DonanımHaber'de AraYENİ GELİŞMİŞ ARAMA
ForumBu Bölümde Ara
HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+
Daha Fazla
Bu Konudaki Kullanıcılar: Daha Az
2 Misafir Kullanıcı
9.877
Cevap
20
Favori
1.192.946
Tıklama
Tüm Forumlar >> İşletim Sistemleri ve Yazılımlar >> Yazılım Genel >> Güvenlik Programları >> HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+
Sayfaya Git:
Sayfa: <<< önceki 277 278 279 280 281 282 283 284 285 286 sonraki >>>
Giriş
Mesaj
    • Er
      12 Mesaj
      22 Ekim 2008 21:44:31

      quote:

      Orjinalden alıntı: serji



      Alıntıları Göster


      Rica ederim. Takildiginiz bir yer olursa sormaktan cekinmeyin. Elimden geldigi kadar yardimci olurum. En azindan denerim Hepsini fixlemek bazen sorun yaratabilir. Cnku baslangictra suruculerin vs yuklendigi oluyor. O yuzden bilen birine yaptirmak cok daha iyi. Ki zaten yavas yavas cozmeye de baslamissiniz sorun yok. Site hakkindaki yorum icin de tesekkurler. Burada olmadigim zamanlarda orada oluyorum. Ve guzellestirmeye calsiiyorum. Siteyi de cevrenizdeki kullanicilara sorunlari olanlara vs. tavsiye ederseniz bana en buyuk yardimi yapmis olursunuz. Tesekkurler. Kolay gelsin.



      Merak etmeyin Msnede iletime yaziyorum :) uzun bir sürede orda kalır.. ;) o yardımıda yapalım yapmazsak olmaz zaten..



      _____________________________

    • Er
      12 Mesaj
      22 Ekim 2008 21:52:43
      ahh unutmusum bu arada birde benim bilgisyarda wowexec.exe diye birşey calısıyor bunun ne oldugunu cözemedim ? bir fikrin varmı?


      _____________________________

    • Emekli Yönetici
      8908 Mesaj
      22 Ekim 2008 22:05:06

      quote:

      Orjinalden alıntı: sezgin57
      Merak etmeyin Msnede iletime yaziyorum :) uzun bir sürede orda kalır.. ;) o yardımıda yapalım yapmazsak olmaz zaten..

      O zaman tesekkurler


      quote:

      Orjinalden alıntı: sezgin57
      ahh unutmusum bu arada birde benim bilgisyarda wowexec.exe diye birşey calısıyor bunun ne oldugunu cözemedim ? bir fikrin varmı?

      wowexec.exe Windows'un bir bleseni normal sartlarda. Ama hic karsilasmamis olmama ragmen trojan oldugunu da duymustum. Wowexec.exe dosyasini www.virustotal.com sitesinde taratabilirsin.



      _____________________________

    • Er
      12 Mesaj
      22 Ekim 2008 22:09:20
      Anladım ama bu dosya şeklinde değil nerde oldugunu bilmiyorum ctrl alt del yaptigimda işlemler kısmında cıkıyor sadece Wowexec.exe yaziyor karşisinda ne kullanici adi nede başka birşey yaziyor.. kaç kb ile calıştığı bile yazmiyor..


      _____________________________

    • Teğmen
      176 Mesaj
      23 Ekim 2008 00:18:18
      s.a. dostum.. aşağıda göndermiş olduum log dosyası internetcafemdeki bi bilgisayara ait.. inceleme ve yorumlarını bekliyorum.. şimdiden teşekkü ederim..


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 00:08:09, on 23.10.2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Vtune\TBPanel.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\VM303_STI.EXE
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\AKINSOFT\Cplus7\Client7\CplusC.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\AKINSOFT\Cplus7\Client7\ClientKontrol.Exe
      C:\WINDOWS\system32\csrsm.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\System.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\ghsfilt.exe
      C:\Documents and Settings\pc-01\Desktop\HiJackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.tr
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O1 - Hosts: 127.1 localhost
      O1 - Hosts: 127.1 fffff8888fsgfbghj88.cn
      O1 - Hosts: 127.1 61.134.37.12
      O1 - Hosts: 127.1 ko.ssa387.cn
      O1 - Hosts: 127.1 www.ndxrr.cn
      O1 - Hosts: 127.1 12345.ssa387.cn
      O1 - Hosts: 127.1 lihai88.com
      O1 - Hosts: 127.1 wwwwhf.cn
      O1 - Hosts: 127.1 a89369093.sq.u9idc.com
      O1 - Hosts: 127.1 www.mmd178.cn
      O1 - Hosts: 127.1 www.178mmd.cn
      O1 - Hosts: 127.1 www.wenzhuoyyy.cn
      O1 - Hosts: 127.1 tw.lovechina.tw.cn
      O1 - Hosts: 127.1 222.189.238.151
      O1 - Hosts: 127.1 222.179.185.78
      O1 - Hosts: 127.1 www.wq9q.cn
      O1 - Hosts: 127.1 593ffcey.cn
      O1 - Hosts: 127.1 set.yay520.cn
      O1 - Hosts: 127.1 tenmoc999.cn
      O1 - Hosts: 127.1 lihai88.com
      O1 - Hosts: 127.1 121.kcuf-01.com
      O1 - Hosts: 127.1 www.ew1q.cn
      O1 - Hosts: 127.1 www.b3sk.cn
      O1 - Hosts: 127.1 up.bizmd.cn
      O1 - Hosts: 127.1 www.ms2a.cn
      O1 - Hosts: 127.1 www.wo9188.cn
      O1 - Hosts: 127.1 www.fgetchr.cn
      O1 - Hosts: 127.1 www.e6zx.cn
      O1 - Hosts: 127.1 hai067.com
      O1 - Hosts: 127.1 hai088.com
      O1 - Hosts: 127.1 778899.jd8j.cn
      O1 - Hosts: 127.1 sql.78-11.net
      O1 - Hosts: 127.1 www.bbbirdy.com
      O1 - Hosts: 127.1 www.s1na1.com.cn
      O1 - Hosts: 127.1 www.dianyinjzd.cn
      O1 - Hosts: 127.1 www.dj5201314dj.com
      O1 - Hosts: 127.1 max-2.cn
      O1 - Hosts: 127.1 a.asp-o.cn
      O1 - Hosts: 127.1 b.asp-o.cn
      O1 - Hosts: 127.1 c.asp-o.cn
      O1 - Hosts: 127.1 x.kprobb.cn
      O1 - Hosts: 127.1 js.php-k.cn
      O1 - Hosts: 127.1 max-1.cn
      O1 - Hosts: 127.1 max-3.cn
      O1 - Hosts: 127.1 max-4.cn
      O1 - Hosts: 127.1 max-5.cn
      O1 - Hosts: 127.1 max-6.cn
      O1 - Hosts: 127.1 max-7.cn
      O1 - Hosts: 127.1 max-8.cn
      O1 - Hosts: 127.1 max-9.cn
      O1 - Hosts: 127.1 max-10.cn
      O1 - Hosts: 127.1 max-11.cn
      O1 - Hosts: 127.1 max-12.cn
      O1 - Hosts: 127.1 twocannon250.com.cn
      O1 - Hosts: 127.1 www.133mm.cn
      O1 - Hosts: 127.1 www.51vmm.cn
      O1 - Hosts: 127.1 www.7mmoo.cn
      O1 - Hosts: 127.1 www.99mmm.org.cn
      O1 - Hosts: 127.1 www.hdec.cn
      O1 - Hosts: 127.1 www.picc18.com
      O1 - Hosts: 127.1 www.kissdh.com
      O1 - Hosts: 127.1 www.x7v.cn
      O1 - Hosts: 127.1 biqulu.cn
      O1 - Hosts: 127.1 2008.qq2006.com.cn
      O1 - Hosts: 127.1 giaitrisex.com
      O1 - Hosts: 127.1 www.giaitrisex.com
      O1 - Hosts: 127.1 www.giaitrituoitre.net
      O1 - Hosts: 127.1 mekiep.com
      O1 - Hosts: 127.1 www.1sex1day.com
      O1 - Hosts: 127.1 a.9ymm.com
      O1 - Hosts: 127.1 bobo.7wyt.com
      O1 - Hosts: 127.1 www.591caobi.cn
      O1 - Hosts: 127.1 www.hrz008.cn
      O1 - Hosts: 127.1 asp-15.cn
      O1 - Hosts: 127.1 asp-12.cn
      O1 - Hosts: 127.1 www.jb88.net
      O1 - Hosts: 127.1 6.a88a.com
      O1 - Hosts: 127.1 w.b2c3.cn
      O1 - Hosts: 127.1 m.c5x8.com
      O1 - Hosts: 127.1 www.518sfw.cn
      O1 - Hosts: 127.1 www.jjyyzmj.cn
      O1 - Hosts: 127.1 u.cnmrx.net
      O1 - Hosts: 127.1 duowan.czm.cn
      O1 - Hosts: 127.1 xccxcxcxcxcx.cn
      O1 - Hosts: 127.1 google-yahoo.org.cn
      O1 - Hosts: 127.1 tudou-net.org.cn
      O1 - Hosts: 127.1 downloads.zango.com
      O1 - Hosts: 127.1 ftp.surfnet.nl
      O1 - Hosts: 127.1 bis.180solutions.com
      O1 - Hosts: 127.1 installs.hotbar.com
      O1 - Hosts: 127.1 www.hbdownloads.com
      O1 - Hosts: 127.1 static.zangocash.com
      O1 - Hosts: 127.1 www.qq-songli.cn
      O1 - Hosts: 127.1 aa.9234.net
      O1 - Hosts: 127.1 www.97love.info
      O1 - Hosts: 127.1 97love.info
      O1 - Hosts: 127.1 www.zyzhuiku.cn
      O1 - Hosts: 127.1 zyzhuiku.cn
      O1 - Hosts: 127.1 www.lang18.com
      O1 - Hosts: 127.1 lang18.com
      O1 - Hosts: 127.1 sao6666.com
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
      O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [CafePlus Client] C:\Program Files\AKINSOFT\Cplus7\Client7\CplusC.exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main
      O4 - HKLM\..\Run: [HBService32] System.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Reader Hızlı Çalıştırma.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O17 - HKLM\System\CCS\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
      O17 - HKLM\System\CS1\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
      O17 - HKLM\System\CS2\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
      O17 - HKLM\System\CS3\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs:HBmhly.dll,HB1000Y.dll,HBWOOOL.dll,HBXY2.dll,HBJXSJ.dll,HBSO2.dll,HBFS2.dll,HBXY3.dll,
      HBSHQ.dll,HBFY.dll,HBWULIN2.dll,HBW2I.dll,HBKDXY.dll,HBWORLD2.dll,HBASKTAO.dll,HBZHUXIAN.dll,HBWOW.dll,
      HBZERO.dll,HBBO.dll,HBCONQUER.dll,HBSOUL.dll,HBCHIBI.dll,HBDNF.dll,HBWARLORDS.dll,HBTL.dll,HBPICKCHINA.dll,
      HBCT.dll,HBGC.dll,HBHM.dll,HBHX2.dll,HBQQHX.dll,HBTW2.dll,HBQQSG.dll,HBQQFFO.dll,HBZT.dll,HBMIR2.dll,HBRXJH.dll,
      HBYY.dll,HBMXD.dll,HBSQ.dll,HBTJ.dll,HBFHZL.dll,HBWLQX.dll,HBLYFX.dll,HBR2.dll,HBCHD.dll,HBTZ.dll,HBQQXX.dll,HBWD.dll,
      HBZG.dll,HBPPBL.dll,HBXMJ.dll,HBJTLQ.dll,HBQJSJ.dll
      O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
      O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll
      O21 - SSODL: Upnp - {DE01DA19-A6A8-EB80-4D47-248DEB2A9399} - C:\WINDOWS\system32\upnpsrv.dll
      O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
      O23 - Service: CafePlusServiceMain - Unknown owner - C:\Program Files\AKINSOFT\Cplus7\Client7\cplusinject.exe
      O23 - Service: DFServEx - Hyper Technologies Inc. - C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

      --
      End of file - 9537 bytes



      < Bu mesaj bu kişi tarafından değiştirildi vampoo -- 24 Ekim 2008; 1:48:02 >
      _____________________________





      İmzam gural dışıymış...
    • Yüzbaşı
      799 Mesaj
      23 Ekim 2008 00:41:30
      @Serji, yardımlarınız için tşk ederim.Bunların hepsini teker teker araştırıp öğrenebilecek vaktim yokdu ama sizin bu konudaki deneyimleriniz bana çok yardımcı oldu.Dediğiniz işlemleri yaptım tekrardan log dosyalarını gonderin demişsiniz gonderiyorum.

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 00:34:43, on 23.10.2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Creative\Shared Files\CTAudSvc.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\system32\Rundll32.exe
      C:\Program Files\ESET\ESET Smart Security\egui.exe
      C:\WINDOWS\system32\CTsvcCDA.exe
      C:\Program Files\ESET\ESET Smart Security\ekrn.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Downloads\HiJackThis.exe

      O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
      O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
      O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
      O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O8 - Extra context menu item: FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_link.htm
      O8 - Extra context menu item: Tümünü FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_all.htm
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.micro...b_site.cab?1221532028828
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.micro...b_site.cab?1221542903031
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com...-6u7-windows-i586-jc.cab
      O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
      O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
      O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
      O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

      --
      End of file - 4070 bytes



      _____________________________

    • Er
      1 Mesaj
      23 Ekim 2008 10:57:52
      merhaba hocam kolay gelsin.benim log file budur :

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 09:44:30, on 23.10.2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\S24EvMon.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\WINDOWS\system32\ZCfgSvc.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\1XConfig.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      C:\WINDOWS\system32\inetsrv\inetinfo.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
      C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
      C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe
      C:\oracle\ora92\bin\omtsreco.exe
      C:\WINDOWS\system32\PGPsdkServ.exe
      C:\WINDOWS\system32\RegSrvc.exe
      C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\WINDOWS\FixCamera.exe
      C:\WINDOWS\vsnp2std.exe
      C:\WINDOWS\system32\igfxsrvc.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\ServGate\ServGate VPN Client\SafeCfg.exe
      C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE
      C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\FlashGet\flashget.exe
      C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.13.1.24:8080
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;10.13*;<local>
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
      O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
      O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
      O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
      O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
      O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
      O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: ServGate VPN Client.lnk = C:\Program Files\ServGate\ServGate VPN Client\SafeCfg.exe
      O4 - Global Startup: VPN Client.lnk = ?
      O8 - Extra context menu item: &FlashGet ile indir - C:\Program Files\FlashGet\jc_link.htm
      O8 - Extra context menu item: &Tümünü FlashGet ile indir - C:\Program Files\FlashGet\jc_all.htm
      O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.m...ry/msgrchkr.cab31267.cab
      O16 - DPF: {0A5CAD58-328A-4E60-94F1-A510F266128A} (qdmsDokuman Control) - http://qdms.bcnet.com/q...msDokumanApplication.cab
      O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtang...ncher/ActiveLauncher.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com...2/resources/MSNPUpld.cab
      O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://kocaelikentrehbe...aeli.bel.tr/mgaxctrl.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.micro...b_site.cab?1195488360244
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.m...StatsClient.cab31267.cab
      O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.m...atsPAClient.cab55762.cab
      O16 - DPF: {AF52CAD9-8797-4374-93DE-E24FD10EB11A} (Dokuman_Yazdir Control) - file:///C:/Inetpub/wwwroot/Kalite/qdms/CABFiles/QDMS_DY.cab
      O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://ast.yasar.com.tr/CSHELL/extender.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.m...nary/ZIntro.cab55579.cab
      O16 - DPF: {C2CF0AAB-787A-474E-87F9-DB0A5750234E} (QDMSDocGoster Control) - file:///C:/Inetpub/wwwroot/Kalite/qdms/CABFiles/QDMSDocGosterici.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macr...e/cabs/flash/swflash.cab
      O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.co...sis/popcaploader_v10.cab
      O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://vpndanisman.hay...etup/JuniperSetupSP1.cab
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bcnet.com
      O17 - HKLM\Software\..\Telephony: DomainName = bcnet.com
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bcnet.com
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bcnet.com
      O20 - AppInit_DLLs: C:\WINDOWS\system32\tmp_1x8.dll
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
      O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
      O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
      O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
      O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
      O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\ServGate\ServGate VPN Client\IPSecMon.exe
      O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\ServGate\ServGate VPN Client\IreIKE.exe
      O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
      O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
      O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
      O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
      O23 - Service: QDMS Mesaj Sistemi (qdmsDN) - Bimser Çözüm - C:\Inetpub\wwwroot\Kalite\Services\qdmsMail.exe
      O23 - Service: QDMS Yöneticisi (QDMSManager) - Bimser Çözüm - C:\Inetpub\wwwroot\Kalite\Services\qdmsMan.exe
      O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
      O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
      O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
      O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe

      --
      End of file - 12035 bytes



      _____________________________

    • Yüzbaşı
      264 Mesaj
      23 Ekim 2008 11:16:40
      serji abi benim liste 92. sayafada kaldı lütfen yardımcı ol :) benden sonra gelenlere yardım etmişsin. sanırım gözünden kaçtım abi ya lütfen......


      _____________________________

    • Yüzbaşı
      672 Mesaj
      23 Ekim 2008 14:34:31
      Merhaba, öncelikle tekrar bizlere yardımcı olmaya çalıştığın için teşekkür ederim. Yaklaşık on dakika önce Avast "amvo.exe" diye bir truva atı buldu. Daha sonra mevcut dosyayı, dikkatlice dos ortamında kaldırdım, gerekli regedit temizliğini de yaptım. Ancak format atmamın 2.gününde böyle bir şey yaşadığım için ve PC güvenliğimin önemli olması nedeniyle sizden bir Hijack loglarımı kontrol etmenizi rica edeceğim. Tekrar teşekkür ederim.

      Log;

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:08:09, on 23.10.2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Microsoft IntelliPoint\ipoint.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Intel\AMT\LMS.exe
      C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\PnkBstrB.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Program Files\Winamp\winamp.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Xfire\xfire.exe
      F:\Adobe Photoshop CS3 Extended Portable\Photoshop.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Documents and Settings\Q\Desktop\HiJackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
      O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
      O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.micro...b_site.cab?1224544110671
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.micro...b_site.cab?1224547566890
      O21 - SSODL: Java - True - (no file)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Intel(R) Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
      O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

      --
      End of file - 5182 bytes




      Ve bu mesajı yazarken, tekrardan bir uyarı aldım AMVO1.DLL olarak :)



      < Bu mesaj bu kişi tarafından değiştirildi cordor -- 23 Ekim 2008; 16:07:16 >
      _____________________________

    • Yarbay
      2893 Mesaj
      23 Ekim 2008 14:46:27
      serji kolay gelsin sayende bilgisayar nefes aldı. acaba önerdigin antivirüs programı var mı?


      _____________________________

    • Yarbay
      2606 Mesaj
      23 Ekim 2008 16:49:05
      Bilgisayar son 1 haftadır acayip yavaşladı dosyada youtube ile ilgili şeyler göreceksiniz onlar uzun zamandır var daha önce böyle yavas degildi o youtube için dns çözücü ama eger zararlı diyorsanız kaldırayım

      Logfile of Trend Micro HijackThis v2.0.2 
      Scan saved at 16:34:03, on 23.10.2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.20861)
      Boot mode: Normal

      Running processes:
      C:\windows\System32\smss.exe
      C:\windows\system32\winlogon.exe
      C:\windows\system32\services.exe
      C:\windows\system32\lsass.exe
      C:\windows\system32\Ati2evxx.exe
      C:\windows\system32\svchost.exe
      C:\windows\System32\svchost.exe
      C:\windows\system32\Ati2evxx.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
      C:\windows\system32\cisvc.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\windows\system32\PnkBstrA.exe
      C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
      C:\windows\system32\svchost.exe
      C:\windows\Explorer.EXE
      C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
      C:\windows\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.217.73.52:8080
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
      O1 - Hosts: 208.65.153.251 uk.youtube.com
      O1 - Hosts: 208.65.153.253 de.youtube.com
      O1 - Hosts: 208.117.236.70 youtube.com
      O1 - Hosts: 208.117.236.70 www.youtube.com
      O1 - Hosts: 74.125.65.118 img.youtube.com
      O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
      O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
      O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
      O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
      O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
      O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
      O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
      O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
      O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
      O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
      O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
      O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
      O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
      O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
      O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
      O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
      O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
      O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
      O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
      O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
      O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
      O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
      O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
      O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
      O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
      O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
      O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
      O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
      O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
      O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
      O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
      O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
      O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
      O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
      O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
      O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
      O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
      O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
      O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
      O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
      O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
      O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
      O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
      O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
      O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
      O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
      O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
      O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
      O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
      O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
      O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
      O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
      O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
      O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
      O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
      O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
      O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
      O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
      O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
      O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
      O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
      O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
      O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
      O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
      O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
      O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
      O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
      O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
      O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
      O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
      O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
      O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
      O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
      O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
      O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
      O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
      O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
      O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
      O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
      O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
      O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
      O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
      O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
      O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
      O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
      O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
      O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
      O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
      O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com
      O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com
      O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com
      O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com
      O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com
      O1 - Hosts: 64.15.125.33 sjc-v94.sjc.youtube.com
      O1 - Hosts: 64.15.125.34 sjc-v95.sjc.youtube.com
      O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
      O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
      O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
      O8 - Extra context menu item: &FlashGet ile indir - C:\Program Files\FlashGet\jc_link.htm
      O8 - Extra context menu item: &Tümünü FlashGet ile indir - C:\Program Files\FlashGet\jc_all.htm
      O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame
      O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image
      O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link
      O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude
      O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report
      O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
      O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
      O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
      O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/TR-TR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D0BB3ACE-4ED3-4D65-BB86-1A0C6CAF351F} - http://212.175.239.246:81/avaLaunch94.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{377C334B-EB5E-42E6-9E02-F0E1A6B3F88B}: NameServer = 212.57.1.17,212.57.1.18,212.175.13.114
      O17 - HKLM\System\CCS\Services\Tcpip\..\{B1AADCC1-DD46-4DF8-ABAB-DC7534CBB564}: NameServer = 212.57.1.17,212.57.1.18,212.175.13.114
      O17 - HKLM\System\CS1\Services\Tcpip\..\{377C334B-EB5E-42E6-9E02-F0E1A6B3F88B}: NameServer = 212.57.1.17,212.57.1.18,212.175.13.114
      O17 - HKLM\System\CS3\Services\Tcpip\..\{377C334B-EB5E-42E6-9E02-F0E1A6B3F88B}: NameServer = 212.57.1.17,212.57.1.18,212.175.13.114
      O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
      O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
      O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
      O23 - Service: Yazdırma Biriktiricisi (Spooler) - Unknown owner - C:\windows\system32\spoolsv.exe (file missing)

      --
      End of file - 12860 bytes



      _____________________________

    • Binbaşı
      1189 Mesaj
      23 Ekim 2008 19:59:53
      @serji merhaba,

      söylediğin şekilde programı çalıştırdım ve çıkan sonuç aşağıda

      yardımcı olabilirsen sevinirim, kolay gelsin...

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:52:16, on 23.10.2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
      C:\WINDOWS\FixCamera.exe
      C:\WINDOWS\vsnp2std.exe
      C:\Program Files\Winamp\winampa.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
      C:\Program Files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe
      C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
      C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
      C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Network Associates\VirusScan\VsStat.exe
      C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
      C:\Program Files\Network Associates\VirusScan\Webscanx.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
      C:\WINDOWS\system32\WgaTray.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
      O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
      O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
      O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
      O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ?
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) - https://sube.garanti.co...ib/JaguarEditControl.CAB
      O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Magic%20Match%202/Images/stg_drm.ocx
      O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - http://download.speakyweb.com/speakyldr.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com...1/resources/MSNPUpld.cab
      O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Magic%20Match%202/Images/armhelper.ocx
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macr...e/cabs/flash/swflash.cab
      O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://m.boonty.com/web...cap/popcaploader_v10.cab
      O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.c...aol/unagi/ampx_en_dl.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{97923B87-DA5A-427C-91BD-45D7E82418A0}: NameServer = 4.2.2.1,4.2.2.2
      O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

      --
      End of file - 8675 bytes



      _____________________________

    • Emekli Yönetici
      8908 Mesaj
      23 Ekim 2008 22:03:15
      quote:

      Orjinalden alıntı: vampoo
      s.a. dostum.. aşağıda göndermiş olduum log dosyası internetcafemdeki bi bilgisayara ait.. inceleme ve yorumlarını bekliyorum.. şimdiden teşekkü ederim..

      Sisteme cok ciddi virus bulasmis. Temizledikten sonra tekrar bulasmamasi icin bir kac onlem alacagiz. Bu arada mesaji duzenleyip O20'li satiri siler misin? Sayfayi uzatiyor da

      * HijackThis adlı programı açın.
      * Do a system scan only seçeneğine tıklayın.
      * Aşağıdaki satırları işaretleyin.

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.tr 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O1 - Hosts: 127.1 localhost
      O1 - Hosts: 127.1 fffff8888fsgfbghj88.cn
      O1 - Hosts: 127.1 61.134.37.12
      O1 - Hosts: 127.1 ko.ssa387.cn
      O1 - Hosts: 127.1 www.ndxrr.cn
      O1 - Hosts: 127.1 12345.ssa387.cn
      O1 - Hosts: 127.1 lihai88.com
      O1 - Hosts: 127.1 wwwwhf.cn
      O1 - Hosts: 127.1 a89369093.sq.u9idc.com
      O1 - Hosts: 127.1 www.mmd178.cn
      O1 - Hosts: 127.1 www.178mmd.cn
      O1 - Hosts: 127.1 www.wenzhuoyyy.cn
      O1 - Hosts: 127.1 tw.lovechina.tw.cn
      O1 - Hosts: 127.1 222.189.238.151
      O1 - Hosts: 127.1 222.179.185.78
      O1 - Hosts: 127.1 www.wq9q.cn
      O1 - Hosts: 127.1 593ffcey.cn
      O1 - Hosts: 127.1 set.yay520.cn
      O1 - Hosts: 127.1 tenmoc999.cn
      O1 - Hosts: 127.1 lihai88.com
      O1 - Hosts: 127.1 121.kcuf-01.com
      O1 - Hosts: 127.1 www.ew1q.cn
      O1 - Hosts: 127.1 www.b3sk.cn
      O1 - Hosts: 127.1 up.bizmd.cn
      O1 - Hosts: 127.1 www.ms2a.cn
      O1 - Hosts: 127.1 www.wo9188.cn
      O1 - Hosts: 127.1 www.fgetchr.cn
      O1 - Hosts: 127.1 www.e6zx.cn
      O1 - Hosts: 127.1 hai067.com
      O1 - Hosts: 127.1 hai088.com
      O1 - Hosts: 127.1 778899.jd8j.cn
      O1 - Hosts: 127.1 sql.78-11.net
      O1 - Hosts: 127.1 www.bbbirdy.com
      O1 - Hosts: 127.1 www.s1na1.com.cn
      O1 - Hosts: 127.1 www.dianyinjzd.cn
      O1 - Hosts: 127.1 www.dj5201314dj.com
      O1 - Hosts: 127.1 max-2.cn
      O1 - Hosts: 127.1 a.asp-o.cn
      O1 - Hosts: 127.1 b.asp-o.cn
      O1 - Hosts: 127.1 c.asp-o.cn
      O1 - Hosts: 127.1 x.kprobb.cn
      O1 - Hosts: 127.1 js.php-k.cn
      O1 - Hosts: 127.1 max-1.cn
      O1 - Hosts: 127.1 max-3.cn
      O1 - Hosts: 127.1 max-4.cn
      O1 - Hosts: 127.1 max-5.cn
      O1 - Hosts: 127.1 max-6.cn
      O1 - Hosts: 127.1 max-7.cn
      O1 - Hosts: 127.1 max-8.cn
      O1 - Hosts: 127.1 max-9.cn
      O1 - Hosts: 127.1 max-10.cn
      O1 - Hosts: 127.1 max-11.cn
      O1 - Hosts: 127.1 max-12.cn
      O1 - Hosts: 127.1 twocannon250.com.cn
      O1 - Hosts: 127.1 www.133mm.cn
      O1 - Hosts: 127.1 www.51vmm.cn
      O1 - Hosts: 127.1 www.7mmoo.cn
      O1 - Hosts: 127.1 www.99mmm.org.cn
      O1 - Hosts: 127.1 www.hdec.cn
      O1 - Hosts: 127.1 www.picc18.com
      O1 - Hosts: 127.1 www.kissdh.com
      O1 - Hosts: 127.1 www.x7v.cn
      O1 - Hosts: 127.1 biqulu.cn
      O1 - Hosts: 127.1 2008.qq2006.com.cn
      O1 - Hosts: 127.1 giaitrisex.com
      O1 - Hosts: 127.1 www.giaitrisex.com
      O1 - Hosts: 127.1 www.giaitrituoitre.net
      O1 - Hosts: 127.1 mekiep.com
      O1 - Hosts: 127.1 www.1sex1day.com
      O1 - Hosts: 127.1 a.9ymm.com
      O1 - Hosts: 127.1 bobo.7wyt.com
      O1 - Hosts: 127.1 www.591caobi.cn
      O1 - Hosts: 127.1 www.hrz008.cn
      O1 - Hosts: 127.1 asp-15.cn
      O1 - Hosts: 127.1 asp-12.cn
      O1 - Hosts: 127.1 www.jb88.net
      O1 - Hosts: 127.1 6.a88a.com
      O1 - Hosts: 127.1 w.b2c3.cn
      O1 - Hosts: 127.1 m.c5x8.com
      O1 - Hosts: 127.1 www.518sfw.cn
      O1 - Hosts: 127.1 www.jjyyzmj.cn
      O1 - Hosts: 127.1 u.cnmrx.net
      O1 - Hosts: 127.1 duowan.czm.cn
      O1 - Hosts: 127.1 xccxcxcxcxcx.cn
      O1 - Hosts: 127.1 google-yahoo.org.cn
      O1 - Hosts: 127.1 tudou-net.org.cn
      O1 - Hosts: 127.1 downloads.zango.com
      O1 - Hosts: 127.1 ftp.surfnet.nl
      O1 - Hosts: 127.1 bis.180solutions.com
      O1 - Hosts: 127.1 installs.hotbar.com
      O1 - Hosts: 127.1 www.hbdownloads.com
      O1 - Hosts: 127.1 static.zangocash.com
      O1 - Hosts: 127.1 www.qq-songli.cn
      O1 - Hosts: 127.1 aa.9234.net
      O1 - Hosts: 127.1 www.97love.info
      O1 - Hosts: 127.1 97love.info
      O1 - Hosts: 127.1 www.zyzhuiku.cn
      O1 - Hosts: 127.1 zyzhuiku.cn
      O1 - Hosts: 127.1 www.lang18.com
      O1 - Hosts: 127.1 lang18.com
      O1 - Hosts: 127.1 sao6666.com
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main
      O4 - HKLM\..\Run: [HBService32] System.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Reader Hızlı Çalıştırma.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O20 - AppInit_DLLs: HBmhly.dll,HB1000Y.dll,HBWOOOL.dll,HBXY2.dll,HBJXSJ.dll,HBSO2.dll,HBFS2.dll,HBXY3.dll,HBSHQ.dll,HBFY.dll,HBWULIN2.dll,HBW2I.dll,HBKDXY.dll,HBWORLD2.dll,HBASKTAO.dll,HBZHUXIAN.dll,HBWOW.dll,HBZERO.dll,HBBO.dll,HBCONQUER.dll,HBSOUL.dll,HBCHIBI.dll,HBDNF.dll,HBWARLORDS.dll,HBTL.dll,HBPICKCHINA.dll,HBCT.dll,HBGC.dll,HBHM.dll,HBHX2.dll,HBQQHX.dll,HBTW2.dll,HBQQSG.dll,HBQQFFO.dll,HBZT.dll,HBMIR2.dll,HBRXJH.dll,HBYY.dll,HBMXD.dll,HBSQ.dll,HBTJ.dll,HBFHZL.dll,HBWLQX.dll,HBLYFX.dll,HBR2.dll,HBCHD.dll,HBTZ.dll,HBQQXX.dll,HBWD.dll,HBZG.dll,HBPPBL.dll,HBXMJ.dll,HBJTLQ.dll,HBQJSJ.dll
      O21 - SSODL: Upnp - {DE01DA19-A6A8-EB80-4D47-248DEB2A9399} - C:\WINDOWS\system32\upnpsrv.dll


      * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı Adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.



      _____________________________

    • Emekli Yönetici
      8908 Mesaj
      23 Ekim 2008 22:06:02

      quote:

      Orjinalden alıntı: Tekos

      @Serji, yardımlarınız için tşk ederim.Bunların hepsini teker teker araştırıp öğrenebilecek vaktim yokdu ama sizin bu konudaki deneyimleriniz bana çok yardımcı oldu.Dediğiniz işlemleri yaptım tekrardan log dosyalarını gonderin demişsiniz gonderiyorum.

      Sorunlar cozulmuse benziyor. Simdi virusleri devre disi biraktik. Sira temizlemeye geldi.

      Combofix adli programi indirin.

      http://www.guvenlikuzma...om/dosyalar/ComboFix.exe

      1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
      2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
      3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
      4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
      5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
      6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
      7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
      8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
      9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.



      _____________________________

    • Emekli Yönetici
      8908 Mesaj
      23 Ekim 2008 22:09:29

      quote:

      Orjinalden alıntı: onurg82

      merhaba hocam kolay gelsin.benim log file budur :

      * HijackThis adlı programı açın.
      * Do a system scan only seçeneğine tıklayın.
      * Aşağıdaki satırları işaretleyin.

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.13.1.24:8080
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;10.13*;<local>
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
      2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
      O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
      O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
      O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
      O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bcnet.com
      O17 - HKLM\Software\..\Telephony: DomainName = bcnet.com
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bcnet.com
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bcnet.com
      O20 - AppInit_DLLs: C:\WINDOWS\system32\tmp_1x8.dll


      * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı Adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.

      NOT: Fixten sonra bir HJT logu daha gonderir misin. Sistemde virus var emin olmak istiyorum temizlendiginden.



      _____________________________

    • Emekli Yönetici
      8908 Mesaj
      23 Ekim 2008 22:12:45

      quote:

      Orjinalden alıntı: ibokozan

      serji abi benim liste 92. sayafada kaldı lütfen yardımcı ol :) benden sonra gelenlere yardım etmişsin. sanırım gözünden kaçtım abi ya lütfen......

      sayfanin en basina bak. Bu sayfaya goreceksin. Gozumden kacmadi cevapladim


      quote:

      Orjinalden alıntı: cordor

      Merhaba, öncelikle tekrar bizlere yardımcı olmaya çalıştığın için teşekkür ederim. Yaklaşık on dakika önce Avast "amvo.exe" diye bir truva atı buldu. Daha sonra mevcut dosyayı, dikkatlice dos ortamında kaldırdım, gerekli regedit temizliğini de yaptım. Ancak format atmamın 2.gününde böyle bir şey yaşadığım için ve PC güvenliğimin önemli olması nedeniyle sizden bir Hijack loglarımı kontrol etmenizi rica edeceğim. Tekrar teşekkür ederim.

      Ve bu mesajı yazarken, tekrardan bir uyarı aldım AMVO1.DLL olarak :)


      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


      Amvo virusunden dolayidir. Daha sonra asagidaki islemleri yapip virusu temizleyelim. Temizledikten sonra koruma islemlerini de yapariz.


      http://www.guvenlikuzma...om/dosyalar/ComboFix.exe

      1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
      2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
      3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
      4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
      5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
      6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
      7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
      8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
      9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.



      _____________________________

    • Emekli Yönetici
      8908 Mesaj
      23 Ekim 2008 22:15:35

      quote:

      Orjinalden alıntı: linkin_park20

      serji kolay gelsin sayende bilgisayar nefes aldı. acaba önerdigin antivirüs programı var mı?

      Tesekkurler Linkinpark. Ben bitdefender kullaniyorum ve tavsiye ederim. Total Security 2009 versiyonunu kurarsan herhangi bir ekstra guvenlik duvari vs kurmana gerek kalmaz. Koruma icin gerekli tum bilesenleri iceriyor. Onun disinda Avira da kullanabilirsin.


      quote:

      Orjinalden alıntı: Engin.K

      Bilgisayar son 1 haftadır acayip yavaşladı dosyada youtube ile ilgili şeyler göreceksiniz onlar uzun zamandır var daha önce böyle yavas degildi o youtube için dns çözücü ama eger zararlı diyorsanız kaldırayım

      Buyuk bir sorun gozukmuyor fakat internet yavasligi proxy'den dolayi olabilir. Sorun fixtensonra da cozulmezse diger adimlari uygulayin.

      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.217.73.52:8080 
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll


      Malwarebytes Antimalware adlı programı indirin.

      http://www.guvenlikuzma.../dosyalar/mbam-setup.exe

      * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
      * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
      * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
      * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
      * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
      * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
      * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
      * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
      * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.



      _____________________________

    • Emekli Yönetici
      8908 Mesaj
      23 Ekim 2008 22:18:09

      quote:

      Orjinalden alıntı: avcihuan

      @serji merhaba,

      söylediğin şekilde programı çalıştırdım ve çıkan sonuç aşağıda

      yardımcı olabilirsen sevinirim, kolay gelsin...



       
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
      O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
      O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


      Kolay eglsin.



      _____________________________

    • Yüzbaşı
      672 Mesaj
      24 Ekim 2008 03:25:08
      Tekrar merhaba, dediğiniz işlemleri sırasına uyarak uyguladım. İstediğiniz log aşağıda ;

      ComboFix 08-10-23.03 - Q 2008-10-24  3:17:52.6 - NTFSx86 
      Microsoft Windows XP Professional 5.1.2600.2.1254.1.1055.18.1641 [GMT 3:00]
      Running from: C:\Documents and Settings\Q\Desktop\ComboFix.exe
      * Created a new restore point

      [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
      .

      ((((((((((((((((((((((((( Files Created from 2008-09-24 to 2008-10-24 )))))))))))))))))))))))))))))))
      .

      2008-10-24 02:54 . 2008-06-14 20:59 272,000 --------- C:\WINDOWS\system32\drivers\bthport.sys
      2008-10-24 02:54 . 2008-06-14 20:59 272,000 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
      2008-10-24 02:52 . 2008-08-14 16:44 2,182,272 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
      2008-10-24 02:52 . 2008-08-14 16:44 2,138,112 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
      2008-10-24 02:52 . 2008-08-14 16:44 2,059,648 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
      2008-10-24 02:52 . 2008-08-14 16:44 2,017,792 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
      2008-10-24 02:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
      2008-10-24 02:37 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
      2008-10-24 02:24 . 2008-10-24 02:24 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
      2008-10-23 14:45 . 2008-10-23 14:55 <DIR> d-------- C:\Program Files\Dracula Virüs Temizleyici
      2008-10-23 14:33 . 2008-01-14 20:34 241 --a------ C:\WINDOWS\system32\gizliaktifolsun.bat
      2008-10-23 14:33 . 2008-01-14 20:34 241 --a------ C:\gizliaktifolsun.bat
      2008-10-23 02:02 . 2008-10-23 02:02 103,570 -r-hs---- C:\je26200.com
      2008-10-22 22:59 . 2008-10-22 22:59 <DIR> d-------- C:\Documents and Settings\Q\Application Data\GRETECH
      2008-10-22 22:59 . 2008-10-22 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
      2008-10-22 22:58 . 2008-10-22 22:58 <DIR> d-------- C:\Program Files\GRETECH
      2008-10-22 02:55 . 2005-11-30 21:20 2,314,332 --------- C:\WINDOWS\system32\LIBMMD.DLL
      2008-10-22 02:55 . 2000-05-21 22:00 1,066,176 --------- C:\WINDOWS\system32\mscomctl.ocx
      2008-10-22 02:55 . 1998-06-23 22:00 609,584 --------- C:\WINDOWS\system32\comctl32.ocx
      2008-10-22 02:55 . 2001-03-13 11:49 120,320 --------- C:\WINDOWS\system32\comdlg32.ocx
      2008-10-22 02:55 . 2000-05-22 15:58 115,920 --------- C:\WINDOWS\system32\msinet.ocx
      2008-10-22 01:28 . 2008-10-22 12:39 <DIR> d-------- C:\Documents and Settings\Q\Application Data\Lavasoft
      2008-10-22 01:25 . 2008-10-22 01:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-10-22 01:25 . 2008-10-22 01:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-10-21 16:41 . 2008-10-23 14:06 53,248 --------- C:\WINDOWS\system32\apache.dll
      2008-10-21 01:57 . 2008-10-22 01:41 <DIR> d-------- C:\Documents and Settings\Q\Contacts
      2008-10-21 01:57 . 2008-10-21 01:57 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
      2008-10-21 01:36 . 2008-10-21 01:36 <DIR> d---s---- C:\Documents and Settings\Q\UserData

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-10-23 23:50 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
      2008-10-23 23:49 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
      2008-10-23 23:24 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
      2008-10-23 23:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-10-23 23:18 --------- d-----w C:\Documents and Settings\Q\Application Data\Hamachi
      2008-10-23 22:29 --------- d-----w C:\Program Files\FlashGet
      2008-10-23 14:01 --------- d-----w C:\Documents and Settings\Q\Application Data\Xfire
      2008-10-23 10:18 --------- d-----w C:\Program Files\Xfire
      2008-10-22 09:40 --------- d-----w C:\Program Files\Windows Live
      2008-10-22 09:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
      2008-10-21 00:17 --------- d-----w C:\Program Files\Hamachi
      2008-10-21 00:16 17,480 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
      2008-10-20 23:43 22,328 ----a-w C:\Documents and Settings\Q\Application Data\PnkBstrK.sys
      2008-10-20 23:37 --------- d-----w C:\Program Files\Activision
      2008-10-20 23:31 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
      2008-10-20 23:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-10-20 22:46 --------- d-----w C:\Program Files\Realtek
      2008-10-20 22:34 --------- d-----w C:\Program Files\Creative
      2008-10-20 22:29 --------- d-----w C:\Program Files\Common Files\InstallShield
      2008-10-20 22:18 --------- d-----w C:\Program Files\Teamspeak2_RC2
      2008-10-20 22:17 --------- d-----w C:\Program Files\RivaTuner v2.06
      2008-10-20 22:14 --------- d-----w C:\Program Files\DAEMON Tools Lite
      2008-10-20 22:11 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
      2008-10-20 22:11 --------- d-----w C:\Program Files\Winamp
      2008-10-20 22:11 --------- d-----w C:\Documents and Settings\Q\Application Data\DAEMON Tools
      2008-10-20 22:10 --------- d-----w C:\Program Files\MSXML 6.0
      2008-10-20 22:10 --------- d-----w C:\Program Files\Microsoft IntelliPoint
      2008-10-20 22:09 --------- d-----w C:\Program Files\NVIDIA Corporation
      2008-10-20 22:09 --------- d-----w C:\Documents and Settings\Q\Application Data\Ahead
      2008-10-20 22:08 --------- d-----w C:\Program Files\Windows Media Connect 2
      2008-10-20 22:08 --------- d-----w C:\Program Files\Common Files\Ahead
      2008-10-20 22:08 --------- d-----w C:\Program Files\Ahead
      2008-10-20 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
      2008-10-20 21:48 --------- d-----w C:\Program Files\AGEIA Technologies
      2008-10-20 21:46 --------- d-----w C:\Program Files\Intel
      2008-10-20 21:44 315,392 ----a-w C:\WINDOWS\HideWin.exe
      2008-10-20 21:40 --------- d-----w C:\Documents and Settings\Q\Application Data\InstallShield
      2008-10-20 21:39 --------- d-----w C:\Program Files\Gigabyte
      2008-10-20 21:37 --------- d-----w C:\Program Files\Alwil Software
      2008-10-20 21:30 --------- d-----w C:\Program Files\microsoft frontpage
      2008-10-09 00:47 42,320 ------w C:\WINDOWS\system32\xfcodec.dll
      2008-09-15 15:39 1,846,016 ------w C:\WINDOWS\system32\win32k.sys
      2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
      2008-08-20 05:37 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
      2008-08-14 13:44 2,138,112 ------w C:\WINDOWS\system32\ntoskrnl.exe
      2008-08-14 13:44 2,017,792 ------w C:\WINDOWS\system32\ntkrnlpa.exe
      2008-08-06 04:51 453,152 ------w C:\WINDOWS\system32\NVUNINST.EXE
      2008-08-01 08:05 70,936 ------w C:\WINDOWS\system32\PhysXLoader.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-08-15 13570048]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-08-15 86016]
      "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
      "RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 2650112]
      "nwiz"="nwiz.exe" [2008-08-15 C:\WINDOWS\system32\nwiz.exe]
      "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 C:\WINDOWS\RTHDCPL.exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "NoDesktopCleanupWizard"= 1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoDesktopCleanupWizard"= 1 (0x1)

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "NoDesktopCleanupWizard"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.XFR1"= xfcodec.dll
      "msacm.divxa32"= msaud32_divx.acm

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
      --a------ 2008-08-08 15:11 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
      --a------ 2007-09-25 11:10 2007088 C:\Program Files\FlashGet\flashget.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
      --------- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
      --a------ 2007-07-03 12:32 81920 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
      --a------ 2007-02-13 21:29 35328 C:\Program Files\Winamp\winampa.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "wuauserv"=2 (0x2)
      "wscsvc"=2 (0x2)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\FlashGet\\flashget.exe"=
      "C:\\Program Files\\Xfire\\xfire.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
      "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
      "D:\\TQ\\2\\Tqit.exe"=
      "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
      R2 LMS;Intel(R) Active Management Technology LMS Service;C:\Program Files\Intel\AMT\LMS.exe [2006-06-28 98304]
      R3 ZY202_XP;ZyXEL 802.11g XG202 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2006-11-27 437760]
      S3 V0330VID;WebCam Vista;C:\WINDOWS\system32\DRIVERS\V0330Vid.sys [2006-09-12 173632]
      S3 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a925689-9efa-11dd-b1dc-0019cb852095}]
      \Shell\AutoRun\command - I:\je26200.com
      \Shell\explore\Command - I:\je26200.com
      \Shell\open\Command - I:\je26200.com

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb1f691e-a0f5-11dd-b1e2-0019cb852095}]
      \Shell\AutoRun\command - F:\cqdis.cmd
      \Shell\explore\Command - F:\cqdis.cmd
      \Shell\open\Command - F:\cqdis.cmd
      .
      .
      ------- Supplementary Scan -------
      .
      FireFox -: Profile - C:\Documents and Settings\Q\Application Data\Mozilla\Firefox\Profiles\iynd2gr9.default\
      FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.tr/
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-10-24 03:18:49
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      Completion time: 2008-10-24 3:19:09
      ComboFix-quarantined-files.txt 2008-10-24 00:19:07
      ComboFix2.txt 2008-10-24 00:13:30
      ComboFix3.txt 2008-10-23 11:37:06
      ComboFix4.txt 2008-10-21 22:22:09
      ComboFix5.txt 2008-10-24 00:17:35

      Pre-Run: 88.220.487.680 bayt boş
      Post-Run: 88,208,941,056 bayt boş

      177 --- E O F --- 2008-10-24 00:05:56




      İlginiz ve alakanız için çok teşekkür ederim.



      _____________________________

    • Teğmen
      176 Mesaj
      24 Ekim 2008 04:00:32
      quote:

      Orjinalden alıntı: serji

      Sisteme cok ciddi virus bulasmis. Temizledikten sonra tekrar bulasmamasi icin bir kac onlem alacagiz. Bu arada mesaji duzenleyip O20'li satiri siler misin? Sayfayi uzatiyor da





      dostum aynen dediğin gibi yaptım.. fakat o işlemi yaparken bi tane müşteri vardı ve işlemi yaptığım pc de ağa bağlıydı.. ilk gönderdiğim log daki hosts diye başlayan satırlar gitti yerine başkaları geldi.. bende anamakina dahil bütün pc leri ağdan çıkarttım sadece işlem yaptıım makina ağda olduu halde işlemi uyguladım.. daha sonra herşeyi normala çevirip anamakida nete bağlandım.. ve aldığım log aşağıdaki gibi... pek anlamıyorum ama ilk gönderdiğime bakarsak sanırım işe yaradı şimdiden çok çok teşekkür ederim sana... şimdi yatıcam ve emin ol senin için de dua edicm..

      bu arada sana özel msj atmıştım... vaktin olurda okursan çok sevinirim... sağlıcakla kal...


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 03:56:00, on 24.10.2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Vtune\TBPanel.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\system32\filtre.exe
      C:\Program Files\DAEMON Tools Lite\daemon.exe
      C:\WINDOWS\system32\csrsm.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.tr
      O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [Filtre] C:\WINDOWS\system32\filtre.exe
      O4 - HKLM\..\Run: [CafePlus Client] C:\Program Files\AKINSOFT\Cplus7\Client7\CplusC.exe
      O4 - HKLM\..\Run: [HBService32] SYSTEM.EXE
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O17 - HKLM\System\CCS\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
      O17 - HKLM\System\CS1\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
      O17 - HKLM\System\CS2\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
      O17 - HKLM\System\CS3\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs: Bmhly.dll,HB1000Y.dll,HBWOOOL.dll,HBXY2.dll,HBJXSJ.dll,HBSO2.dll,HBFS2.dll,HBXY3.dll,HBSHQ.dll,HBFY.dll,HBWULIN2.dll,HBW2I.dll,HBKDXY.dll,
      HBWORLD2.dll,HBASKTAO.dll,HBZHUXIAN.dll,HBWOW.dll,HBZERO.dll,HBBO.dll,HBCONQUER.dll,HBSOUL.dll,HBCHIBI.dll,HBDNF.dll,HBWARLORDS.dll,
      HBTL.dll,HBPICKCHINA.dll,HBCT.dll,HBGC.dll,HBHM.dll,HBHX2.dll,HBQQHX.dll,HBTW2.dll,HBQQSG.dll,HBQQFFO.dll,HBZT.dll,HBMIR2.dll,HBRXJH.dll,
      HBYY.dll,HBMXD.dll,HBSQ.dll,HBTJ.dll,HBFHZL.dll,HBWLQX.dll,HBLYFX.dll,HBR2.dll,HBCHD.dll,HBTZ.dll,HBQQXX.dll,HBWD.dll,HBZG.dll,HBPPBL.dll,
      HBXMJ.dll,HBJTLQ.dll,HBQJSJ.dll
      O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
      O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file)
      O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll
      O23 - Service: CafePlusServiceMain - Unknown owner - C:\Program Files\AKINSOFT\Cplus7\Client7\cplusinject.exe
      O23 - Service: DFServEx - Hyper Technologies Inc. - C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

      --
      End of file - 3535 bytes



      < Bu mesaj bu kişi tarafından değiştirildi vampoo -- 24 Ekim 2008; 3:59:45 >
      _____________________________





      İmzam gural dışıymış...
Reklamlar
-x
Bildirim
mesajınız kopyalandı (ctrl+v) yapıştırmak istediğiniz yere yapıştırabilirsiniz.