932D5F17}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS3\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS4\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS5\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS6\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS7\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS8\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS9\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS10\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS11\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS12\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS13\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS14\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS15\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS16\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS17\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS18\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS19\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS20\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS21\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS22\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS23\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS24\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS25\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS26\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS27\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS28\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS29\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS30\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS31\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS32\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS33\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS34\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS35\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS36\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS37\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS38\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS39\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS40\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS41\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS42\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS43\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS44\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS45\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS46\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS47\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS48\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS49\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS50\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS51\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS52\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS53\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS54\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS55\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS56\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS57\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS58\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS59\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS60\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS61\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS62\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS63\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS64\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS65\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS66\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS67\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS68\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS69\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS70\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS71\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS72\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS73\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS74\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS75\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS76\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS77\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS78\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS79\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS80\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS81\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS82\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS83\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS84\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS85\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS86\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS87\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS88\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS89\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS90\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS91\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS92\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS93\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS94\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS95\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS96\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS97\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS98\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS99\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CS101\Services\Tcpip\..\{03C211E5-0F72-4D13-BA6C-97A9427FB655}: NameServer = 4.2.2.5,4.2.2.6
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
--
End of file - 14016 bytes
_____________________________
FOCUS3 2012
|
|
|
|
|
|
9 Mayıs 2010; 0:24:35
|
|
|
|
ayrıca bilgisayar yanmak üzere fan tarafından fırın kapağından gelen kokular gibi koku gelmeye başladı ayrıca laptop kullanıyorum
_____________________________
FOCUS3 2012
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
9 Mayıs 2010; 0:28:59
|
|
|
@matetech C:\DOCUME~1\OGUZHO~1\LOCALS~1\Temp\afmal.exe C:\DOCUME~1\OGUZHO~1\LOCALS~1\Temp\winggxwn.exe O4 - Startup: winesm32.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 Satırlarını fix'ledikten sonra, TCP/IP Repair programınla TCP/IP Repair ve Winsock Repair'a tıklayın.Programı kapatırken sisteminizi tekrardan başlatmak isticek kabul edin.Sisteminiz tekrar başladıktan sonra MalwareBytes ile sisteminizi komple taratın.Daha sonra Baslattan Çalıştır'a gpedit.msc yazın çalıştırın.Daha sonra Kullanıcı Yapılandırması > Yönetim Şablonları > Sistem > Sistem-Ctrl+Alt+Del Seçeneğine gelip buradan Görev Yöneticisini Devre Kaldir özelliklerinine tikliyoruz ve 3.yeri işaretliyoruz.Böylece Görev Yöneticisi'nide açmış oluyoruz.Daha sonra durumu bildiriniz.
|
|
|
|
|
|
9 Mayıs 2010; 1:12:16
|
|
|
|
yine aynı şekilde devre dışı bırakıldı diyor hocam
_____________________________
FOCUS3 2012
|
|
|
|
|
|
9 Mayıs 2010; 3:20:33
|
|
|
varmı bi terslik :D Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:41:01, on 09.05.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\SAMET\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SAMET\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\SAMET\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
O1 - Hosts: <html lang='en'>
O1 - Hosts: <head>
O1 - Hosts: <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel.">
O1 - Hosts: <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title>
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css">
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://us.i1.yimg.com/us.yimg.com/lib/smbiz/css/geocities_84954.css">
O1 - Hosts: <style>
O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}
O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em}
O1 - Hosts: .services { font-size:116%; padding-bottom:20px }
O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px}
O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px}
O1 - Hosts: p {margin:20px;font-size:1em;}
O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}
O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}
O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->
O1 - Hosts: <div class="ez-mw" style ="height:900px;width:905px">
O1 - Hosts: <div class="ez-wri ez-oh" style="width:900px">
O1 - Hosts: <div class="ez-box">
O1 - Hosts: <link type="text/css" rel="stylesheet" href="http://l.yimg.com/a/lib/uh/15/css/uh-1.0.28.css">
O1 - Hosts: <style type="text/css">
O1 - Hosts: div#headerblock div{font-family:arial;}
O1 - Hosts: </style>
O1 - Hosts: <div id="ygma"><div id="ygmaheader"><div class="bd sp"><div id="ymenu" class="ygmaclr"><div id="mepanel"><ul id="mepanel-nav"><li class="me1"><em>New User? <a class="ygmasignup" title="Sign Up" href="http://us.ard.yahoo.com/SIG=15u88cce2/M=650008.13654023.13693397.13153904/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=2/SIG=13j8rdsqp/*https://edit.yahoo.com/config/eval_register?.done=http://smallbusiness.yahoo.com%2findex.html&.src=smbiz&.intl=us">Sign Up</a></em></li><li class="me2"><a title="Sign In" href="http://us.ard.yahoo.com/SIG=15u88cce2/M=650008.13654023.13693397.13153904/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=3/SIG=13cm6p12o/*https://login.yahoo.com/config/login?.done=http://geocities.yahoo.com&.src=smbiz&.intl=us">Sign In</a></li>
O1 - Hosts: <li class="me3"><a href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=7/SIG=11hjute28/*http://help.yahoo.com/l/us/yahoo/geocities/" target="_top" title="Yahoo! Help Central">Help</a></li>
O1 - Hosts: </ul></div><div id="ygmapromo"><a style="font-weight:bold;" id="ygmaie8" href="http://us.ard.yahoo.com/SIG=15vud5jbf/M=650008.13445975.13532322.12832737/D=smallbiz/S=2023010636:HPRM2/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=0Qw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5706923/R=0/SIG=117bakia1/*http://toolbar.yahoo.com/?.cpdl=ushdl" target="_top">Get Yahoo! Toolbar<abbr title="Yahoo! Toolbar"></abbr></a>
O1 - Hosts: <script language=javascript>
O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();
O1 - Hosts: window.yzq_d['0Qw4Atj8a20-']='&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1';
O1 - Hosts: </script>
O1 - Hosts: <noscript><img width=1 height=1 alt="" src="http://us.bc.yahoo.com/b?P=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48&T=144j596l3%2fX%3d1252090825%2fE%3d2023010636%2fR%3dsmallbiz%2fK%3d5%2fV%3d2.1%2fW%3dH%2fY%3dYAHOO%2fF%3d1861688409%2fQ%3d-1%2fS%3d1%2fJ%3d8B68FCD8&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1"></noscript></div>
O1 - Hosts: <div id="pa"><div id="pa-wrapper"><ul id="pa2-nav" class="sp"><li class="pa1 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=8/SIG=10jmd0d5u/*http://yahoo.com/" title="Yahoo!" target="_top">Yahoo!</a></li><li class="pa2 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=9/SIG=10n3m6b64/*http://mail.yahoo.com" title="Yahoo! Mail" target="_top">Mail</a></li></ul><div id="pa-left" class="sp"></div><ul id="pa-nav" class="sp"><li class="pa3 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252
O1 - Hosts: <script language=javascript>
O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();
O1 - Hosts: window.yzq_d['zgw4Atj8a20-']='&U=13gmetml2%2fN%3dzgw4Atj8a20-%2fC%3d650008.13654021.13693393.13153902%2fD%3dHEAD%2fB%3d5836006%2fV%3d1';
O1 - Hosts: </script>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ez-wr" style="width:898px;margin-top:1.5em">
O1 - Hosts: <Div class="ez-l2a" id="wrapper">
O1 - Hosts: <div class="ez-l2a-1 " style="width:898px">
O1 - Hosts: <div class="ez-box">
O1 - Hosts: <div class="ez-wr" >
O1 - Hosts: <div class="ez-box" style="width:898px">
O1 - Hosts: <h1>Sorry, the GeoCities web site you were trying to reach is no longer available.</h1>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ez-wr">
O1 - Hosts: <div class="ez-box" id="boxyahoourls">
O1 - Hosts: <p> GeoCities has closed, but there's a lot more to explore on Yahoo!</p>
O1 - Hosts: <h2>Visit one of these popular Yahoo! sites:</h2>
O1 - Hosts: <ul class= "services">
O1 - Hosts: <li><a href="http://mail.yahoo.com">Yahoo! Mail</a></li>
O1 - Hosts: <li><a href="http://smallbusiness.yahoo.com/webhosting">Web Hosting</a></li>
O1 - Hosts: <li><a href="http://news.yahoo.com">News</a></li>
O1 - Hosts: <li><a href="http://games.yahoo.com">Games</a></li>
O1 - Hosts: <li><a href="http://sports.yahoo.com/">Sports</a> </li>
O1 - Hosts: <li><a href="http://movies.yahoo.com">Movies</a></li>
O1 - Hosts: <li><a href="http://finance.yahoo.com">Finance</a></li>
O1 - Hosts: <li><a href="http://maps.yahoo.com">Maps</a></li>
O1 - Hosts: </ul>
O1 - Hosts: </div>
O1 - Hosts: <li class="rule"><!----></li>
O1 - Hosts: <p>The GeoCities site you were looking for may have been preserved in the Internet Archive's Wayback Machine. To find out, <a href="http://www.archive.org/web/web.php" target="_blank">visit Archive.org</a> and enter the site's web address in the field provided.</p>
O1 - Hosts: <li class="rule"><!----></li>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ez-wr">
O1 - Hosts: <div class="ez-box" style="text-align:center; margin-top:25px;">
O1 - Hosts: <font size="-2" face="verdana">Copyright © 2009 <a href="http://yahoo.com/">Yahoo!</a> Inc. All rights reserved.
O1 - Hosts: <ul>
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a
O1 - Hosts: ></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://smallbusiness.yahoo.com/tos/tos.php">Terms of Service
O1 - Hosts: </a></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://help.yahoo.com/help/us/geo/">Help</a></li>
O1 - Hosts: </ul>
O1 - Hosts: </font>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </body>
O1 - Hosts: </html>
O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>
O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1272629869&f=us-w2" ALT=1 WIDTH=1 HEIGHT=1>
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\bronstab.exe"
O4 - HKCU\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Empty.pif = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2761FF08-A2B0-436D-BB9F-3C8C3E73FAEA}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{2761FF08-A2B0-436D-BB9F-3C8C3E73FAEA}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{2761FF08-A2B0-436D-BB9F-3C8C3E73FAEA}: NameServer = 8.8.8.8,8.8.4.4
O22 - SharedTaskScheduler: Browseui önceden yükleyicisi - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Bileşen Katergorileri önbellek daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 13177 bytes
_____________________________
|
|
|
|
|
|
9 Mayıs 2010; 15:06:13
|
|
|
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:01:22, on 09.05.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\VM303_STI.EXE C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\GlobespanVirata\Adsl\dslstat.exe C:\Program Files\GlobespanVirata\Adsl\dslagent.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\xp\Belgelerim\Karşıdan Yüklenenler\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.localstrike.com.ar/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.localstrike.com.ar/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar R3 - URLSearchHook: Messenger Plus Live Turkey Toolbar - {15aa633e-1112-41ae-81d2-765a2cc0cc45} - C:\Program Files\Messenger_Plus_Live_Turkey\tbMess.dll O1 - Hosts: YOUTUBE JACKER Ozkan ATA O1 - Hosts: 208.117.236.70 youtube.com O1 - Hosts: 208.117.236.70 www.youtube.com O1 - Hosts: 74.125.65.118 img.youtube.com O1 - Hosts: 74.125.13.80 v1.lscache1.c.youtube.com O1 - Hosts: 74.125.13.83 v2.lscache1.c.youtube.com O1 - Hosts: 74.125.13.86 v3.lscache1.c.youtube.com O1 - Hosts: 74.125.13.89 v4.lscache1.c.youtube.com O1 - Hosts: 74.125.13.92 v5.lscache1.c.youtube.com O1 - Hosts: 74.125.13.95 v6.lscache1.c.youtube.com O1 - Hosts: 74.125.13.98 v7.lscache1.c.youtube.com O1 - Hosts: 74.125.13.101 v8.lscache1.c.youtube.com O1 - Hosts: 74.125.97.17 v9.lscache1.c.youtube.com O1 - Hosts: 74.125.97.84 v10.lscache1.c.youtube.com O1 - Hosts: 74.125.13.87 v11.lscache1.c.youtube.com O1 - Hosts: 74.125.13.90 v12.lscache1.c.youtube.com O1 - Hosts: 74.125.13.93 v13.lscache1.c.youtube.com O1 - Hosts: 74.125.13.96 v14.lscache1.c.youtube.com O1 - Hosts: 74.125.13.99 v15.lscache1.c.youtube.com O1 - Hosts: 74.125.97.38 v16.lscache1.c.youtube.com O1 - Hosts: 74.125.13.82 v17.lscache1.c.youtube.com O1 - Hosts: 74.125.13.85 v18.lscache1.c.youtube.com O1 - Hosts: 74.125.13.88 v19.lscache1.c.youtube.com O1 - Hosts: 74.125.13.91 v20.lscache1.c.youtube.com O1 - Hosts: 74.125.13.94 v21.lscache1.c.youtube.com O1 - Hosts: 74.125.13.97 v22.lscache1.c.youtube.com O1 - Hosts: 74.125.13.100 v23.lscache1.c.youtube.com O1 - Hosts: 74.125.13.103 v24.lscache1.c.youtube.com O1 - Hosts: 74.125.13.80 v1.lscache2.c.youtube.com O1 - Hosts: 74.125.13.83 v2.lscache2.c.youtube.com O1 - Hosts: 74.125.13.86 v3.lscache2.c.youtube.com O1 - Hosts: 74.125.13.89 v4.lscache2.c.youtube.com O1 - Hosts: 74.125.13.92 v5.lscache2.c.youtube.com O1 - Hosts: 74.125.13.95 v6.lscache2.c.youtube.com O1 - Hosts: 74.125.13.98 v7.lscache2.c.youtube.com O1 - Hosts: 74.125.13.101 v8.lscache2.c.youtube.com O1 - Hosts: 74.125.13.81 v9.lscache2.c.youtube.com O1 - Hosts: 74.125.13.84 v10.lscache2.c.youtube.com O1 - Hosts: 74.125.13.87 v11.lscache2.c.youtube.com O1 - Hosts: 74.125.13.90 v12.lscache2.c.youtube.com O1 - Hosts: 74.125.13.93 v13.lscache2.c.youtube.com O1 - Hosts: 74.125.13.96 v14.lscache2.c.youtube.com O1 - Hosts: 74.125.13.99 v15.lscache2.c.youtube.com O1 - Hosts: 74.125.13.102 v16.lscache2.c.youtube.com O1 - Hosts: 74.125.13.82 v17.lscache2.c.youtube.com O1 - Hosts: 74.125.13.85 v18.lscache2.c.youtube.com O1 - Hosts: 74.125.13.88 v19.lscache2.c.youtube.com O1 - Hosts: 74.125.13.91 v20.lscache2.c.youtube.com O1 - Hosts: 74.125.13.94 v21.lscache2.c.youtube.com O1 - Hosts: 74.125.13.97 v22.lscache2.c.youtube.com O1 - Hosts: 74.125.13.100 v23.lscache2.c.youtube.com O1 - Hosts: 74.125.13.103 v24.lscache2.c.youtube.com O1 - Hosts: 74.125.99.80 v1.lscache3.c.youtube.com O1 - Hosts: 74.125.99.83 v2.lscache3.c.youtube.com O1 - Hosts: 74.125.99.86 v3.lscache3.c.youtube.com O1 - Hosts: 74.125.99.89 v4.lscache3.c.youtube.com O1 - Hosts: 74.125.99.92 v5.lscache3.c.youtube.com O1 - Hosts: 74.125.99.95 v6.lscache3.c.youtube.com O1 - Hosts: 74.125.99.98 v7.lscache3.c.youtube.com O1 - Hosts: 74.125.99.101 v8.lscache3.c.youtube.com O1 - Hosts: 74.125.99.81 v9.lscache3.c.youtube.com O1 - Hosts: 74.125.99.84 v10.lscache3.c.youtube.com O1 - Hosts: 74.125.99.87 v11.lscache3.c.youtube.com O1 - Hosts: 74.125.99.90 v12.lscache3.c.youtube.com O1 - Hosts: 74.125.99.93 v13.lscache3.c.youtube.com O1 - Hosts: 74.125.97.32 v14.lscache3.c.youtube.com O1 - Hosts: 74.125.99.99 v15.lscache3.c.youtube.com O1 - Hosts: 74.125.99.102 v16.lscache3.c.youtube.com O1 - Hosts: 74.125.99.82 v17.lscache3.c.youtube.com O1 - Hosts: 74.125.99.85 v18.lscache3.c.youtube.com O1 - Hosts: 74.125.99.88 v19.lscache3.c.youtube.com O1 - Hosts: 74.125.99.91 v20.lscache3.c.youtube.com O1 - Hosts: 74.125.99.94 v21.lscache3.c.youtube.com O1 - Hosts: 74.125.99.97 v22.lscache3.c.youtube.com O1 - Hosts: 74.125.99.100 v23.lscache3.c.youtube.com O1 - Hosts: 74.125.99.103 v24.lscache3.c.youtube.com O1 - Hosts: 74.125.99.80 v1.lscache4.c.youtube.com O1 - Hosts: 74.125.99.83 v2.lscache4.c.youtube.com O1 - Hosts: 74.125.99.86 v3.lscache4.c.youtube.com O1 - Hosts: 74.125.99.89 v4.lscache4.c.youtube.com O1 - Hosts: 74.125.99.92 v5.lscache4.c.youtube.com O1 - Hosts: 74.125.99.95 v6.lscache4.c.youtube.com O1 - Hosts: 74.125.99.98 v7.lscache4.c.youtube.com O1 - Hosts: 74.125.99.101 v8.lscache4.c.youtube.com O1 - Hosts: 74.125.99.81 v9.lscache4.c.youtube.com O1 - Hosts: 74.125.99.84 v10.lscache4.c.youtube.com O1 - Hosts: 74.125.99.87 v11.lscache4.c.youtube.com O1 - Hosts: 74.125.99.90 v12.lscache4.c.youtube.com O1 - Hosts: 74.125.99.93 v13.lscache4.c.youtube.com O1 - Hosts: 74.125.99.96 v14.lscache4.c.youtube.com O1 - Hosts: 74.125.99.99 v15.lscache4.c.youtube.com O1 - Hosts: 74.125.99.102 v16.lscache4.c.youtube.com O1 - Hosts: 74.125.99.82 v17.lscache4.c.youtube.com O1 - Hosts: 74.125.99.85 v18.lscache4.c.youtube.com O1 - Hosts: 74.125.99.88 v19.lscache4.c.youtube.com O1 - Hosts: 74.125.99.91 v20.lscache4.c.youtube.com O1 - Hosts: 74.125.99.94 v21.lscache4.c.youtube.com O1 - Hosts: 74.125.99.97 v22.lscache4.c.youtube.com O1 - Hosts: 74.125.99.100 v23.lscache4.c.youtube.com O1 - Hosts: 74.125.99.103 v24.lscache4.c.youtube.com O1 - Hosts: 74.125.99.16 v1.lscache5.c.youtube.com O2 - BHO: Messenger Plus Live Turkey Toolbar - {15aa633e-1112-41ae-81d2-765a2cc0cc45} - C:\Program Files\Messenger_Plus_Live_Turkey\tbMess.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Messenger Plus Live Turkey Toolbar - {15aa633e-1112-41ae-81d2-765a2cc0cc45} - C:\Program Files\Messenger_Plus_Live_Turkey\tbMess.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ServerList.lnk = C:\Program Files\Valve\platform\config\otomatik_list.exe O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{2BA676CB-BF1B-4388-93C4-2858006F90FF}: NameServer = 4.2.2.2,4.2.2.3 O17 - HKLM\System\CCS\Services\Tcpip\..\{D127770B-3BDA-401A-A0C8-2ABE5DDEFFA9}: NameServer = 195.175.39.40 195.175.39.39 O17 - HKLM\System\CS1\Services\Tcpip\..\{2BA676CB-BF1B-4388-93C4-2858006F90FF}: NameServer = 4.2.2.2,4.2.2.3 O17 - HKLM\System\CS2\Services\Tcpip\..\{2BA676CB-BF1B-4388-93C4-2858006F90FF}: NameServer = 4.2.2.2,4.2.2.3 O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 11212 bytes Umarım Yardımcı Olursun Tskler Sımdıden
_____________________________
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
9 Mayıs 2010; 15:18:19
|
|
|
@matetech Sisteminizi birde A-Squared ile taratırmısınız. @ssametalkis F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe" O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\bronstab.exe" O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 Satırlarını fix'leyiniz. HostXpert programıyla hosts dosyanızı restore edin.Ayrıca sisteminizi MalwareBytes ile komple taratın.Daha sonra durumu bildiriniz.Sisteminizde çok zararlı var. @rubarxx R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.localstrike.com.ar/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.localstrike.com.ar/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/ R3 - URLSearchHook: Messenger Plus Live Turkey Toolbar - {15aa633e-1112-41ae-81d2-765a2cc0cc45} - C:\Program Files\Messenger_Plus_Live_Turkey\tbMess.dll O2 - BHO: Messenger Plus Live Turkey Toolbar - {15aa633e-1112-41ae-81d2-765a2cc0cc45} - C:\Program Files\Messenger_Plus_Live_Turkey\tbMess.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O3 - Toolbar: Messenger Plus Live Turkey Toolbar - {15aa633e-1112-41ae-81d2-765a2cc0cc45} - C:\Program Files\Messenger_Plus_Live_Turkey\tbMess.dll Satırlarını fix'leyiniz.Daha sonra HostXpert programıyla hosts dosyanızı restore edin.Ve sisteminizi MalwareBytes ile komple taratın.
< Bu mesaj bu kişi tarafından değiştirildi Eraybar -- 9 Mayıs 2010; 15:23:55 >
|
|
|
|
|
|
9 Mayıs 2010; 16:49:36
|
|
|
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:34:59, on 09.05.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll O1 - Hosts: 174.36.12.48 forumtr.com O1 - Hosts: 174.36.12.48 www.forumtr.com O1 - Hosts: 174.36.21.104 terbiyesiz.net O1 - Hosts: 174.36.21.104 www.terbiyesiz.net O1 - Hosts: 174.36.21.116 divxevi.com O1 - Hosts: 174.36.21.116 mp3hanesi.org O1 - Hosts: 174.36.21.116 www.divxevi.com O1 - Hosts: 174.36.21.116 www.mp3hanesi.org O1 - Hosts: 174.36.21.72 terbiyesiz.net O1 - Hosts: 174.36.21.72 www.terbiyesiz.net O1 - Hosts: 174.36.21.82 mp3hanesi.org O1 - Hosts: 174.36.21.82 mp3yap.com O1 - Hosts: 174.36.21.82 www.mp3hanesi.org O1 - Hosts: 174.36.21.82 www.mp3yap.com O1 - Hosts: 174.36.21.87 supercep.org O1 - Hosts: 174.36.21.87 www.supercep.org O1 - Hosts: 174.36.30.143 terbiyesiz.net O1 - Hosts: 174.36.30.143 www.terbiyesiz.net O1 - Hosts: 192.121.86.15 piratebay.org O1 - Hosts: 192.121.86.15 thepiratebay.org O1 - Hosts: 192.121.86.15 www.piratebay.org O1 - Hosts: 192.121.86.15 www.thepiratebay.org O1 - Hosts: 193.200.241.150 bitturk.com O1 - Hosts: 193.200.241.150 www.bitturk.com O1 - Hosts: 195.226.152.89 superbahis.com O1 - Hosts: 195.226.152.89 www.superbahis.com O1 - Hosts: 195.27.154.42 justin.tv O1 - Hosts: 195.27.154.42 www.justin.tv O1 - Hosts: 195.27.154.83 justin.tv O1 - Hosts: 195.27.154.83 www.justin.tv O1 - Hosts: 195.47.247.122 footballonsat.com O1 - Hosts: 195.47.247.122 www.footballonsat.com O1 - Hosts: 195.72.134.100 bwin.com O1 - Hosts: 195.72.134.100 www.bwin.com O1 - Hosts: 195.72.134.143 poker.bwin.com O1 - Hosts: 195.72.134.61 help.bwin.com O1 - Hosts: 195.72.135.28 www.bwin.com O1 - Hosts: 195.72.135.41 bwin.com O1 - Hosts: 195.72.135.41 www.bwin.com O1 - Hosts: 195.72.135.47 home.bwin.com O1 - Hosts: 195.72.135.55 casino.bwin.com O1 - Hosts: 195.72.135.59 games.bwin.com O1 - Hosts: 195.72.135.65 poker.bwin.com O1 - Hosts: 195.8.215.136 dailymotion.com O1 - Hosts: 195.8.215.136 www.dailymotion.com O1 - Hosts: 195.8.215.137 dailymotion.com O1 - Hosts: 195.8.215.137 www.dailymotion.com O1 - Hosts: 195.8.215.138 dailymotion.com O1 - Hosts: 195.8.215.138 www.dailymotion.com O1 - Hosts: 195.8.215.139 dailymotion.com O1 - Hosts: 195.8.215.139 www.dailymotion.com O1 - Hosts: 195.87.101.81 umitbayraktar.com O1 - Hosts: 199.9.249.10 live.justin.tv O1 - Hosts: 199.9.249.10 www.live.justin.tv O1 - Hosts: 199.9.249.11 live.justin.tv O1 - Hosts: 199.9.249.11 www.live.justin.tv O1 - Hosts: 199.9.249.23 justin.tv O1 - Hosts: 199.9.249.23 live.justin.tv O1 - Hosts: 199.9.249.23 static-cdn.justin.tv O1 - Hosts: 199.9.249.23 www.justin.tv O1 - Hosts: 199.9.249.23 www.live.justin.tv O1 - Hosts: 199.9.249.23 www.static-cdn.justin.tv O1 - Hosts: 199.9.249.38 live.justin.tv O1 - Hosts: 199.9.249.7 ad.justin.tv O1 - Hosts: 199.9.249.7 justin.tv O1 - Hosts: 199.9.249.7 www.justin.tv O1 - Hosts: 199.9.251.3 live.justin.tv O1 - Hosts: 199.9.251.3 www.live.justin.tv O1 - Hosts: 199.9.251.4 live.justin.tv O1 - Hosts: 199.9.251.4 www.live.justin.tv O1 - Hosts: 199.9.251.5 live.justin.tv O1 - Hosts: 199.9.251.5 www.live.justin.tv O1 - Hosts: 205.139.209.236 ddfcash.com O1 - Hosts: 205.139.209.236 www.ddfcash.com O1 - Hosts: 205.188.216.8 shoutcast.com O1 - Hosts: 205.188.216.8 www.shoutcast.com O1 - Hosts: 205.188.234.120 shoutcast.com O1 - Hosts: 205.188.234.120 www.shoutcast.com O1 - Hosts: 205.188.234.120 yp.shoutcast.com O1 - Hosts: 205.196.211.116 www.indirge.com O1 - Hosts: 207.200.100.5 shoutcast.com O1 - Hosts: 207.200.100.5 www.shoutcast.com O1 - Hosts: 207.200.98.25 yp.shoutcast.com O1 - Hosts: 207.246.153.235 tube8live.com O1 - Hosts: 207.246.153.235 www.tube8live.com O1 - Hosts: 207.246.153.236 tube8live.com O1 - Hosts: 207.246.153.236 www.tube8live.com O1 - Hosts: 208.38.188.130 1001kitap.com O1 - Hosts: 208.38.188.130 www.1001kitap.com O1 - Hosts: 208.53.166.202 muziksitem.be O1 - Hosts: 208.53.166.202 www.muziksitem.be O1 - Hosts: 208.72.33.133 imeem.com O1 - Hosts: 208.72.33.133 www.imeem.com O1 - Hosts: 208.72.33.142 imeem.com O1 - Hosts: 208.72.33.142 www.imeem.com O1 - Hosts: 208.73.210.121 imbd.com O1 - Hosts: 208.73.210.121 www.imbd.com O1 - Hosts: 208.73.210.50 mp3kalbi.com O1 - Hosts: 208.73.210.50 www.mp3kalbi.com O1 - Hosts: 208.88.224.68 media11.tube8.com O1 - Hosts: 208.88.224.68 www.media11.tube8.com O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Local Service') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Local Service') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: HP Smart Web Printing göster veya gizle - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{DAAE36D6-7D52-4904-8B93-BE1FF24EFE82}: NameServer = 208.67.222.222,208.67.220.220 O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing) O23 - Service: Ashampoo Defrag Service - Unknown owner - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe O23 - Service: ASO3DiskOptimizer - Systweak Inc. - C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - F:\recovery\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe O23 - Service: DFServ - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: VMLiteService - VMLite, Inc. - C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe -- End of file - 10661 bytes Bilgisayarımda son günlerde bir yavaşlama var virüs olmasından şüpheleniyorum. Yorumlarsanız sevinirim.
_____________________________
|
|
|
Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
|
|
|
|
|
9 Mayıs 2010; 16:58:08
|
|
|
|
@karasahin07
HostXpert programıyla hosts dosyanızı restore edin.Ve sisteminizi MalwareBytes ile komple taratırmısınız.
< Bu mesaj bu kişi tarafından değiştirildi Eraybar -- 9 Mayıs 2010; 16:59:10 >
|
|
|
|
|
|
9 Mayıs 2010; 17:18:37
|
|
|
arkadaşlar.. bir andaa bir andaa bir andaa.. trojanlar sardıı bir andaaa.. AMAN Bİ YARDIMMM  Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:17:15, on 09.05.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\Aveo\Attune\bin\attune_ce.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\igfxsrvc.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\conime.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe C:\Windows\system32\ntvdm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G Data\TotalCare\AVKTray\AVKTray.exe O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\pirenella\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Startup: OneNote 2007 Ekran Kırpıcı ve Başlatıcı.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ? O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - http://cdn.scan.onecare...ner/tr-tr/wlscctrl2.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.../getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10454 bytes
_____________________________
| | | |
Arama
Üyeler
Albümler
'ın sağladığı 
altyapısı sayesinde, şu anda sitede bulunan 37560 kişiye ve her ay 13 milyon kişiye, ürün videolarını, haberleri ve forumları 7/24, ışık hızında ve kesintisiz olarak sunuyoruz.
Sistem Belirtin
Yazdır
Şikayet
PM
