Üye Girişi
Bağlan Google+ ile Bağlan Facebook ile Bağlan
Yeni Kayıt
Tüm Forumlar
  • Tüm Forumlar
  • İşletim Sistemleri ve Yazılımlar
  • Yazılım Genel
  • Güvenlik Programları
  • Bu Konuda
Şimdi Ara

HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (169. sayfa)

Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Daha Fazla
Bu Konudaki Kullanıcılar: Daha Az
3 Misafir (1 Mobil) - 2 Masaüstü1 Mobil
5 sn
9.877
Cevap
17
Favori
1.256.530
Tıklama
Daha Fazla
İstatistik
  • Konu İstatistikleri Yükleniyor
Konuya Özel
Öne Çıkar
0 oy
Cevapla
Sayfa: önceki 1...84...167168169170171...331...494
Sayfaya Git
Git
sonraki
Giriş
Mesaj
  • Serji Söylediklerini fixledim ve bilgisayarı güvenli moddada açtım ama yine resimlerde explorer.exe hatası veriyo. Dahada açmak gerekirse resimleri windows resim ve faks görüntüleyicisi ile görüntülerken resimin üzerinde değişiklik yapmak için painti açan icon'a tıklayınca explorer.exe hatası veriyor.İlgin için teşekkürlerr...

    Logfile of HijackThis v1.99.1
    Scan saved at 13:06:07, on 07.07.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    D:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\system32\RunDLL32.exe
    D:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    D:\Program Files\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    D:\Program Files\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    d:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    D:\Program Files\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    d:\Program Files\Spyware Doctor\svcntaux.exe
    d:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\HIZLI\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.ae.metu.edu.tr/
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
    O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SDTray] "d:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Analogue Vista Clock] D:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ShellToys XP Utility Manager] "D:\Program Files\CFi\ShellToys\CFiShlMan.exe" -start
    O4 - Startup: RocketDock.lnk = D:\Program Files\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = D:\Program Files\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = D:\Program Files\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = D:\Program Files\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O8 - Extra context menu item: &FlashGet ile indir - D:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: &Tümünü FlashGet ile indir - D:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Add to Anti-Banner - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Translate with &Babylon - res://D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
    O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
    O23 - Service: Backbone Service (BBDemon) - Unknown owner - d:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero 7\InCD\InCDsrv.exe
    O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
    O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
    O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe


    quote:

    Orjinalden alıntı: serji

    quote:

    Orjinalden alıntı: hasan_hzl
    Serji Dostum benim bilgisayar resim dosyalarına bakarken explorer.exe hatası veriyor.(Windows resim ve faks görüntüleyicisi explorer.exe hatası diyo) İnşallah önemli bişey yoktur eğer varsa senin de yardımınla üstesinden geliriz inşallah...Serji başarılarının devamını dilerim....Saygılar....

    tskler dostm. eger bu islem sorunu cozmezse guvenli modda resimlere bakmayi bir dene sorun devam ediyor mu? ona gore baska cozum yollari bulacagiz

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*

    _____________________________
    Geri sayım sen doğduğunda başladı! Eğer (9) canlı bile olsaydın en fazla (8) kez kaçabilirdin ölümden! Bil ki (7) düvele sultan dahi olsan yerin (6) mekan olacak sana. En fazla (5) metre kumaş götürebileceksin! Kapatacaksın (4) açsan da gözlerini! Bu (3) günlük fani dünyada Azraile (2) kat olup yalvarsan da nafile. Ecel geldiğinde (1) gün öleceksin! İşte, o an her şey (0) dan başlayacak.




  • quote:

    Orjinalden alıntı: asimo78

    Kolay gelsin Serji
    benim sorunum hrena.com gibi istenmeyen sitelerin google ile çıkması.
    bir de internet explorer in yavaş çalışması


    serji sanırım buldum
    O4 - HKLM\..\Run: [webshot] C:\WINDOWS\system32\webshot.exe
    şu satırdan kaynaklaıyor di mi?
    _____________________________
  • quote:

    Orjinalden alıntı: matak
    slm dostum benim problemim error safe ne confdlm.exe diye bidosya, ayrıca internet explorer da sayfalar açılırken kısa süreli kilitlenme oluyor bu her sayfa açıldığında oluyor
    yardımların için teşekkürler.

    rica ederm dosmt iste liste

    C:\WINDOWS\system32\mmswr.exe
    C:\WINDOWS\system32\ikern32.exe
    C:\WINDOWS\system32\tskmans.exe
    C:\WINDOWS\system32\conhyhgr.exe
    C:\WINDOWS\system32\dcmsxe.exe
    C:\WINDOWS\system32\xmlqhcih.exe
    C:\WINDOWS\system32\rdsruns.exe
    C:\Program Files\Internet Explorer\iexp1ore.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant =http://search.imesh.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {197F3849-5AD4-49A2-8A91-CDEE13BD4063} - C:\WINDOWS\system32\vturs.dll
    O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\qekoeybw.dll
    O2 - BHO: (no name) - {43CBE820-B564-4B5A-BD5E-F365C19E445C} - C:\WINDOWS\system32\pmnnono.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [mwini32] C:\WINDOWS\system32\mmswr.exe
    O4 - HKLM\..\Run: [syskern32] C:\WINDOWS\system32\ikern32.exe
    O4 - HKLM\..\Run: [itaskman] C:\WINDOWS\system32\tskmans.exe
    O4 - HKLM\..\Run: [vckdsip] C:\WINDOWS\system32\conhyhgr.exe
    O4 - HKLM\..\Run: [audlmne32] C:\WINDOWS\system32\dcmsxe.exe
    O4 - HKLM\..\Run: [dstatsw] C:\WINDOWS\system32\xmlqhcih.exe
    O4 - HKLM\..\Run: [msrlink] C:\WINDOWS\system32\rdsruns.exe
    O4 - HKLM\..\Run: [zmdata2] C:\WINDOWS\system32\caplmchj.exe
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\yendvuxa.dll",forkonce
    O4 - HKCU\..\Run: [esrplay] C:\WINDOWS\system32\escsn.exe
    O4 - HKCU\..\Run: [newrs32] C:\WINDOWS\system32\edconss.exe
    O4 - HKCU\..\Run: [mwini32] C:\WINDOWS\system32\mmswr.exe
    O4 - HKCU\..\Run: [itaskman] C:\WINDOWS\system32\tskmans.exe
    O4 - HKCU\..\Run: [syskern32] C:\WINDOWS\system32\ikern32.exe
    O4 - HKCU\..\Run: [vckdsip] C:\WINDOWS\system32\conhyhgr.exe
    O4 - HKCU\..\Run: [audlmne32] C:\WINDOWS\system32\dcmsxe.exe
    O4 - HKCU\..\Run: [dstatsw] C:\WINDOWS\system32\xmlqhcih.exe
    O4 - HKCU\..\Run: [msrlink] C:\WINDOWS\system32\rdsruns.exe
    O4 - HKCU\..\Run: [zmdata2] C:\WINDOWS\system32\caplmchj.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: pmnnono - C:\WINDOWS\SYSTEM32\pmnnono.dll
    O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll
    O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\SYSTEM32\winbjt32.dll
    O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing)
    _____________________________




  • quote:

    Orjinalden alıntı: asimo78
    Kolay gelsin Serji
    benim sorunum hrena.com gibi istenmeyen sitelerin google ile çıkması.
    bir de internet explorer in yavaş çalışması

    ist eliste dostm

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{14DAAAF6-4717-4A39-B26C-D056B40269C2}: NameServer = 85.255.116.77,85.255.112.212
    O17 - HKLM\System\CCS\Services\Tcpip\..\{72DC0A8F-BA65-47C8-B0F5-C68D44F0428E}: NameServer = 4.2.2.1,4.2.2.2
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.77 85.255.112.212
    O17 - HKLM\System\CS1\Services\Tcpip\..\{14DAAAF6-4717-4A39-B26C-D056B40269C2}: NameServer = 85.255.116.77,85.255.112.212
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.77 85.255.112.212
    O17 - HKLM\System\CS2\Services\Tcpip\..\{14DAAAF6-4717-4A39-B26C-D056B40269C2}: NameServer = 85.255.116.77,85.255.112.212
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.77 85.255.112.212
    _____________________________




  • quote:

    Orjinalden alıntı: hasan_hzl
    Serji Söylediklerini fixledim ve bilgisayarı güvenli moddada açtım ama yine resimlerde explorer.exe hatası veriyo. Dahada açmak gerekirse resimleri windows resim ve faks görüntüleyicisi ile görüntülerken resimin üzerinde değişiklik yapmak için painti açan icon'a tıklayınca explorer.exe hatası veriyor.İlgin için teşekkürlerr...

    http://siri.urz.free.fr/Fix/SmitfraudFix.exe
    bu dosyayi indir.
    guvenli modda pcyi ac.
    2 bas entera bas. Sana bir soru soracak Y basip entera bas. Bir soru daha sorarsa ona da Y olarak cevap ver. PC'yi yeniden baslat.
    _____________________________




  • Teşekkürler serji
    _____________________________
  • quote:

    Orjinalden alıntı: asimo78
    Teşekkürler serji

    rca ederm dostm koly gelsn
    _____________________________
  • serji kardeşim öncelikle böyle bir yardım ve bilgi sunduğun için teşekkür ederiz. Topiği yeni gördüm kesinlikle evdeki makineye bunu yapmam lazım nedenine gelince şunu sormak istiyorum.

    AMD 6000 işlemcili bi makine topladım 2 tane 1024 667 kingston var anakart ta epox ultra3
    fakat abi açılırken masa üstü gelince ve normal explorer da işlem de iken bayağı bir kasıyor. Yani hiç yakıştıramıyorum. Bu olay bu kadar yayıldığına göre muhakkak bi gerçekçiliği olduğu gibi bende inanıyorum. Pazar akşamı burda isen bende evden şu logları bi gönderiyim bi kontrol edersen çok sevinirim.

    Başarılarının devamını dilerim.
    _____________________________
    http://www.speedtest.net/result/3885999577.png
  • m
    _____________________________
  • Selam,
    Bende attrib.exe hatasi var. surucude disk yok bir disk takin diye uyari veriyior.
    Format attim,kurtulamadim.
    Nod 32 temizliyor ancak, restart ettigimde ilk once problem yok. Memory stick taktigim andan itibaren yukaridaki hata gelmeye basliyor 2 dk da bir
    tekrarlanior. Log dosyam ekde, tesekkur ederim,cok faydali bir baslik.
    ---------
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 15:17:46, on 07.07.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\wscript.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\DOCUME~1\zeynep\LOCALS~1\Temp\Geçici Dizin 4 (HiJackThis_v2.zip için)\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    F2 - REG:system.ini: UserInit=userinit.exe,autorun.bat
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2479BE20-7136-4092-8143-8492928105B0}: NameServer = 10.0.0.2
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2479BE20-7136-4092-8143-8492928105B0}: NameServer = 10.0.0.2
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2479BE20-7136-4092-8143-8492928105B0}: NameServer = 10.0.0.2
    O22 - SharedTaskScheduler: Browseui önceden yükleyicisi - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Bileşen Katergorileri önbellek daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    --
    End of file - 3028 bytes
    _____________________________




  • quote:

    Orjinalden alıntı: alkandemirlek
    serji kardeşim öncelikle böyle bir yardım ve bilgi sunduğun için teşekkür ederiz. Topiği yeni gördüm kesinlikle evdeki makineye bunu yapmam lazım nedenine gelince şunu sormak istiyorum.
    AMD 6000 işlemcili bi makine topladım 2 tane 1024 667 kingston var anakart ta epox ultra3
    fakat abi açılırken masa üstü gelince ve normal explorer da işlem de iken bayağı bir kasıyor. Yani hiç yakıştıramıyorum. Bu olay bu kadar yayıldığına göre muhakkak bi gerçekçiliği olduğu gibi bende inanıyorum. Pazar akşamı burda isen bende evden şu logları bi gönderiyim bi kontrol edersen çok sevinirim.
    Başarılarının devamını dilerim.

    tsk ederm dostm. sorunu bu sekilde cozebilirz. ben logu bekliyorum

    quote:

    Orjinalden alıntı: ctnkrkt
    Selam,
    Bende attrib.exe hatasi var. surucude disk yok bir disk takin diye uyari veriyior.
    Format attim,kurtulamadim.
    Nod 32 temizliyor ancak, restart ettigimde ilk once problem yok. Memory stick taktigim andan itibaren yukaridaki hata gelmeye basliyor 2 dk da bir
    tekrarlanior. Log dosyam ekde, tesekkur ederim,cok faydali bir baslik.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    F2 - REG:system.ini: UserInit=userinit.exe,autorun.bat
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    _____________________________




  • Serji yine aynı hatayı veriyor.Yinede yardımların için sağol.

    quote:

    Orjinalden alıntı: serji

    quote:

    Orjinalden alıntı: hasan_hzl
    Serji Söylediklerini fixledim ve bilgisayarı güvenli moddada açtım ama yine resimlerde explorer.exe hatası veriyo. Dahada açmak gerekirse resimleri windows resim ve faks görüntüleyicisi ile görüntülerken resimin üzerinde değişiklik yapmak için painti açan icon'a tıklayınca explorer.exe hatası veriyor.İlgin için teşekkürlerr...

    http://siri.urz.free.fr/Fix/SmitfraudFix.exe
    bu dosyayi indir.
    guvenli modda pcyi ac.
    2 bas entera bas. Sana bir soru soracak Y basip entera bas. Bir soru daha sorarsa ona da Y olarak cevap ver. PC'yi yeniden baslat.
    _____________________________
    Geri sayım sen doğduğunda başladı! Eğer (9) canlı bile olsaydın en fazla (8) kez kaçabilirdin ölümden! Bil ki (7) düvele sultan dahi olsan yerin (6) mekan olacak sana. En fazla (5) metre kumaş götürebileceksin! Kapatacaksın (4) açsan da gözlerini! Bu (3) günlük fani dünyada Azraile (2) kat olup yalvarsan da nafile. Ecel geldiğinde (1) gün öleceksin! İşte, o an her şey (0) dan başlayacak.




  • quote:

    Orjinalden alıntı: hasan_hzl
    Serji yine aynı hatayı veriyor.Yinede yardımların için sağol.

    rca ederm dostm. bir de sunu indirip ac. yeniden baslat. masaustunde bir log dosyasi olusturacak onu icerigiyle birlikte buraya yolla

    http://lnk.in/5494
    _____________________________
  • Valla ben tam anlayamadım o dosyayı çalıştırdım ama masaüstünde bişey oluşturmadı....

    quote:

    Orjinalden alıntı: serji

    quote:

    Orjinalden alıntı: hasan_hzl
    Serji yine aynı hatayı veriyor.Yinede yardımların için sağol.

    rca ederm dostm. bir de sunu indirip ac. yeniden baslat. masaustunde bir log dosyasi olusturacak onu icerigiyle birlikte buraya yolla

    http://lnk.in/5494
    _____________________________
    Geri sayım sen doğduğunda başladı! Eğer (9) canlı bile olsaydın en fazla (8) kez kaçabilirdin ölümden! Bil ki (7) düvele sultan dahi olsan yerin (6) mekan olacak sana. En fazla (5) metre kumaş götürebileceksin! Kapatacaksın (4) açsan da gözlerini! Bu (3) günlük fani dünyada Azraile (2) kat olup yalvarsan da nafile. Ecel geldiğinde (1) gün öleceksin! İşte, o an her şey (0) dan başlayacak.




  • quote:

    Orjinalden alıntı: hasan_hzl
    Valla ben tam anlayamadım o dosyayı çalıştırdım ama masaüstünde bişey oluşturmadı....

    dostm o dosyai calistirdiginda sana nerede olusturuduguna dair bir mesaj verecek oradan gonder
    _____________________________
  • Serji işte log...

    "Silent Runners.vbs", revision R50,http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "Analogue Vista Clock" = "D:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe" [null data]
    "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
    "ShellToys XP Utility Manager" = ""D:\Program Files\CFi\ShellToys\CFiShlMan.exe" -start" ["Cool Focus International Ltd."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "GBB36X Configure" = "C:\WINDOWS\system32\JMRaidTool.exe boot" ["Gigabyte Technology Corp."]
    "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
    "NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
    "SDTray" = ""d:\Program Files\Spyware Doctor\SDTrayApp.exe"" ["PC Tools"]
    "AVP" = ""D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"" ["Kaspersky Lab"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch"
    -> {HKLM...CLSID} = "FGCatchUrl"
    \InProcServer32\(Default) = "D:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"]
    {68F9551E-0411-48E4-9AAF-4BC42A6A46BE}\(Default) = "Canon Easy Web Print Helper"
    -> {HKLM...CLSID} = "EWPBrowseObject Class"
    \InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll" [null data]
    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Groove GFS Browser Helper"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "SSVHelper Class"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Windows Live Sign-in Helper"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
    {F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "FlashGet GetFlash Class"
    \InProcServer32\(Default) = "D:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
    "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
    -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
    \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
    "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
    -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
    \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
    "{E81FFB23-40E2-431C-A041-76AEA0E4B04C}" = "Nameext"
    -> {HKLM...CLSID} = "Enterprise Projects"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\NAMEEXT.DLL" [MS]
    "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
    -> {HKLM...CLSID} = "ImageExtractorShellExt Class"
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\VISSHE.DLL" [MS]
    "{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}"
    -> {HKLM...CLSID} = "CInfoTipShellExt Class"
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\VISSHE.DLL" [MS]
    "{AB4F43CA-ADCD-4384-B9AF-3CECEA7D6544}" = "Web Sites"
    -> {HKLM...CLSID} = "Web Sites"
    \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\12\BIN\FPNSE.DLL" [MS]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "d:\Program Files\WinRAR\rarext.dll" [null data]
    "{2DBD5D71-CBB7-41D1-B170-511646B170BD}" = "CFi ShellToys Library"
    -> {HKLM...CLSID} = "CFi ShellToys Junction Point Icon Overlay"
    \InProcServer32\(Default) = "d:\PROGRA~1\CFi\SHELLT~1\CFiShlJP.dll" ["Cool Focus International Ltd."]
    "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
    "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
    "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
    "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
    "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
    -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
    \InProcServer32\(Default) = "D:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
    "{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
    -> {HKLM...CLSID} = "TuneUp Theme Extension"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\uxtuneup.dll" ["TuneUp Software GmbH"]
    "{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"
    -> {HKLM...CLSID} = "Trojan Remover Shell Extension"
    \InProcServer32\(Default) = "d:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
    "{4FED14EE-8086-4b0c-A0DE-C27042ED1296}" = "PDFTransformer2ContextMenu"
    -> {HKLM...CLSID} = "PDFTransformer2.PDFTContextMenu.1"
    \InProcServer32\(Default) = "D:\Program Files\ABBYY PDF Transformer 2.0\PDFTContextMenu.dll" ["ABBYY Software"]
    "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" = "jetAudio"
    -> {HKLM...CLSID} = "JetFlExt Class"
    \InProcServer32\(Default) = "D:\Program Files\JetAudio\JetFlExt.dll" ["COWON America"]
    "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"
    -> {HKLM...CLSID} = "PowerISO"
    \InProcServer32\(Default) = "d:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
    -> {HKLM...CLSID} = "Groove GFS Browser Helper"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
    -> {HKLM...CLSID} = "Groove Folder Synchronization"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
    "{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
    -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
    -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
    "{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
    -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
    "{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
    -> {HKLM...CLSID} = "Groove XML Icon Handler"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
    "{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
    -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
    "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
    -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
    "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
    -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
    "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
    -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
    "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
    -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
    -> {HKLM...CLSID} = "Outlook File Icon Extension"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]
    "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
    -> {HKLM...CLSID} = "Microsoft Office Outlook"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]
    "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
    -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]
    "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus statistics"
    -> {HKLM...CLSID} = "Web Anti-Virus statistics"
    \InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll" ["Kaspersky Lab"]
    "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}" = "Context Menu Shell Extension"
    -> {HKLM...CLSID} = "Context Menu Shell Extension"
    \InProcServer32\(Default) = "D:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]
    "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
    -> {HKLM...CLSID} = "DesktopContext Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
    -> {HKLM...CLSID} = "NVIDIA CPL Extension"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
    -> {HKLM...CLSID} = "Desktop Explorer"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
    -> {HKLM...CLSID} = "nView Desktop Context Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{CAE3251E-9B15-4810-B268-852AD9792A59}" = "InCDShellExt extension"
    -> {HKLM...CLSID} = "InCDShellExt Class"
    \InProcServer32\(Default) = "D:\Program Files\Nero 7\InCD\InCDshx.dll" ["Nero AG"]
    "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
    -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
    \InProcServer32\(Default) = "D:\Program Files\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
    "{B3D9AEDE-B2C3-406d-A254-6BE07767B08B}" = "InCDUdfPerm extension"
    -> {HKLM...CLSID} = "InCDUdfPerm Class"
    \InProcServer32\(Default) = "D:\Program Files\Nero 7\InCD\InCDUP.dll" ["Nero AG"]
    "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
    -> {HKLM...CLSID} = "Paylaşım Klasörlerim"
    \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
    "{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"
    -> {HKLM...CLSID} = "CMenuExtender"
    \InProcServer32\(Default) = "d:\program files\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]
    "{2897079A-65DF-40E0-9711-892C3859EC3B}" = "CFi ShellToys Library"
    -> {HKLM...CLSID} = "CFi ShellToys Shell Extension"
    \InProcServer32\(Default) = "d:\PROGRA~1\CFi\SHELLT~1\CFiShell.dll" ["Cool Focus International Ltd"]
    "{067B597C-C099-4A08-A180-E5FEC5DCF2DF}" = "CFi ShellToys Library"
    -> {HKLM...CLSID} = "CFi ShellToys ShellExec Extension"
    \InProcServer32\(Default) = "d:\PROGRA~1\CFi\SHELLT~1\CFiShlEx.dll" ["Cool Focus International Ltd."]
    "{AF0ACB3E-8F8B-482F-A205-7BB28F249191}" = "CFi ShellToys Library"
    -> {HKLM...CLSID} = "CFi ShellToys DragDrop Shell Extension"
    \InProcServer32\(Default) = "d:\PROGRA~1\CFi\SHELLT~1\CFISHL~1.DLL" ["Cool Focus International Ltd"]
    "{3810FC71-3DA0-468D-961D-B366D22651FE}" = "CFi ShellToys Library"
    -> {HKLM...CLSID} = "CFi ShellToys HardLink Shell Extension"
    \InProcServer32\(Default) = "d:\PROGRA~1\CFi\SHELLT~1\CFiShlHL.dll" ["Cool Focus International Ltd"]
    "{BA052FFF-14A6-4430-A97E-745E6EE64A9D}" = "CFi ShellToys Library"
    -> {HKLM...CLSID} = "CFi ShellToys BR Shell Extension"
    \InProcServer32\(Default) = "d:\PROGRA~1\CFi\SHELLT~1\CFiShlRn.dll" ["Cool Focus International Ltd"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    <<!>> "{067B597C-C099-4A08-A180-E5FEC5DCF2DF}" = "CFi ShellToys ShellExec Extension"
    -> {HKLM...CLSID} = "CFi ShellToys ShellExec Extension"
    \InProcServer32\(Default) = "d:\PROGRA~1\CFi\SHELLT~1\CFiShlEx.dll" ["Cool Focus International Ltd."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
    -> {HKLM...CLSID} = "WPDShServiceObj Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
    <<!>> "AppInit_DLLs" = "D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll" ["Kaspersky Lab"]

    HKLM\System\CurrentControlSet\Control\Session Manager\
    <<!>> "BootExecute" = "autocheck autochk *"|"smrgdf C:\Documents and Settings\HIZLI\Application Data\iolo\" [null data]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    <<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

    HKLM\Software\Classes\PROTOCOLS\Filter\
    <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
    -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
    \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM...CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    CFiExtensions\(Default) = "{2897079A-65DF-40E0-9711-892C3859EC3B}"
    -> {HKLM...CLSID} = "CFi ShellToys Shell Extension"
    \InProcServer32\(Default) = "d:\PROGRA~1\CFi\SHELLT~1\CFiShell.dll" ["Cool Focus International Ltd"]
    CFiExtensionsR\(Default) = "{BA052FFF-14A6-4430-A97E-745E6EE64A9D}"
    -> {HKLM...CLSID} = "CFi ShellToys BR Shell Extension"
    \InProcServer32\(Default) = "d:\PROGRA~1\CFi\SHELLT~1\CFiShlRn.dll" ["Cool Focus International Ltd"]
    Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
    -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
    \InProcServer32\(Default) = "D:\Program Files\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
    FileEncrypt\(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "d:\Program Files\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"]
    InCDShellExt\(Default) = "{CAE3251E-9B15-4810-B268-852AD9792A59}"
    -> {HKLM...CLSID} = "InCDShellExt Class"
    \InProcServer32\(Default) = "D:\Program Files\Nero 7\InCD\InCDshx.dll" ["Nero AG"]
    Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll" ["Kaspersky Lab"]
    PDFTransformer2ContextMenu\(Default) = "{4FED14EE-8086-4b0c-A0DE-C27042ED1296}"
    -> {HKLM...CLSID} = "PDFTransformer2.PDFTContextMenu.1"
    \InProcServer32\(Default) = "D:\Program Files\ABBYY PDF Transformer 2.0\PDFTContextMenu.dll" ["ABBYY Software"]
    PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
    -> {HKLM...CLSID} = "PowerISO"
    \InProcServer32\(Default) = "d:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
    TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"
    -> {HKLM...CLSID} = "Context Menu Shell Extension"
    \InProcServer32\(Default) = "D:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]
    Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
    -> {HKLM...CLSID} = "Trojan Remover Shell Extension"
    \InProcServer32\(Default) = "d:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
    TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
    -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
    \InProcServer32\(Default) = "D:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "d:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
    XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
    -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    CFiExtensionsR\(Default) = "{BA052FFF-14A6-4430-A97E-745E6EE64A9D}"
    -> {HKLM...CLSID} = "CFi ShellToys BR Shell Extension"
    \InProcServer32\(Default) = "d:\PROGRA~1\CFi\SHELLT~1\CFiShlRn.dll" ["Cool Focus International Ltd"]
    CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"
    -> {HKLM...CLSID} = "CMenuExtender"
    \InProcServer32\(Default) = "d:\program files\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]
    FileEncrypt\(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "d:\Program Files\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"]
    InCDShellExt\(Default) = "{CAE3251E-9B15-4810-B268-852AD9792A59}"
    -> {HKLM...CLSID} = "InCDShellExt Class"
    \InProcServer32\(Default) = "D:\Program Files\Nero 7\InCD\InCDshx.dll" ["Nero AG"]
    jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
    -> {HKLM...CLSID} = "JetFlExt Class"
    \InProcServer32\(Default) = "D:\Program Files\JetAudio\JetFlExt.dll" ["COWON America"]
    PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
    -> {HKLM...CLSID} = "PowerISO"
    \InProcServer32\(Default) = "d:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
    TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
    -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
    \InProcServer32\(Default) = "D:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "d:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
    XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
    -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    CFiExtensions\(Default) = "{2897079A-65DF-40E0-9711-892C3859EC3B}"
    -> {HKLM...CLSID} = "CFi ShellToys Shell Extension"
    \InProcServer32\(Default) = "d:\PROGRA~1\CFi\SHELLT~1\CFiShell.dll" ["Cool Focus International Ltd"]
    InCDShellExt\(Default) = "{CAE3251E-9B15-4810-B268-852AD9792A59}"
    -> {HKLM...CLSID} = "InCDShellExt Class"
    \InProcServer32\(Default) = "D:\Program Files\Nero 7\InCD\InCDshx.dll" ["Nero AG"]
    jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
    -> {HKLM...CLSID} = "JetFlExt Class"
    \InProcServer32\(Default) = "D:\Program Files\JetAudio\JetFlExt.dll" ["COWON America"]
    Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll" ["Kaspersky Lab"]
    PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
    -> {HKLM...CLSID} = "PowerISO"
    \InProcServer32\(Default) = "d:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
    TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"
    -> {HKLM...CLSID} = "Context Menu Shell Extension"
    \InProcServer32\(Default) = "D:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]
    Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
    -> {HKLM...CLSID} = "Trojan Remover Shell Extension"
    \InProcServer32\(Default) = "d:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "d:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
    XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
    -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

    HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
    XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
    -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]


    Default executables:
    --------------------

    <<!>> HKLM\Software\Classes\htafile\shell\open\command\(Default) = "NOTEPAD.EXE %1" [MS]


    Group Policies {GPedit.msc branch and setting}:
    -----------------------------------------------

    Note: detected settings may not have any effect.

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Shutdown: Allow system to be shut down without having to log on}

    "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Devices: Allow undock without having to log on}


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\HIZLI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\WINDOWS\system32\3PLANE~1.SCR" (3Planesoft_Screensaver_Manager.scr) ["3Planesoft"]


    Startup items in "HIZLI" & "All Users" startup folders:
    -------------------------------------------------------

    C:\Documents and Settings\HIZLI\Start Menu\Programlar\Başlangıç
    "RocketDock" -> shortcut to: "D:\Program Files\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [null data]
    "TransBar" -> shortcut to: "D:\Program Files\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe /s" ["AKSoftware"]
    "UberIcon" -> shortcut to: "D:\Program Files\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [null data]
    "Y'z Shadow" -> shortcut to: "D:\Program Files\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe" ["Y'z@Home"]


    Enabled Scheduled Tasks:
    ------------------------

    "1-Click Maintenance" -> launches: "D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

    Explorer Bars

    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

    HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]

    HKLM\Software\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

    HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Web Anti-Virus statistics"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll" ["Kaspersky Lab"]

    HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Araştır"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Sun Java Console"
    "CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"
    -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
    -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]

    {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
    "ButtonText" = "Web Anti-Virus statistics"

    {2670000A-7350-4F3C-8081-5663EE0C6C49}\
    "ButtonText" = "OneNote'a Gönder"
    "MenuText" = "OneNote'a G&önder"
    "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
    -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]

    {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
    "ButtonText" = "Spyware Doctor"
    "CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"

    {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
    "ButtonText" = "FlashGet"
    "MenuText" = "FlashGet"
    "Exec" = "D:\Program Files\FlashGet\FlashGet.exe" ["FlashGet.com"]


    Miscellaneous IE Hijack Points
    ------------------------------

    HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
    <<H>> "TuneUp" = "file://C|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css" [file not found]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    Backbone Service, BBDemon, ""d:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service" ["Dassault Systemes"]
    FTP Yayımlama, MSFtpsvc, "C:\WINDOWS\system32\inetsrv\inetinfo.exe" [MS]
    InCD Helper, InCDsrv, "D:\Program Files\Nero 7\InCD\InCDsrv.exe" ["Nero AG"]
    Kaspersky Internet Security 6.0, AVP, ""D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r" ["Kaspersky Lab"]
    Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"" [MS]
    NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
    SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\system32\UAService7.exe" ["Sony DADC Austria AG."]
    Spyware Doctor Auxiliary Service, sdAuxService, "d:\Program Files\Spyware Doctor\svcntaux.exe" ["PC Tools"]
    Spyware Doctor Service, sdCoreService, "d:\Program Files\Spyware Doctor\swdsvc.exe" ["PC Tools"]


    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    Canon BJ Language Monitor MP180\Driver = "CNMLM82.DLL" ["CANON INC."]
    Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
    PDF-XChange\Driver = "C:\WINDOWS\system32\pxc25pm.dll" ["Tracker Software"]
    Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]


    ----------
    <<!>>: Suspicious data at a malware launch point.
    <<H>>: Suspicious data at a browser hijack point.

    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points, use the -supp parameter or answer "No" at the
    first message box and "Yes" at the second message box.
    ---------- (total run time: 35 seconds)

    quote:

    Orjinalden alıntı: serji

    quote:

    Orjinalden alıntı: hasan_hzl
    Valla ben tam anlayamadım o dosyayı çalıştırdım ama masaüstünde bişey oluşturmadı....

    dostm o dosyai calistirdiginda sana nerede olusturuduguna dair bir mesaj verecek oradan gonder
    _____________________________
    Geri sayım sen doğduğunda başladı! Eğer (9) canlı bile olsaydın en fazla (8) kez kaçabilirdin ölümden! Bil ki (7) düvele sultan dahi olsan yerin (6) mekan olacak sana. En fazla (5) metre kumaş götürebileceksin! Kapatacaksın (4) açsan da gözlerini! Bu (3) günlük fani dünyada Azraile (2) kat olup yalvarsan da nafile. Ecel geldiğinde (1) gün öleceksin! İşte, o an her şey (0) dan başlayacak.




  • hasan_hzl dostm kusura bakma braz zamanimi aldi cok uzun bir log. bir spyware'den suphelenmistim fakat degil. buna benzer bir soruna office sebep oluyordu. xp'de ayri bir kullanici yaratip bir onuunla dene bakalim. bi caresini bulucz ins
    _____________________________
  • Dosyalari fixledim, ve guvenli moddan acip dosyalari sildim.
    Ne oldu dersin. Artik kullanicimla logon olamiyorum.
    Daha dogrusu,logon oluyorum,hemen kendisi logoff oluyor.
    Sistemi tekrar kurmayi dusunuyorum.
    Yine de sagol.
    Problem cikarsa yine yardimlarina basvururum.
    _____________________________
  • quote:

    Orjinalden alıntı: ctnkrkt
    Dosyalari fixledim, ve guvenli moddan acip dosyalari sildim.
    Ne oldu dersin. Artik kullanicimla logon olamiyorum.
    Daha dogrusu,logon oluyorum,hemen kendisi logoff oluyor.
    Sistemi tekrar kurmayi dusunuyorum.
    Yine de sagol.
    Problem cikarsa yine yardimlarina basvururum.

    dostm oncelikle kusura bakma. fakat bunun olmamasi gerekiyor. guvenli mod'da administrator ile giris yapmayi dene ve yeni bir kullanici yarat. onunla giris yap. ayrica hijackthis config - backup'tan yaptigin degisikligi geri alabilrisn
    _____________________________
  • Dostum ben güvenli modda adminle giriş yapınca resimlere bakarken öyle bi hata vermiyor sadece resimi düzeltmek için bastığım painti açan simgeye bastığımda painti açmıyor okadar...

    quote:

    Orjinalden alıntı: serji

    hasan_hzl dostm kusura bakma braz zamanimi aldi cok uzun bir log. bir spyware'den suphelenmistim fakat degil. buna benzer bir soruna office sebep oluyordu. xp'de ayri bir kullanici yaratip bir onuunla dene bakalim. bi caresini bulucz ins
    _____________________________
    Geri sayım sen doğduğunda başladı! Eğer (9) canlı bile olsaydın en fazla (8) kez kaçabilirdin ölümden! Bil ki (7) düvele sultan dahi olsan yerin (6) mekan olacak sana. En fazla (5) metre kumaş götürebileceksin! Kapatacaksın (4) açsan da gözlerini! Bu (3) günlük fani dünyada Azraile (2) kat olup yalvarsan da nafile. Ecel geldiğinde (1) gün öleceksin! İşte, o an her şey (0) dan başlayacak.
    • 
Sayfa: önceki 1...84...167168169170171...331...494
Sayfaya Git
Git
sonraki
- x
Bildirim
mesajınız kopyalandı (ctrl+v) yapıştırmak istediğiniz yere yapıştırabilirsiniz.
Hizmet kalitesi için çerezleri kullanabiliriz, DH'yi kullanırken depoladığımız çerezlerle ilgili veri politikamıza gözatın.
Kabul Ediyorum