- x
HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+
9879 Cevap1053806 Görüntüleme19 Favori
Bu konudaki kullanıcılar: hiç
  Seçkin Yorumlar Sistem Belirtin Yazdır
Sayfa: <<     156 157 158 159 [161] 163 164 165      >>
Arama Terimi: Yazarı:
Konu içi arama ayarları
Sadece Arananın bulduğu yerler
Arama terimleri En önemli Üst minimum sıralama: /1000

Arama tercihlerinizi belirlediyseniz yukarıdaki kutuya arama terimini yazıp "Konu içi ara" butonuna tıklayınız.
Giriş
Mesaj


 
2 Mesaj
29 Nisan 2010; 13:50:20 

merhabalar. bilgisayarım açılırken "attribe.exe-Uygulama hatası uygulama düzgün olarak başlayamadı (0xc0000142).sonlandırmak içn tamam a basıné hatası veriyor. tamam a bastığımda kapanmıyor. nette hatayı araştırdım buraya yazmam gerektiği kanısına vardım acil yardım ederseniz sevinirim.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:49:58, on 29.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\attrib.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\asus\Desktop\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/.../ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/...9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/...9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/.../ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/...9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/...9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Comp about extra bin] C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\16 free.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [lite bore] C:\DOCUME~1\asus\APPLIC~1\DATEMA~1\Pile Amok.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [antisansur] C:\PROGRA~1\ANTISA~1\ANTISA~1.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook....ebookPhotoUploader5.cab
O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) - https://sube.garanti.co...b/JaguarEditControl.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.m...y/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com.../resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.co...XWebPlayerInstaller.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook....bookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.m...tsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macr.../cabs/flash/swflash.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/obj/NpFv415.dll
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.co...a/objects/NpFv41629.dll
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - http://data.myflatcast....ata/objects/NpFv501.dll
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com...oadcontrol/MSNPUpld.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.m...ineSweeper.cab56986.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://www.radyodinle.com/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B3467EC-4C9B-4FE7-9A9F-D6A6619C29F9}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{71346888-273D-4DE9-9ED4-0ACCB85E2D67}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{D899C70A-F0C5-43A0-A913-9676E555E122}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 11880 bytes


_____________________________



 
98 Mesaj
1 Mayıs 2010; 2:32:19 

Bilgisayarım Program: C:\Windows\system32\DllHost.exe hatası veriyor
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:22:18, on 01.05.2010
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AntiLogger\AntiLogger.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\gaskiney\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskmgr.exe
C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaskiney\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AntiLogger] "C:\Program Files\AntiLogger\AntiLogger.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\gaskiney\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} (JaguarEditControl-ISBANK) - https://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv27.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA8A19A1-D5DA-45B9-9ED8-F0093BEA0EEB}: NameServer = 8.8.8.8,8.8.4.4
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Google Güncelleme Hizmeti (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7796 bytes
 



_____________________________


Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
1 Mayıs 2010; 8:32:44 

@jay jay justified

C:\Program Files\CSR\Vista Feature Pack 2.0\CSRSkype.exe
C:\Program Files\CSR\Vista Feature Pack 2.0\CSRBipPushResponder.exe
O4 - HKLM\..\Run: [CSRSkype] C:\Program Files\CSR\Vista Feature Pack 2.0\CSRSkype.exe
O4 - HKLM\..\Run: [CSRBip] C:\Program Files\CSR\Vista Feature Pack 2.0\CSRBipPushResponder.exe
O4 - HKCU\..\Run: [Aw3z1PNj0n2RZy89CmWb54XdEa7g6HYq20SiJo9c1T7Bpf8QFk63MtLe45Gxs0D9Kr2.exe] C:\Users\Ahmet\AppData\Roaming\Microsoft\System\Services\Aw3z1PNj0n2RZy89CmWb54X dEa7g6HYq20SiJo9c1T7Bpf8QFk63MtLe45Gxs0D9Kr2.exe
O4 - HKCU\..\Run: [Tb1r9P0Ycq5XFo3w4Q2Ekm7MDg8s6ANt21Gey3W8SaRd60CzZn9f7HBx5p4J9Kij5L8SkWy40Da2.ex e] C:\Users\Ahmet\AppData\Roaming\Microsoft\System\Services\Tb1r9P0Ycq5XFo3w4Q2Ekm7 MDg8s6ANt21Gey3W8SaRd60CzZn9f7HBx5p4J9Kij5L8SkWy40Da2.exe

Satırlarını fix'leyip MalwareBytes ile sisteminizi komple taratırmısınız.

@hakklo

Sisteminiz temiz gözükmekte.Fakat yinede MalwareBytes ile sisteminizi komple taratırmısınız.

@kankatresi

C:\WINDOWS\system32\attrib.exe

Tüm attrib.exe'leri fix'leyiniz.

O4 - HKLM\..\Run: [Comp about extra bin] C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\16 free.exe
O4 - HKCU\..\Run: [lite bore] C:\DOCUME~1\asus\APPLIC~1\DATEMA~1\Pile Amok.exe

Satırlarınıda fixleyiniz.

@innhibitor

Sisteminiz temiz gözükmekte.Avira Premium ürününü kullanırsanız memnun kalırsınız.

@gaskiney

İlk mesajdaki gibi logunuzu eklermisiniz.


12589 Mesaj
1 Mayıs 2010; 12:31:34 

Hocam dikkatinizi çektiyse uzun isimli 2 adet exe vardı. Onları CCleaner ile temizledikten sonra tüm sorunum çözüldü ve ayrıca dediğiniz satırları bulup fixlemeye çalıştım. Şimdi bilgisayar çok rahat ve temiz. Son haliyle log dosyası:

quote:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:32, on 01.05.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Ahmet\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Ahmet\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Ahmet\Downloads\Programlar\Güvenlik\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [CSRSkype] C:\Program Files\CSR\Vista Feature Pack 2.0\CSRSkype.exe
O4 - HKLM\..\Run: [CSRBip] C:\Program Files\CSR\Vista Feature Pack 2.0\CSRBipPushResponder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ahmet\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.m...tsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macr.../cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45E92DA5-6322-4AC8-B9A8-CF002B22E121}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - ALWIL Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 5358 bytes


_____________________________


Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
1 Mayıs 2010; 12:34:43 

@jay jay justified

Sisteminiz şuanda temiz.İyi günlerde kullanın


12589 Mesaj
1 Mayıs 2010; 16:14:21 

Çok teşekkür ederim Eraybar


_____________________________



582 Mesaj
3 Mayıs 2010; 0:47:12 

arkadaşlar kendimde kontrol ettim ama emin olmaadım en iyi sonuç bir başkasınında incelemesi olacak ilgilenirseniz sevinirim kodları veriyorum:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:42:34, on 03.05.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Splitcam Toolbar\tbcore3.dll
O3 - Toolbar: Splitcam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Splitcam Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKCU\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - http://download.speakyweb.com/speakyldr.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99B6B072-E7D6-44F0-87B6-E71A864FD96E}: NameServer = 8.8.8.8,8.8.4.4
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6592 bytes


_____________________________


Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
3 Mayıs 2010; 12:26:28 

@express

Loglarınız temiz gözükmekte.


 
22 Mesaj
3 Mayıs 2010; 12:56:11 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:33, on 5/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PS Tray Factory\PSTrayFactory.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\AIMP2\AIMP2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Rhinoceros 4.0\System\Rhino4.exe
C:\Program Files\Common Files\McNeel Shared\License Manager\RhinoLM.exe
D:\murat\Z#murat\yedek\####\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O1 - Hosts: 85.17.216.45 www.easy-share.com easy-share.com
O1 - Hosts: 85.17.223.193 d01.easy-share.com
O1 - Hosts: 85.17.230.87 d02.easy-share.com
O1 - Hosts: 94.75.223.81 d03.easy-share.com
O1 - Hosts: 85.17.250.177 d04.easy-share.com
O1 - Hosts: 85.17.230.66 d05.easy-share.com
O1 - Hosts: 94.75.223.57 d06.easy-share.com
O1 - Hosts: 94.75.232.145 d07.easy-share.com
O1 - Hosts: 94.75.232.41 d08.easy-share.com
O1 - Hosts: Dns 127.0.0.1 adobe 2.adobe.com
O1 - Hosts: Dns 127.0.0.1 adobe 3.adobe.com
O1 - Hosts: 192.121.86.15 http://www.thepiratebay.org
O1 - Hosts: 91.191.138.15 thepiratebay.org
O1 - Hosts: 91.191.138.15 www.thepiratebay.org
O1 - Hosts: 91.191.138.18 static.thepiratebay.org
O1 - Hosts: 91.191.138.2 eztv.tracker.thepiratebay.org vip.tracker.thepiratebay.org
O1 - Hosts: 91.191.138.4 vtv.tracker.thepiratebay.org tv.tracker.thepiratebay.org
O1 - Hosts: 91.191.138.5 open.tracker.thepiratebay.org tpb.tracker.thepiratebay.org
O1 - Hosts: 91.191.138.6 a.tracker.thepiratebay.org
O1 - Hosts: 91.191.138.8 tracker.thepiratebay.org
O1 - Hosts: 91.191.138.19 torrents.thepiratebay.org
O1 - Hosts: 91.191.138.17 rss.thepiratebay.org
O1 - Hosts: 91.191.138.17 captcha.thepiratebay.org
O1 - Hosts: 91.191.138.16 upload.thepiratebay.org
O1 - Hosts: 194.71.107.15 thepiratebay.org
O1 - Hosts: 194.71.107.15 http://www.thepiratebay.org
O1 - Hosts: 194.71.107.18 static.thepiratebay.org
O1 - Hosts: 194.71.107.2 eztv.tracker.thepiratebay.org
O1 - Hosts: 194.71.107.2 vip.tracker.thepiratebay.org
O1 - Hosts: 194.71.107.4 vtv.tracker.thepiratebay.org
O1 - Hosts: 194.71.107.4 tv.tracker.thepiratebay.org
O1 - Hosts: 194.71.107.5 open.tracker.thepiratebay.org
O1 - Hosts: 194.71.107.5 tpb.tracker.thepiratebay.org
O1 - Hosts: 194.71.107.6 a.tracker.thepiratebay.org
O1 - Hosts: 194.71.107.8 tracker.thepiratebay.org
O1 - Hosts: 194.71.107.19 torrents.thepiratebay.org
O1 - Hosts: 194.71.107.17 rss.thepiratebay.org
O1 - Hosts: 194.71.107.17 captcha.thepiratebay.org
O1 - Hosts: 194.71.107.16 upload.thepiratebay.org
O1 - Hosts: 192.121.86.15 thepiratebay.org
O1 - Hosts: 192.121.86.15 www.thepiratebay.org
O1 - Hosts: 192.121.86.18 static.thepiratebay.org
O1 - Hosts: 192.121.86.3 open.tracker.thepiratebay.org
O1 - Hosts: 192.121.86.2 tracker.thepiratebay.org
O1 - Hosts: 192.121.86.3 tracker.thepiratebay.org
O1 - Hosts: 192.121.86.4 tracker.thepiratebay.org
O1 - Hosts: 192.121.86.5 tracker.thepiratebay.org
O1 - Hosts: 192.121.86.6 tracker.thepiratebay.org
O1 - Hosts: 192.121.86.7 tracker.thepiratebay.org
O1 - Hosts: 192.121.86.8 tracker.thepiratebay.org
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.exe /start
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [smss] C:\WINDOWS\security\smss.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Rhino 4-5 Recent] C:\WINDOWS\recent.bat
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\RunServices: [Microsoft Update Machine] hydubl.exe
O4 - HKLM\..\RunOnce: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Tümünü FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted IP range: http://88.247.60.84
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefe...ces/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.micro..._site.cab?1230967027375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.micro..._site.cab?1230966696046
O16 - DPF: {7E866715-C9B6-4C64-AAB8-342E0D137212} (Net Client Control) - http://192.168.2.41/EDVR.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.m...ary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.m...tsPAClient.cab56907.cab
O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} (JaguarEditControl-ISBANK) - https://www.isbank.com....b/JaguarEdit4ISBv27.CAB
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.m...nary/Chess.cab57176.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69EE3CF6-7AFA-47A5-8AFA-FD01C3AA3512}: NameServer = 8.8.8.8,8.8.4.4
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McNeel Update (32-bit) (McNeelUpdates32) - Unknown owner - C:\Program Files\Rhinoceros 5.0 WIP\System\RhinoVersionCheckSvc32.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 12736 bytes



C:\WINDOWS\System32\smss.exe dosyasından kıllandım ama.....


_____________________________

kimse eşit doğmaz.
ama herkes eşit ölür.
işte onun için
ölüm, acı bir son değildir.
hayatımızın yegane adil başlangıcı ve biricik fırsat eşitliğidir.(E.Y.)

Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
3 Mayıs 2010; 15:36:21 

C:\Program Files\Rhinoceros 4.0\System\Rhino4.exe
C:\Program Files\Common Files\McNeel Shared\License Manager\RhinoLM.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [smss] C:\WINDOWS\security\smss.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] hydubl.exe
O16 - DPF: {7E866715-C9B6-4C64-AAB8-342E0D137212} (Net Client Control) - http://192.168.2.41/EDVR.CAB
O23 - Service: McNeel Update (32-bit) (McNeelUpdates32) - Unknown owner - C:\Program Files\Rhinoceros 5.0 WIP\System\RhinoVersionCheckSvc32.exe (file missing)

Satırlarını fix'leyip.HostXpert programıyla hosts dosyanızı restore edip.Sisteminizi MalwareBytes ile taratırmısınız.Birde OpenDNS kullanırsanız yasaklı sitelere girebilirsiniz.Hosts dosyanızı hiç bir zaman değiştiricek programlar kullanmayın.


 
22 Mesaj
3 Mayıs 2010; 16:19:14 

etc/host dosyasını elle değiştirdim.

RhinoVersionCheckSvc32.exe kulladığım 3D cad yazılımının programcıklarından biri.

satırlarını seçip fix yapacam

8.8.8.8 & 8.8.4.4 google DNS sıkıntı yaratırmı?


_____________________________

kimse eşit doğmaz.
ama herkes eşit ölür.
işte onun için
ölüm, acı bir son değildir.
hayatımızın yegane adil başlangıcı ve biricik fırsat eşitliğidir.(E.Y.)

Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
3 Mayıs 2010; 16:26:25 

Google DNS hizmeti sıkıntı yapmaz.


2955 Mesaj
3 Mayıs 2010; 23:41:59 

benim sonucuda bi analiz edelim lütfen.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36:38, on 03.05.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Opera\Opera.exe
C:\Users\Xanadu\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Local Service')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Local Service')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Web Printing göster veya gizle - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macr.../cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA248F22-1A0C-4C6A-8B31-3F0FF35876F6}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7451 bytes


_____________________________



 
2748 Mesaj
4 Mayıs 2010; 0:30:35 

omboFix 10-05-03.02 - ACER 03.05.2010 23:29:06.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1254.90.1055.18.758.348 [GMT 3:00]
Running from: c:\documents and settings\ACER\Belgelerim\Karşıdan Yüklenenler\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WindowsUpdate

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DAC970NT
-------\Legacy_NVMINI
-------\Service_dac970nt


((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
.

2010-04-17 05:49 . 2010-04-17 05:49 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-04-17 05:49 . 2010-04-17 05:49 -------- d-----w- c:\program files\DVDVideoSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 20:36 . 2010-03-14 19:38 5637 ----a-w- c:\windows\system32\drivers\jmdiko.sys
2010-05-03 20:27 . 2008-11-03 14:28 3890890 ----a-w- c:\windows\setupconfig.dat
2010-03-30 18:29 . 2009-05-24 21:28 19124 ------w- c:\windows\system32\wincab.sys
2010-02-20 18:12 . 2006-09-29 18:31 104816 ----a-w- c:\documents and settings\ACER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-11-03 14:28 . 2008-11-03 14:28 155648 --sha-r- c:\windows\myproc.dll
2007-02-25 10:06 . 2009-05-24 15:59 122880 --sha-r- c:\windows\system32\blat.dll
1997-06-23 00:00 . 1997-06-23 00:00 123664 --sha-w- c:\windows\system32\Msjint35.dll
1997-06-23 09:06 . 1997-06-23 09:06 24848 --sha-w- c:\windows\system32\Msjter35.dll
1997-07-21 16:30 . 1997-07-21 16:30 1045776 --sha-w- c:\windows\system32\Msjet35.dll
1997-06-23 09:06 . 1997-06-23 09:06 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
1997-06-23 09:06 . 1997-06-23 09:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
2008-11-03 14:28 . 2008-11-03 14:28 20480 --sha-r- c:\windows\security\services.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 106496]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 167936]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 73728]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 73728]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 135168]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-11-08 184320]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 61440]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 282624]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-11-08 122880]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-10 253952]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3122688]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-02 438272]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2501120]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 188416]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-09-07 49263]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 233472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 138240]
AirTies ADSL Hizmet Program.lnk - c:\program files\AirTies\ADSL Hizmet Program\AirTies_util3.exe [2007-9-20 2886144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AirTies\\ADSL Hizmet Programı\\AirTies_util3.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\drivers\\W32X86\\3\\HP1006MC.EXE"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\security\\services.exe"=
"c:\\Windows\\RUNXMLPL.exe"=
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"=
"c:\\Program Files\\Launch Manager\\LaunchAp.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\regsvr32.exe"=
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"=
"c:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"=
"c:\\Program Files\\JetAudio\\jetAudio.exe"=
"c:\\Program Files\\Launch Manager\\HotkeyApp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=

R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [13.08.2006 21:33 2343]
S1 mailKmd;mailKmd; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DAC970NT
*NewlyCreated* - NVMINI
*Deregistered* - nvmini
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/home
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {076C99B3-6CD1-46CF-95C2-CE92A3C0872E} = 4.2.2.1,4.2.2.2
FF - ProfilePath - c:\documents and settings\ACER\Application Data\Mozilla\Firefox\Profiles\yd1b3o8i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tr/
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
AddRemove-ComandoMPDDeinstKey - c:\program files\Eidos Interactive\Pyro\Commandos
AddRemove-Der Vokabulator II - c:\progra~1\VOKABELN\UNWISE32



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 23:36
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvmini]
"ImagePath"="system32\DRIVERS\nvmini.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(328)
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\acer\Empowering Technology\admServ.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe
.
**************************************************************************
.
Completion time: 2010-05-03 23:38:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-03 20:38

Pre-Run: 1.181.925.376 bayt boş
Post-Run: 2.961.833.984 bayt boş

- - End Of File - - 35551261DAA908CF61726B0B2D44F9BD

arkadaslar benım combo fıx log sayfam şimdi ne yapmam gerkır,gorev yonetıcımın acılması için,ayrıca gızlı dosyalar da gozukmemekte...


_____________________________


Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
4 Mayıs 2010; 12:22:28 

@faust13

Log'unuz temiz.

@b_sevki

Flash Disinfector programını indirin.Daha sonra tüm flash bellek,harici harddiski bilgisayarınıza takın ve programı çalıştırın.Zararlıları kendisi temizliyecektir.Görev yöneticisini açmanız içinde aşağıdaki yönergeleri takip edin.

0


gpedit.msc yazıp enterlayın.

0


Buradan sirayla kullanici yapilandirmasi-yonetim sablonlari-sistem-ctrl+alt+del seceneklerini isaretliyoruz.

Burada gorev yoneticisini devre kaldir ozelliklerini tikliyoruz.3.yeri isaretliyoruz uygula tamam.

Ayrıca Hijackthis logu vermeniz mümkünmü.Sisteminizde zararlılar bulunuyor.



< Bu mesaj bu kişi tarafından değiştirildi Eraybar -- 4 Mayıs 2010; 12:25:36 >


 
1 Mesaj
4 Mayıs 2010; 13:25:26 

Ustam. Benim problemden aldığım dosya şu şekilde benim için Maya klavyesi gibi bir şey yardımın için teşekürlerim peşinLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:21, on 2010-05-04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.c...ource=10&ctid=CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://developer.intel....oftware/EN.htm#D102GGC2
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft..._site.cab?1229608846187
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.m...tsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.../getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Fix-It Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe

--
End of file - 6316 bytes


_____________________________

Saygılarımla
Celal Öztürk

Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
4 Mayıs 2010; 15:09:23 

@Dinozorus

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.c...ource=10&ctid=CT1750559
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)

Satırlarını fix'lermisiniz.Ayrıca MalwareBytes ile sisteminizi komple taratırmısınız.


 
10 Mesaj
4 Mayıs 2010; 16:24:11 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:32, on 04.05.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\windows\system32\wuaucldt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\erdem\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gooogla.net/seek.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: Gecekondu.org Toolbar - {a17d37b8-3768-4afb-a7b6-51d021abf32b} - C:\Program Files\Gecekondu.org\tbGec1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Gecekondu.org Toolbar - {a17d37b8-3768-4afb-a7b6-51d021abf32b} - C:\Program Files\Gecekondu.org\tbGec1.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Gecekondu.org Toolbar - {a17d37b8-3768-4afb-a7b6-51d021abf32b} - C:\Program Files\Gecekondu.org\tbGec1.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [syncman] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [syncman] c:\documents and settings\erdem\wuaucldt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com...ad/MySpaceUploader2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03F18FA7-E4AC-4687-AF67-1C3AD28B45A2}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{09EC2516-233B-4DCD-8C5A-1E51723125E7}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F48EEF4-C8DB-4C59-80E8-D1EE8582BC8A}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{03F18FA7-E4AC-4687-AF67-1C3AD28B45A2}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{03F18FA7-E4AC-4687-AF67-1C3AD28B45A2}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs:
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8706 bytes


_____________________________



 
10 Mesaj
4 Mayıs 2010; 16:26:19 

inş. sayenızde kurtulacam bu vırusten yoksa pc yı kıracam ilgilerınıze cok tesekkur ederım gercekten ılk defa bı sıte bu kadar yardımcı olundugunu gordum sagolun
SAYGILAR...!


_____________________________



2955 Mesaj
4 Mayıs 2010; 17:11:49 

cevap için teşekkürler
kolay gelsin


_____________________________


Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
4 Mayıs 2010; 17:15:13 

@erdem0618

İlk önce Program Ekle/Kaldır'dan Ask Toolbar'ı kaldırın.Daha sonra aşağıdaki satırları fix'leyiniz.

C:\windows\system32\wuaucldt.exe
R3 - URLSearchHook: Gecekondu.org Toolbar - {a17d37b8-3768-4afb-a7b6-51d021abf32b} - C:\Program Files\Gecekondu.org\tbGec1.dll
O2 - BHO: Gecekondu.org Toolbar - {a17d37b8-3768-4afb-a7b6-51d021abf32b} - C:\Program Files\Gecekondu.org\tbGec1.dll
O3 - Toolbar: Gecekondu.org Toolbar - {a17d37b8-3768-4afb-a7b6-51d021abf32b} - C:\Program Files\Gecekondu.org\tbGec1.dll
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [syncman] c:\documents and settings\erdem\wuaucldt.exe
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com...ad/MySpaceUploader2.cab
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

Daha sonra sisteminizi MalwareBytes ile taratırmısınız.

@faust13

Ben teşekkür ederim.



< Bu mesaj bu kişi tarafından değiştirildi Eraybar -- 4 Mayıs 2010; 17:16:31 >


 
300 Mesaj
4 Mayıs 2010; 19:02:17 

Siteden kontrol ettiğimde bir tanesinin üzerinde kırmızı çarpı işareti var ama

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:00:43, on 04.05.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\M\Documents\Downloads\Programs\HiJackThis.exe
C:\windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Local Service')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Local Service')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Görüntüyü &Bluetooth Aygıtına Gönder... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Sayfayı &Bluetooth Aygıtına Gönder... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Web Printing göster veya gizle - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix: 
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Güncelleme Hizmeti (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Rezip - Unknown owner - C:\windows\SYSTEM32\Rezip.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 7413 bytes




_____________________________


Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
4 Mayıs 2010; 19:18:36 

@iyinin kötüsü

O23 - Service: Rezip - Unknown owner - C:\windows\SYSTEM32\Rezip.exe
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

Satırlarını fix'leyip MalwareBytes ile komple sisteminizi taratırmısınız.


 
10 Mesaj
4 Mayıs 2010; 19:28:33 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:32, on 04.05.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\windows\system32\wuaucldt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\erdem\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gooogla.net/seek.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: Gecekondu.org Toolbar - {a17d37b8-3768-4afb-a7b6-51d021abf32b} - C:\Program Files\Gecekondu.org\tbGec1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Gecekondu.org Toolbar - {a17d37b8-3768-4afb-a7b6-51d021abf32b} - C:\Program Files\Gecekondu.org\tbGec1.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Gecekondu.org Toolbar - {a17d37b8-3768-4afb-a7b6-51d021abf32b} - C:\Program Files\Gecekondu.org\tbGec1.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [syncman] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [syncman] c:\documents and settings\erdem\wuaucldt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com...ad/MySpaceUploader2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03F18FA7-E4AC-4687-AF67-1C3AD28B45A2}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{09EC2516-233B-4DCD-8C5A-1E51723125E7}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F48EEF4-C8DB-4C59-80E8-D1EE8582BC8A}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{03F18FA7-E4AC-4687-AF67-1C3AD28B45A2}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{03F18FA7-E4AC-4687-AF67-1C3AD28B45A2}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs:
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--


_____________________________


Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
4 Mayıs 2010; 19:43:24 

@erdem0618

Yukarıda ne yapmanız gerektiğini belirttim.


 
300 Mesaj
4 Mayıs 2010; 21:11:53 


quote:

Orijinalden alıntı: Eraybar

@iyinin kötüsü

O23 - Service: Rezip - Unknown owner - C:\windows\SYSTEM32\Rezip.exe
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

Satırlarını fix'leyip MalwareBytes ile komple sisteminizi taratırmısınız.


Dediklerinizi yaptım. 2 tane trojan downloader bulup sildi. Ayrıca görev yöneticisinden baktığımda rezip görünmüyor artık. Normalde 30mb ram yiyordu.

Teşekkür ederim.


_____________________________


Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
4 Mayıs 2010; 22:23:48 

@iyinin kötüsü

Ben teşekkür ederim.


 
10 Mesaj
5 Mayıs 2010; 2:22:28 

@eraybar
ask tollbar sılınmıyor...bılıgsayar sılemıyor sorun yaratırmı?
ayrıca vırus gıttı sayenızde kurtuldum gercekten cok sagolun bıktıydım su anda yanımda olsaydın alnından operdım
gercekten cok sagolun ya supersınız...sonucları buraya yazıyorum
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Veritabanı sürümü: 4066

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

05.05.2010 01:55:40
mbam-log-2010-05-05 (01-55-40).txt

Tarama kipi: Hızlı tarama
Taranmış öğeler: 127331
Geçen süre: 8 dakika, 16 saniye

Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 0
Etkilenmiş Kayıt Değerleri: 0
Etkilenmiş Veri Öğeleri: 0
Etkilenmiş Klasörler: 0
Etkilenmiş Dosyalar: 0

Etkilenmiş Hafıza İşlemleri:
( Zararlı öğe tespit edilmedi)

Etkilenmiş Hafıza Modülleri:
( Zararlı öğe tespit edilmedi)

Etkilenmiş Kayıt Anahtarları:
( Zararlı öğe tespit edilmedi)

Etkilenmiş Kayıt Değerleri:
( Zararlı öğe tespit edilmedi)

Etkilenmiş Veri Öğeleri:
( Zararlı öğe tespit edilmedi)

Etkilenmiş Klasörler:
( Zararlı öğe tespit edilmedi)

Etkilenmiş Dosyalar:
( Zararlı öğe tespit edilmedi)



harbıden supersınız ya gercekten cok cok tesekkurler sagolun!!!
SAYGILARIM LA!!! SIZ BI TANESINIZ
GERCEKTEN SAGOLUN YA BU SITE CALISANLARINA GERCEKTEN COK TESEKKURLER ELLERINIZE KOLLARINIZA SAGLIK...!


_____________________________



 
29 Mesaj
5 Mayıs 2010; 12:51:18 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:24, on 05.05.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Işıl & Alper\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yma3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yma3
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) - https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243936722865
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244008155421
O16 - DPF: {BD966829-738E-471C-AB53-2A0008D161E7} (TebEdit Control) - https://esube.teb.com.tr/bireysel/TebEdit.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

--
End of file - 7068 bytes


benim sıkıntım harici hardiskimin içinde bir klasör olustu ve 4 tane dll dosyası var ' vsscenario.dll ' vsbasereqs.dll ' gencomp.dll ' dlmgr.dll '
ilginize teşekkürler kolay gelsin


_____________________________


Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
5 Mayıs 2010; 15:09:01 

@ranula

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O16 - DPF: {BD966829-738E-471C-AB53-2A0008D161E7} (TebEdit Control) - https://esube.teb.com.tr/bireysel/TebEdit.cab

Log'unuz temiz.

@erdem0618

Yok sorun yaratmaz.Ben teşekkür ederim.



< Bu mesaj bu kişi tarafından değiştirildi Eraybar -- 5 Mayıs 2010; 15:14:47 >


 
10 Mesaj
5 Mayıs 2010; 21:48:12 

sen var ya bıtanesın allah(c.c.) senden razı olsun ne muradın varsa versın kolay gelsın kardesım tekrar tesekkurler
SAYGILARIMLA!!!


_____________________________



 
10 Mesaj
6 Mayıs 2010; 2:14:46 

KARDES GENE BI SORUN AYNI VIRUS:
C:\System Volume Informatıon\_restore{935B7C87-F6DF-4D49-8B53-7FD5646C732C}\RP271\A152500.sys
boyut:84800
neden:Win32/Protector.Ivirus
buldugu vırus bu walware-bytes bulamıyor ama nod32 arada bır bu vırusu buluyor ne yapcam?
delırtecek bu vırus nasıl bır sey anlayamadım tam kurtulduk dedık ortaya cıktı
SAYGILARIMLA!!!


_____________________________


Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
6 Mayıs 2010; 15:41:20 

A-Squared ile sisteminizi komple bi taratırmısınız.



< Bu mesaj bu kişi tarafından değiştirildi Eraybar -- 6 Mayıs 2010; 15:43:32 >


3 Mesaj
7 Mayıs 2010; 11:59:37 

Merhaba,
Bilgisayarimin performansi cok dusuk, ikinci bir program calistirmaya kalktigimda donup kaliyor..
Bir goz atabilecek olan var mi..? Simdiden cok tesekkur ederim..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:10, on 5/7/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\defrag.exe
C:\Documents and Settings\ss\Belgelerim\Karşıdan Yüklenenler\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SMSNews] C:\Program Files\SMS Makinesi\SMS Makinesi\SMSMakinesiINFO.exe
O4 - HKCU\..\Run: [AUTOSMS] C:\Program Files\SMS Makinesi\SMS Makinesi\SMSMakinesiOTOMSG.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260863944733
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271681998845
O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} (JaguarEditControl-ISBANK) - https://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv27.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E964D74-D3B2-49C3-8CF6-23A05EFF4121}: NameServer = 4.2.2.4,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD75C857-4B56-492F-8341-0FAE4BDB84C9}: NameServer = 4.2.2.3,4.2.2.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8026 bytes




< Bu mesaj bu kişi tarafından değiştirildi sebnemsibumi -- 7 Mayıs 2010; 12:15:44 >


_____________________________


Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
7 Mayıs 2010; 12:16:31 

@sebnemsibumi

Log temiz gözüküyor.Fakat A-Squared programıyla sisteminizi komple taratmanızda fayda var.Tarama bittikten sonra durumu belirtirseniz ona göre yapıcak bir kaç şey var.


 
10 Mesaj
7 Mayıs 2010; 15:14:25 

tarama sonucu bu:

a-squared Ücretsiz - Sürüm 4.5
En son güncelleme: N/A

Tarama ayarları:

Tarama türü: Akıllı Tarama
Nesneler: Hafıza, İzler, Çerezler, C:\WINDOWS\, C:\Program Files
Tarama arşivi: Açık
Yöntemler: Kapalı
ADS Tara: Açık

Tarama başlangıcı: 07.05.2010 14:27:54

[340] C:\Program Files\Internet Download Manager\IDMan.exe Algılandı: Riskware.Patch.IDM!IK
c:\program files\boonty Algılandı: Trace.Directory.BoontyBox!A2
c:\program files\burn4free Algılandı: Trace.Directory.Burn4Free!A2
c:\documents and settings\all users\start menu\programlar\msn chat monitor Algılandı: Trace.Directory.MSN Chat Monitor!A2
c:\program files\msn chat monitor Algılandı: Trace.Directory.MSN Chat Monitor!A2
c:\program files\elcomsoft\advanced archive password recovery Algılandı: Trace.Directory.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft Algılandı: Trace.Directory.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery Algılandı: Trace.Directory.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> InstallDir Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> Start Menu Folder Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> DisplayIcon Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> DisplayName Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> DisplayVersion Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> HelpLink Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> HelpTelephone Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> InstallLocation Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> NoModify Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> NoRepair Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> Publisher Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> UninstallString Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> URLInfoAbout Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> URLUpdateInfo Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> VersionMajor Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> VersionMinor Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> CPUs/Threads don't care Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> Stat param #1 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> Stat param #2 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> Use # cpu(s) Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Language --> FileName Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Paths --> ProjectPath Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Stats --> StatParam1 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Stats --> StatParam2 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllCaps Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllCombinations Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllDigits Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllPrint Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllSmall Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllSpecial Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AttackOnSelect Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AttackType Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> Autosave Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AutosaveDirectory Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AutosaveFilename Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AutosaveTimer Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> BinaryOK Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> CodeOptFor Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> DictionaryStartLine Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> EKey0 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> EKey1 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> EKey2 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> EndAt Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> IsDictOEM Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> IsLogging Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> IsOEM Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> KnownByte1 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> KnownByte2 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> KnownByte3 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> KnownByte4 Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> Mask Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> MaskSymbol Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> MaxLen Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> MinimizeToTray Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> MinLen Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> Priority Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> PTStartFromValue Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> SmartMutations Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> Space Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> StartFrom Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> UpdateTimer Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> UseKnownStart Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> UserDefined Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> UserDefinedCharsetII Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> UseWinzip Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> WinzipPercent Algılandı: Trace.Registry.Advanced Archive Password Recovery 4.1!A2
c:\documents and settings\all users\start menu\programlar\msn chat monitor\msn chat monitor on the web.lnk Algılandı: Trace.File.MSN Chat Monitor!A2
c:\documents and settings\all users\start menu\programlar\msn chat monitor\msn chat monitor.lnk Algılandı: Trace.File.MSN Chat Monitor!A2
c:\program files\msn chat monitor\msnchatmonitor.exe Algılandı: Trace.File.MSN Chat Monitor!A2
c:\program files\msn chat monitor\msnchatmonitor.url Algılandı: Trace.File.MSN Chat Monitor!A2
c:\program files\msn chat monitor\msncm.chm Algılandı: Trace.File.MSN Chat Monitor!A2
c:\program files\elcomsoft\advanced archive password recovery\archpr.chm Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\digits.chr Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\english.chr Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\english.dic Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\english.lng Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\file_id.diz Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\german.chr Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\german.dic Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\german.lng Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\license.txt Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\order.txt Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\readme.txt Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\russian.chr Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\russian.dic Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\russian.lng Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\special.chr Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery\advanced archive password recovery help.lnk Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery\advanced archive password recovery.lnk Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery\end-user license agreement.lnk Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery\how to order.lnk Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery\readme.lnk Algılandı: Trace.File.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32 --> ThreadingModel Algılandı: Trace.Registry.Bara de instrumente web a ISJ Bacau!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32 --> ThreadingModel Algılandı: Trace.Registry.Bara de instrumente web a ISJ Bacau!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> DisplayName Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> HelpLink Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: App Path Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: Deselected Tasks Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: Icon Group Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: Selected Tasks Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: Setup Version Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: User Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Publisher Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> UninstallString Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> URLInfoAbout Algılandı: Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> URLUpdateInfo Algılandı: Trace.Registry.MSN Chat Monitor!A2
C:\Documents and Settings\erdem\Cookies\erdem@bs.serving-sys[1].txt Algılandı: Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\erdem\Cookies\erdem@com[1].txt Algılandı: Trace.TrackingCookie.com!A2
C:\Documents and Settings\erdem\Cookies\erdem@counter16.sextracker[1].txt Algılandı: Trace.TrackingCookie.counter16.sextracker!A2
C:\Documents and Settings\erdem\Cookies\erdem@doubleclick[1].txt Algılandı: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\erdem\Cookies\erdem@fastclick[1].txt Algılandı: Trace.TrackingCookie.fastclick!A2
C:\Documents and Settings\erdem\Cookies\erdem@google.com[1].txt Algılandı: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\erdem\Cookies\erdem@google.com[2].txt Algılandı: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\erdem\Cookies\erdem@mediaplex[2].txt Algılandı: Trace.TrackingCookie.mediaplex!A2
C:\Documents and Settings\erdem\Cookies\erdem@serving-sys[2].txt Algılandı: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\erdem\Cookies\erdem@sextracker[1].txt Algılandı: Trace.TrackingCookie.sextracker!A2
C:\Documents and Settings\erdem\Cookies\erdem@smartadserver[2].txt Algılandı: Trace.TrackingCookie.smartadserver!A2
C:\Documents and Settings\erdem\Cookies\erdem@statcounter[1].txt Algılandı: Trace.TrackingCookie.statcounter!A2
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe Algılandı: Riskware.Win32.BoontyGames!A2
C:\Program Files\Common Files\eBay\eBayLauncher.exe Algılandı: Trojan.Win32.Click.Yabector!A2

Tarandı

Dosyalar: 111648
İzler: 666688
Çerezler: 394
İşlemler: 38

Bulundu

Dosyalar: 2
İzler: 113
Çerezler: 12
İşlemler: 1
Kayıt anahtarları: 0

Tarama sonu: 07.05.2010 15:08:33
Tarama süresi: 0:40:39

C:\Program Files\Common Files\eBay\eBayLauncher.exe Silindi Trojan.Win32.Click.Yabector!A2
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe Silindi Riskware.Win32.BoontyGames!A2
C:\Documents and Settings\erdem\Cookies\erdem@statcounter[1].txt Silindi Trace.TrackingCookie.statcounter!A2
C:\Documents and Settings\erdem\Cookies\erdem@smartadserver[2].txt Silindi Trace.TrackingCookie.smartadserver!A2
C:\Documents and Settings\erdem\Cookies\erdem@sextracker[1].txt Silindi Trace.TrackingCookie.sextracker!A2
C:\Documents and Settings\erdem\Cookies\erdem@serving-sys[2].txt Silindi Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\erdem\Cookies\erdem@mediaplex[2].txt Silindi Trace.TrackingCookie.mediaplex!A2
C:\Documents and Settings\erdem\Cookies\erdem@google.com[1].txt Silindi Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\erdem\Cookies\erdem@google.com[2].txt Silindi Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\erdem\Cookies\erdem@fastclick[1].txt Silindi Trace.TrackingCookie.fastclick!A2
C:\Documents and Settings\erdem\Cookies\erdem@doubleclick[1].txt Silindi Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\erdem\Cookies\erdem@counter16.sextracker[1].txt Silindi Trace.TrackingCookie.counter16.sextracker!A2
C:\Documents and Settings\erdem\Cookies\erdem@com[1].txt Silindi Trace.TrackingCookie.com!A2
C:\Documents and Settings\erdem\Cookies\erdem@bs.serving-sys[1].txt Silindi Trace.TrackingCookie.bs.serving-sys!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> DisplayName Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> HelpLink Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: App Path Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: Deselected Tasks Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: Icon Group Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: Selected Tasks Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: Setup Version Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Inno Setup: User Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> Publisher Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> UninstallString Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> URLInfoAbout Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Chat Monitor v2.8_is1 --> URLUpdateInfo Silindi Trace.Registry.MSN Chat Monitor!A2
Value: HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32 --> ThreadingModel Silindi Trace.Registry.Bara de instrumente web a ISJ Bacau!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32 --> ThreadingModel Silindi Trace.Registry.Bara de instrumente web a ISJ Bacau!A2
c:\program files\elcomsoft\advanced archive password recovery\archpr.chm Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\digits.chr Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\english.chr Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\english.dic Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\english.lng Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\file_id.diz Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\german.chr Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\german.dic Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\german.lng Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\license.txt Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\order.txt Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\readme.txt Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\russian.chr Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\russian.dic Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\russian.lng Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery\special.chr Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery\advanced archive password recovery help.lnk Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery\advanced archive password recovery.lnk Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery\end-user license agreement.lnk Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery\how to order.lnk Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft\advanced archive password recovery\readme.lnk Silindi Trace.File.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\all users\start menu\programlar\msn chat monitor\msn chat monitor on the web.lnk Silindi Trace.File.MSN Chat Monitor!A2
c:\documents and settings\all users\start menu\programlar\msn chat monitor\msn chat monitor.lnk Silindi Trace.File.MSN Chat Monitor!A2
c:\program files\msn chat monitor\msnchatmonitor.exe Silindi Trace.File.MSN Chat Monitor!A2
c:\program files\msn chat monitor\msnchatmonitor.url Silindi Trace.File.MSN Chat Monitor!A2
c:\program files\msn chat monitor\msncm.chm Silindi Trace.File.MSN Chat Monitor!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> CPUs/Threads don't care Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> Stat param #1 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> Stat param #2 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> Use # cpu(s) Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Language --> FileName Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Paths --> ProjectPath Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Stats --> StatParam1 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Stats --> StatParam2 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllCaps Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllCombinations Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllDigits Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllPrint Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllSmall Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AllSpecial Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AttackOnSelect Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AttackType Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> Autosave Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AutosaveDirectory Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AutosaveFilename Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> AutosaveTimer Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> BinaryOK Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> CodeOptFor Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> DictionaryStartLine Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> EKey0 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> EKey1 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> EKey2 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> EndAt Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> IsDictOEM Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> IsLogging Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> IsOEM Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> KnownByte1 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> KnownByte2 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> KnownByte3 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> KnownByte4 Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> Mask Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> MaskSymbol Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> MaxLen Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> MinimizeToTray Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> MinLen Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> Priority Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> PTStartFromValue Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> SmartMutations Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> Space Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> StartFrom Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> UpdateTimer Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> UseKnownStart Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> UserDefined Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> UserDefinedCharsetII Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> UseWinzip Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery\Window Controls --> WinzipPercent Silindi Trace.Registry.Advanced Archive Password Recovery 4.1!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> InstallDir Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Elcomsoft\Advanced Archive Password Recovery --> Start Menu Folder Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> DisplayIcon Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> DisplayName Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> DisplayVersion Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> HelpLink Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> HelpTelephone Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> InstallLocation Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> NoModify Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> NoRepair Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> Publisher Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> UninstallString Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> URLInfoAbout Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> URLUpdateInfo Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> VersionMajor Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
Value: HKEY_USERS\S-1-5-21-2000478354-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> VersionMinor Silindi Trace.Registry.Advanced Archive Password Recovery 4.5!A2
c:\program files\elcomsoft\advanced archive password recovery Silindi Trace.Directory.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\erdem\start menu\programlar\elcomsoft Silindi Trace.Directory.Advanced Archive Password Recovery 4.5!A2
c:\documents and settings\all users\start menu\programlar\msn chat monitor Silindi Trace.Directory.MSN Chat Monitor!A2
c:\program files\msn chat monitor Silindi Trace.Directory.MSN Chat Monitor!A2
c:\program files\burn4free Silindi Trace.Directory.Burn4Free!A2
c:\program files\boonty Silindi Trace.Directory.BoontyBox!A2
[340] C:\Program Files\Internet Download Manager\IDMan.exe Silindi Riskware.Patch.IDM!IK

Silindi

Dosyalar: 2
İzler: 116
Çerezler: 12


_____________________________


Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
7 Mayıs 2010; 15:46:23 

@erdem0618

Peki şuan durum nedir ?


3 Mesaj
7 Mayıs 2010; 15:46:29 


quote:

Orijinalden alıntı: Eraybar

@sebnemsibumi

Log temiz gözüküyor.Fakat A-Squared programıyla sisteminizi komple taratmanızda fayda var.Tarama bittikten sonra durumu belirtirseniz ona göre yapıcak bir kaç şey var.


cok tesekkur ederim, taratıyorum ama bugun biter mi bilmem
bitince sonuclari yazacagim ins..


_____________________________



3 Mesaj
7 Mayıs 2010; 18:29:53 

Durum boyle..

a-squared Ücretsiz - Sürüm 4.5
En son güncelleme: 5/7/2010 13:03:29

Tarama ayarları:

Tarama türü: Derin Tarama
Nesneler: Hafıza, İzler, Çerezler, C:\
Tarama arşivi: Açık
Yöntemler: Kapalı
ADS Tara: Açık

Tarama başlangıcı:	5/7/2010 13:06:11

c:\documents and settings\networkservice\local settings\temp\perflib_perfdata_288.dat 	Algılandı: Trace.File.StarwareToolbar!A2
Value: HKEY_CLASSES_ROOT\CLSID\{0C1F87AE-AE62-11D3-911C-00105A17B608}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_CLASSES_ROOT\CLSID\{371D0743-7A57-11D2-AD5A-00105A17B608}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_CLASSES_ROOT\CLSID\{4F99A075-5227-11D2-AD06-00105A17B608}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_CLASSES_ROOT\CLSID\{B22FE43C-D1E8-432A-A862-9F83D5F04732}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_CLASSES_ROOT\CLSID\{CA4FC24B-C65C-11D1-AA6F-000000000000}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_CLASSES_ROOT\CLSID\{DDD136CE-517B-11D2-AD03-00105A17B608}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_CLASSES_ROOT\CLSID\{E9D55102-9683-11D2-BA68-0040053687FE}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C1F87AE-AE62-11D3-911C-00105A17B608}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{371D0743-7A57-11D2-AD5A-00105A17B608}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F99A075-5227-11D2-AD06-00105A17B608}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B22FE43C-D1E8-432A-A862-9F83D5F04732}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA4FC24B-C65C-11D1-AA6F-000000000000}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDD136CE-517B-11D2-AD03-00105A17B608}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9D55102-9683-11D2-BA68-0040053687FE}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2
C:\Documents and Settings\ss\Cookies\ss@247realmedia[1].txt 	Algılandı: Trace.TrackingCookie.247realmedia!A2
C:\Documents and Settings\ss\Cookies\ss@2o7[2].txt 	Algılandı: Trace.TrackingCookie.2o7!A2
C:\Documents and Settings\ss\Cookies\ss@2o7[3].txt 	Algılandı: Trace.TrackingCookie.2o7!A2
C:\Documents and Settings\ss\Cookies\ss@adtech[1].txt 	Algılandı: Trace.TrackingCookie.adtech!A2
C:\Documents and Settings\ss\Cookies\ss@advertising[1].txt 	Algılandı: Trace.TrackingCookie.advertising!A2
C:\Documents and Settings\ss\Cookies\ss@advertising[3].txt 	Algılandı: Trace.TrackingCookie.advertising!A2
C:\Documents and Settings\ss\Cookies\ss@atn.com[2].txt 	Algılandı: Trace.TrackingCookie.atn.com!A2
C:\Documents and Settings\ss\Cookies\ss@bluestreak[2].txt 	Algılandı: Trace.TrackingCookie.bluestreak!A2
C:\Documents and Settings\ss\Cookies\ss@bluestreak[3].txt 	Algılandı: Trace.TrackingCookie.bluestreak!A2
C:\Documents and Settings\ss\Cookies\ss@bs.serving-sys[2].txt 	Algılandı: Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\ss\Cookies\ss@burstnet[2].txt 	Algılandı: Trace.TrackingCookie.burstnet!A2
C:\Documents and Settings\ss\Cookies\ss@doubleclick[1].txt 	Algılandı: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\ss\Cookies\ss@doubleclick[2].txt 	Algılandı: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\ss\Cookies\ss@ehg-cisco.hitbox[1].txt 	Algılandı: Trace.TrackingCookie.ehg-cisco.hitbox!A2
C:\Documents and Settings\ss\Cookies\ss@ehg-nokiafin.hitbox[2].txt 	Algılandı: Trace.TrackingCookie.ehg-nokiafin.hitbox!A2
C:\Documents and Settings\ss\Cookies\ss@fastclick[1].txt 	Algılandı: Trace.TrackingCookie.fastclick!A2
C:\Documents and Settings\ss\Cookies\ss@fastclick[2].txt 	Algılandı: Trace.TrackingCookie.fastclick!A2
C:\Documents and Settings\ss\Cookies\ss@google.com[1].txt 	Algılandı: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\ss\Cookies\ss@google.com[2].txt 	Algılandı: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\ss\Cookies\ss@google.com[3].txt 	Algılandı: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\ss\Cookies\ss@google.com[4].txt 	Algılandı: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\ss\Cookies\ss@google.com[5].txt 	Algılandı: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\ss\Cookies\ss@google.com[6].txt 	Algılandı: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\ss\Cookies\ss@google.com[8].txt 	Algılandı: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\ss\Cookies\ss@hitbox[1].txt 	Algılandı: Trace.TrackingCookie.hitbox!A2
C:\Documents and Settings\ss\Cookies\ss@mediaplex[2].txt 	Algılandı: Trace.TrackingCookie.mediaplex!A2
C:\Documents and Settings\ss\Cookies\ss@mediaplex[3].txt 	Algılandı: Trace.TrackingCookie.mediaplex!A2
C:\Documents and Settings\ss\Cookies\ss@pointroll[1].txt 	Algılandı: Trace.TrackingCookie.pointroll!A2
C:\Documents and Settings\ss\Cookies\ss@pointroll[2].txt 	Algılandı: Trace.TrackingCookie.pointroll!A2
C:\Documents and Settings\ss\Cookies\ss@pro-market[2].txt 	Algılandı: Trace.TrackingCookie.pro-market!A2
C:\Documents and Settings\ss\Cookies\ss@questionmarket[2].txt 	Algılandı: Trace.TrackingCookie.questionmarket!A2
C:\Documents and Settings\ss\Cookies\ss@serving-sys[1].txt 	Algılandı: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\ss\Cookies\ss@serving-sys[2].txt 	Algılandı: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\ss\Cookies\ss@serving-sys[4].txt 	Algılandı: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\ss\Cookies\ss@smartadserver[1].txt 	Algılandı: Trace.TrackingCookie.smartadserver!A2
C:\Documents and Settings\ss\Cookies\ss@smartadserver[2].txt 	Algılandı: Trace.TrackingCookie.smartadserver!A2
C:\Documents and Settings\ss\Cookies\ss@specificclick[1].txt 	Algılandı: Trace.TrackingCookie.specificclick!A2
C:\Documents and Settings\ss\Cookies\ss@specificclick[2].txt 	Algılandı: Trace.TrackingCookie.specificclick!A2
C:\Documents and Settings\ss\Cookies\ss@statcounter[1].txt 	Algılandı: Trace.TrackingCookie.statcounter!A2
C:\Documents and Settings\ss\Cookies\ss@statcounter[3].txt 	Algılandı: Trace.TrackingCookie.statcounter!A2
C:\Documents and Settings\ss\Cookies\ss@statse.webtrendslive[2].txt 	Algılandı: Trace.TrackingCookie.statse.webtrendslive!A2
C:\Documents and Settings\ss\Cookies\ss@tradedoubler[2].txt 	Algılandı: Trace.TrackingCookie.tradedoubler!A2
C:\Documents and Settings\ss\Cookies\ss@tribalfusion[1].txt 	Algılandı: Trace.TrackingCookie.tribalfusion!A2
C:\Documents and Settings\ss\Cookies\ss@tribalfusion[3].txt 	Algılandı: Trace.TrackingCookie.tribalfusion!A2
C:\Documents and Settings\ss\Cookies\ss@windowsmedia[1].txt 	Algılandı: Trace.TrackingCookie.windowsmedia!A2
C:\Documents and Settings\ss\Application Data\Mozilla\Firefox\Profiles\vg4mqwkf.default\cookies.sqlite:1250109041102024 	Algılandı: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\ss\Application Data\Mozilla\Firefox\Profiles\vg4mqwkf.default\cookies.sqlite:1250109041102025 	Algılandı: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\ss\Application Data\Mozilla\Firefox\Profiles\vg4mqwkf.default\cookies.sqlite:1250109041102026 	Algılandı: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\ss\Application Data\Mozilla\Firefox\Profiles\vg4mqwkf.default\cookies.sqlite:1250109041102073 	Algılandı: Trace.TrackingCookie.doubleclick.net!A2
C:\Documents and Settings\ss\Application Data\Mozilla\Firefox\Profiles\vg4mqwkf.default\cookies.sqlite:1273219598961000 	Algılandı: Trace.TrackingCookie.ad.e-kolay.net!A2
C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP172\A0051568.exe 	Algılandı: HackTool.Win32.Jakuz!IK
C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP177\A0051844.exe 	Algılandı: HackTool.Win32.Jakuz!IK
C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP177\A0051877.exe/bad_cd_repair_pro_install.exe 	Algılandı: Riskware.AdTool.Win32.WhenU!IK
C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP177\A0051905.exe 	Algılandı: Trojan.Win32.Refroso!IK
C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP177\A0051977.exe/cd_install_247.exe 	Algılandı: Application.Cydoor!IK

Tarandı

Dosyalar: 	106319
İzler: 	675221
Çerezler: 	1650
İşlemler: 	47

Bulundu

Dosyalar: 	6
İzler: 	15
Çerezler: 	50
İşlemler: 	0
Kayıt anahtarları: 	0

Tarama sonu:	5/7/2010 17:55:59
Tarama süresi:	4:49:48

C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP177\A0051977.exe/cd_install_247.exe	Karantinada Application.Cydoor!IK
C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP177\A0051905.exe	Karantinada Trojan.Win32.Refroso!IK
C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP172\A0051568.exe	Karantinada HackTool.Win32.Jakuz!IK
C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP177\A0051844.exe	Karantinada HackTool.Win32.Jakuz!IK

Karantinada

Dosyalar: 	4
İzler: 	0
Çerezler: 	0



_____________________________



 
126 Mesaj
7 Mayıs 2010; 19:28:57 

Selam benim sorunum internetle, internet bağlamtım işlem merkezinde sürekli kullanılıyo gibi görünüyo fakat kullanmıyorum bazen resetten sonra geçiyo ama sonra tekrar başlayabiliyor, sorun ağdaki diğer bilgisayardada olabilir bilmiyorum gerçi onu kapadıktan sonrada devam etti. taratırken sadece ben kulllanıyodum neti sanırım sağlıklıydıda çünki torentin hızı iyiydi, bilmiyorum başka bilmen gereken bişey varmı, eğer ilk sayfada verdiğin uyarılara uymadığım varsa kusura bakma tam olarak ne demek istediğini anlayamadım bazı yerlerde, şimdiden teşekkürler, kolay gelsin.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:23, on 07.05.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\vmsnap3.exe
C:\Windows\Domino.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\merzitr\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\RunOnce: [SDBOK] C:\Program Files (x86)\GIGABYTE\smart6\dbios\run.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [iemapd8] rundll32.exe "C:\Users\merzitr\AppData\Local\iemapd8\iemapd8.dll", DllInit
O4 - HKCU\..\Run: [RGSC] D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [NokiaPCInternetAccess] "C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe" /b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: JDownloader.lnk = C:\Program Files (x86)\JDownloader\JDownloader.exe
O9 - Extra button: &Sanal klavye - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: URL d&enetimi - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefe...ces/en/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macr...yer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.../getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{59CF2C20-9327-4EBE-BFFB-6A5DCE394F0B}: NameServer = 4.2.2.1,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{59CF2C20-9327-4EBE-BFFB-6A5DCE394F0B}: NameServer = 4.2.2.1,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{59CF2C20-9327-4EBE-BFFB-6A5DCE394F0B}: NameServer = 4.2.2.1,4.2.2.5
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10475 bytes


_____________________________



 
10 Mesaj
8 Mayıs 2010; 2:31:39 

su an da sorun gorunmuyor inş. boyle devam eder.Sayende kurtuldum ellerın dert gormesın..
SAYGILAR!!!
tesekkurler tekrar!


_____________________________


Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
8 Mayıs 2010; 10:08:51 

@sebnemsibumi

Şuanda durum nasıl hala sisteminizde yavaşlama varmı.

@merzitr

Ask Toolbar'ı sisteminizden kaldırırmısınız.Ayrıca log temiz gözüküyor isterseniz emin olmak için birde MalwareBytes ile komple sisteminizi tarayın sonucu bildirin.

@erdem0618

Sorunun çözüldüğüne sevindim ben teşekkür ederim.



< Bu mesaj bu kişi tarafından değiştirildi Eraybar -- 8 Mayıs 2010; 10:11:12 >


751 Mesaj
8 Mayıs 2010; 13:06:02 

Öncelikle böyle bir yardımda bulunduğunuz için teşekkür ederim. İşte Sonuçlar;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:27, on 08.05.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Asus\2Ghz Overclocker\eeectl.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kutay Can Ağır\Belgelerim\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2009\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2009\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2009\\Parser.html
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229862858625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229862547906
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D3A3FDF-2013-48F4-8B66-2F5BC43A66A4}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.148,85.255.112.10
O17 - HKLM\System\CS3\Services\Tcpip\..\{28AE57B6-4FE5-4475-83A0-544709BBB98E}: NameServer = 85.255.116.148,85.255.112.10
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.114.34,85.255.112.9
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe

--
End of file - 10346 bytes


Saygılarımla.


_____________________________

Aygırı...

Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
8 Mayıs 2010; 13:19:44 

@Macros

XP TCP/IP Repair programını kullanarak TCP/IP'yi resetleyip daha sonra Winsock Repair yapın.Sistemi tekrar başlatmak isteyecektir kabul edin.Daha sonra DNS'lerinizi tekrar OpenDNS'ye ayarlayın.Daha sonra MalwareBytes ile sisteminizi komple taratıp sonucu bildirin.Ben teşekkür ederim.


751 Mesaj
8 Mayıs 2010; 14:09:17 

Winsock Xp Fix 1.2 mi bahsettiğiniz program acaba ?

Tamam verdiğiniz programa dahilmiş-Teşekkürler-

Open Dns'e göre derken kastınız neydi bu arada ?
Google dns kullanıyorum keza görmüşsünüzdür. Değiştireyim mi ?

Malvare Bytes ın hangi sürümü tam sürüm mü paralı sürüm mü ?



< Bu mesaj bu kişi tarafından değiştirildi Macros -- 8 Mayıs 2010; 14:18:08 >


_____________________________

Aygırı...

Uzaklaştırılmış
Süresiz olarak uzaklaştırıldı.
8 Mayıs 2010; 14:59:36 

Google DNS'de kullanabilirsiniz.MalwareBytes'ın Free sürümünle taratın kendi sitesinden indirin.


 
1 Mesaj
8 Mayıs 2010; 16:03:43 

benim sorunum bilgisayarın cpu usage si explorer.exe cpu usage %80 - %100 arası bigisayar aşırı ısınıyor.explorer.exe kaplıyken bilgisayar iyi çalışıyor şu anda explorer.exe kapalı kullanıyorum.sorun bugün ortaya çıktı. dün bilgisayarda mavi ekranda yazılar çıkıp kapanıyordu.lütfen yardım edin ne denediysem olmadı.(vista kullanıyorum)

0


ilk defa HijackThis kullanıyorum bu nedenle ne olduğunu bilmiyorum. işte log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:00 Mehmet, on 08.05.2010
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\rserver30\FamItrfc.Exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\ramazan\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: s127.0.0.1 localhost
O1 - Hosts: Youtube Jacker 4 :)
O1 - Hosts: 209.85.229.100 www.youtube.com
O1 - Hosts: 209.85.229.100 youtube.com
O1 - Hosts: 209.85.229.100 tr.youtube.com
O1 - Hosts: 209.85.229.100 fr.youtube.com
O1 - Hosts: 209.85.229.100 au.youtube.com
O1 - Hosts: 209.85.229.100 ca.youtube.com
O1 - Hosts: 208.117.236.71 m.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 209.85.165.102 gdata.youtube.com
O1 - Hosts: 208.117.236.71 ru.youtube.com
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 88.255.41.21 fr.youtube.com
O1 - Hosts: 88.255.41.21 www.fr.youtube.com
O1 - Hosts: 74.125.95.138 de.youtube.com
O1 - Hosts: 209.85.129.104 help.youtube.com
O1 - Hosts: 209.85.129.104 www.help.youtube.com
O1 - Hosts: 74.125.13.80 v1.lscache1.c.youtube.com
O1 - Hosts: 74.125.0.147 v2.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.86 v3.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.89 v4.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.92 v5.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.95 v6.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.98 v7.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.101 v8.lscache1.c.youtube.com
O1 - Hosts: 74.125.97.17 v9.lscache1.c.youtube.com
O1 - Hosts: 74.125.97.84 v10.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.87 v11.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.90 v12.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.93 v13.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.96 v14.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.99 v15.lscache1.c.youtube.com
O1 - Hosts: 74.125.97.38 v16.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.82 v17.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.85 v18.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.88 v19.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.91 v20.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.94 v21.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.97 v22.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.100 v23.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.103 v24.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.80 v1.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.83 v2.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.86 v3.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.89 v4.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.92 v5.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.95 v6.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.98 v7.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.101 v8.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.81 v9.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.84 v10.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.87 v11.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.90 v12.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.93 v13.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.96 v14.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.99 v15.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.102 v16.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.82 v17.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.85 v18.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.88 v19.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.91 v20.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.94 v21.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.97 v22.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.100 v23.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.103 v24.lscache2.c.youtube.com
O1 - Hosts: 74.125.99.80 v1.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.83 v2.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.86 v3.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.89 v4.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.92 v5.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.95 v6.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.98 v7.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.101 v8.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.81 v9.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.84 v10.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.87 v11.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.90 v12.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.93 v13.lscache3.c.youtube.com
O1 - Hosts: 74.125.97.32 v14.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.99 v15.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.102 v16.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.82 v17.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.85 v18.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.88 v19.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.91 v20.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.94 v21.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.97 v22.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.100 v23.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.103 v24.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.80 v1.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.83 v2.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.86 v3.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.89 v4.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.92 v5.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.95 v6.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.98 v7.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.101 v8.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.81 v9.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.84 v10.lscache4.c.youtube.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Reklam Başlığı Engelleyicisine ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Tüm Linkleri BitComet Kullanarak İndir - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Tüm Videoları BitComet Kullanarak İndir - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra button: &Sanal klavye - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll (file missing)
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URL ko&ntrolü - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O13 - Gopher Prefix: 
O16 - DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} (Crystal ActiveX Report Viewer Control 11.5) - http://reporteokul.meb.gov.tr/crystalreportviewers115/ActiveXControls/activexviewer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O23 - Service: ArGoSoft Mail Server for .NET (ArGoSoftMailServerNet) - ArGo Software Design - C:\Program Files\ArGo Software Design\ArGoSoft Mail Server .NET\AGMSService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\Windows\system32\rserver30\RServer3.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 14166 bytes



bide şöyle bişey çıktı bu nedir?
0