Yeni Kayıt
Konudaki Resimler
önceki
< Bu mesaj bu kişi tarafından değiştirildi embercrescent -- 25 Aralık 2008; 15:19:19 > |
Hızlı 
Bildirim
HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (318. sayfa)
Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Daha Fazla 
Bu Konudaki Kullanıcılar:
Daha Az 
2 Misafir - 2 Masaüstü
Giriş
Mesaj
-
-
quote:
Orjinalden alıntı: mvpeko
allah razı olsun hocam çok sağolll..
Amin. Allah cumlemizden razi olsun.
quote:
Orjinalden alıntı: 44mustika
başını biraz ağrıttım serji kardeş hakkını helal et. 2 yıldır burada elinden geldiğince herkese yardım etmeye çalışıyosun inş bu böyle devam eder. başarılarının devamı diliyorum. ii geceler
Eger hakkim varsa helal olsun tabi. MEsaj icin tesekkurler.
quote:
Orjinalden alıntı: embercrescent
selam serji... bu foruma daha yeni üye oldum ve bu başlığı görünce format attığım halde kurtulamadığım şu illeti sana göstermek istedim... modemden mi kaynaklı nedir bilmem ama eternet kablosunu başka pc ye takınca aynı sorun ona da geçiyor:) sorun şu ki:
http://img412.imageshack.us/my.php?image=adszjc7.png
olay da bu çıktı:
Daha bana yardım etmedin ama bu kadar süre bu kadar insana yardım ettiğin için helal olsun ve de teşekkür ederim...
Evet maalesef modemden kaynakli bir hata. Cok kez bas agrittigini biliyorum. Duzeltmek icin: 192.168.1.1 adresine gidip admin sifresini gir. Advanced - TMSS - Enable Trend Micro... yanindaki isareti kaldir ve kaydetip routeri yeniden baslat. Kolay gelsin.
-
Merhaba, benim pc de virüs var. Pc yi açtıktan 1 dk sonra mavi bir ekran geliyor. Bir sürü yazı var ancak okuyamıyorum. 1 sn içinde pc reset atıyor. Çoğu virüs programını açıyor ve resmi sitelerine girmiyor. Virüs programlarına kurmaya çalışırken " Sistem yöneticisi, bu yüklemeyi engelleyecek ilkeler atamış." diyor. Sistem geri yüklemeyi açabiliyorum. Ancak son aşamada ileri butonuna basınca hiçbirşey olmuyor. Ağ desteği ile güvenli moddan girebiliyorum.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:09, on 25.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Downloads\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
O1 - Hosts: 208.65.153.251 uk.youtube.com
O1 - Hosts: 208.65.153.253 de.youtube.com
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70 www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com
O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com
O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com
O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com
O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com
O1 - Hosts: 64.15.125.33 sjc-v94.sjc.youtube.com
O1 - Hosts: 64.15.125.34 sjc-v95.sjc.youtube.com
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [sysftray2] c:\windows\kenny11.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PromoReg] C:\DOCUME~1\deniz\LOCALS~1\Temp\TMP11.tmp
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &FlashGet ile indir - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Tümünü FlashGet ile indir - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) -http://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocx
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215315800296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215298099519
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D273B05-4DBA-45E0-B6E8-7B7F5AC59128}: NameServer = 4.2.2.1,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{715431A6-DA74-43C3-8CDB-FE7E8DF95248}: NameServer = 212.175.13.116,193.140.83.251,212.175.13.115
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 12497 bytes
-
serji kardeş sorunu hallettim. hardiskte falza yer kalmamış en son 6 gb vardı, bu yüzden sistem geri yükleme noktalarını silmiş. :) 5 kez geri yükle dedim o da sonunda yükledi 
fakat haberiniz olsun microsoft un bi güncellemesi var onu sakın yüklemeyin. Software Distribution Service 3.0 pc yi kitliyo.
bu kadar uğraştan sonra bi overlock deneyimi yaşamak istiyorum inş yaparım :) ilk denemem olcak. hadi ii geceler serji kardeş -
Orjinalden alıntı: embercrescent
selam serji... bu foruma daha yeni üye oldum ve bu başlığı görünce format attığım halde kurtulamadığım şu illeti sana göstermek istedim... modemden mi kaynaklı nedir bilmem ama eternet kablosunu başka pc ye takınca aynı sorun ona da geçiyor:) sorun şu ki:
http://img412.imageshack.us/my.php?image=adszjc7.png
olay da bu çıktı:
Daha bana yardım etmedin ama bu kadar süre bu kadar insana yardım ettiğin için helal olsun ve de teşekkür ederim...
Evet maalesef modemden kaynakli bir hata. Cok kez bas agrittigini biliyorum. Duzeltmek icin: 192.168.1.1 adresine gidip admin sifresini gir. Advanced - TMSS - Enable Trend Micro... yanindaki isareti kaldir ve kaydetip routeri yeniden baslat. Kolay gelsin.
Çok sağol serji... Admin şifresini bilsem sorunun çözülüp çözülemediğini de sana bildirecektim ama bilmiyorum şifreyi işte:) Yapcak bişi yok... Çok sağol... Evdeki pc im içinde sana danışacam haberin olsun:) Teşekkürler...
-
quote:
Orjinalden alıntı: Freekans
Merhaba, benim pc de virüs var. Pc yi açtıktan 1 dk sonra mavi bir ekran geliyor. Bir sürü yazı var ancak okuyamıyorum. 1 sn içinde pc reset atıyor. Çoğu virüs programını açıyor ve resmi sitelerine girmiyor. Virüs programlarına kurmaya çalışırken " Sistem yöneticisi, bu yüklemeyi engelleyecek ilkeler atamış." diyor. Sistem geri yüklemeyi açabiliyorum. Ancak son aşamada ileri butonuna basınca hiçbirşey olmuyor. Ağ desteği ile güvenli moddan girebiliyorum.
* HijackThis adlı programı açın.
* Do a system scan only seçeneğine tıklayın.
* Aşağıdaki satırları işaretleyin.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [sysftray2] c:\windows\kenny11.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [PromoReg] C:\DOCUME~1\deniz\LOCALS~1\Temp\TMP11.tmp
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
* CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı Adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.
Combofix adli programi indirin.
http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
-
quote:
Orjinalden alıntı: 44mustika
serji kardeş sorunu hallettim. hardiskte falza yer kalmamış en son 6 gb vardı, bu yüzden sistem geri yükleme noktalarını silmiş. :) 5 kez geri yükle dedim o da sonunda yükledi
fakat haberiniz olsun microsoft un bi güncellemesi var onu sakın yüklemeyin. Software Distribution Service 3.0 pc yi kitliyo.
bu kadar uğraştan sonra bi overlock deneyimi yaşamak istiyorum inş yaparım :) ilk denemem olcak. hadi ii geceler serji kardeş
Tesekkurler. Insallah olur fakat fazla kurcalamamani tavsiye ederim
quote:
Orjinalden alıntı: embercrescent
Çok sağol serji... Admin şifresini bilsem sorunun çözülüp çözülemediğini de sana bildirecektim ama bilmiyorum şifreyi işte:) Yapcak bişi yok... Çok sağol... Evdeki pc im içinde sana danışacam haberin olsun:) Teşekkürler...
Rica ederim ama modemin tam model ve markasini soylersen netten bulabiliriz
-
Burak kolay gelsin, şu benim loga da bir bakar mısın? Benim tereddüt ettiğim bazı yerler var dokunamadım ; bir sorayım dedim... Özellikle alıntı içine koyduklarım:
quote:
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:16:19, on 26.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Gigabyte\ET5Pro\GUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\program\SECURITY\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EasyTuneVPro] C:\Program Files\Gigabyte\ET5Pro\ETcall.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui önceden yükleyicisi - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Bileşen Katergorileri önbellek daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 5520 bytes
-
quote:
Orjinalden alıntı: !brahim
Burak kolay gelsin, şu benim loga da bir bakar mısın? Benim tereddüt ettiğim bazı yerler var dokunamadım ; bir sorayım dedim... Özellikle alıntı içine koyduklarım:
Onlar sorun olusturmaz. Muhtemelen ozel XP surumlerinden birini kullaniyorsun (perfect xp vs) o yuzden nlite ile yapildiklarindan dolayi bu sekilde oluyor.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-
Hızlı yanıt için teşekkürler, perfect xp kullanmıyorum, sadece zamanında sp3 ü nLite ile xp içine gömmüştüm ve o şekilde bir cd hazırlamıştım, ondan dolayıdır belki... -
SERJI tamam anladım da işletim sistemi sormadan direkt açılması için ne yapacağım ?
[boot loader]
timeout=20
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsost Windows XP Proffessional" /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="E" Microsoft Windows XP Proffessional
-
serji hocam ben senin başını çok ağrıtıyorum ama bir pc daha var aynı dertten muzdarip...daha önce sölediklerini uygulamaya çalıştım ama sanırım pek başarılı olamadım..yardımcı olurmusunnn????
hocam birde bu bilgisayarda da avast silinemiyor daha önce yardım ettiğin bilgisayarda da avast silinemiyor..ne yapabiliriz bu konuda???avastı silemiyorum güncelleyemiyorum hiç bir işe yaramıyor...
hocam avastı güvenli modda silebildimmm...bu bilgisayar için de senden öğrendiğim kadarını yaptımm sınuçları da ekliyorum...ms dos ta virüs görünmüyo artık..
hocam son bi isteğim bana bir virüs programı önerebilir misin sistemi kasmayan.. p4 1.7 işlemci 512 ram notebook içinnn...
Malwarebytes' Anti-Malware 1.31
Veritabanı versiyonu: 1551
Windows 5.1.2600 Service Pack 2
27.12.2008 00:31:50
mbam-log-2008-12-27 (00-31-50).txt
Tarama şekli: Derin Tarama (C:\|)
Taranmış nesneler: 62695
Geçen zaman: 1 hour(s), 4 minute(s), 43 second(s)
Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 0
Etkilenmiş Kayıt Değerleri: 0
Etkilenmiş Kayıt Veri Dosyaları: 1
Etkilenmiş Klasörler: 0
Etkilenmiş Dosyalar: 0
Etkilenmiş Hafıza İşlemleri:
(Tehlikeli nesne bulunmadı)
Etkilenmiş Hafıza Modülleri:
(Tehlikeli nesne bulunmadı)
Etkilenmiş Kayıt Anahtarları:
(Tehlikeli nesne bulunmadı)
Etkilenmiş Kayıt Değerleri:
(Tehlikeli nesne bulunmadı)
Etkilenmiş Kayıt Veri Dosyaları:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Etkilenmiş Klasörler:
(Tehlikeli nesne bulunmadı)
Etkilenmiş Dosyalar:
(Tehlikeli nesne bulunmadı)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:31:33, on 26.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\NCS\Sync\NetSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\xpuser\Desktop\HiJackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACD1A5A7-BD87-4B07-AA9B-41A6375DC548}: NameServer = 193.140.141.8
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NDC - Sysinternals -www.sysinternals.com - C:\DOCUME~1\xpuser\LOCALS~1\Temp\NDC.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ONET - Sysinternals -www.sysinternals.com - C:\DOCUME~1\xpuser\LOCALS~1\Temp\ONET.exe
O23 - Service: PKVTPMV - Sysinternals -www.sysinternals.com - C:\DOCUME~1\xpuser\LOCALS~1\Temp\PKVTPMV.exe
O23 - Service: QOJMLZBAJXVEHMJ - Sysinternals -www.sysinternals.com - C:\DOCUME~1\xpuser\LOCALS~1\Temp\QOJMLZBAJXVEHMJ.exe
--
End of file - 4728 bytes
< Bu mesaj bu kişi tarafından değiştirildi mvpeko -- 27 Aralık 2008; 2:00:19 >
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:56, on 27.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\BaSKenTLee\Belgelerim\İndirilenler\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://drift.ijji.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
O1 - Hosts: 208.65.153.251 uk.youtube.com
O1 - Hosts: 208.65.153.253 de.youtube.com
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com
O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com
O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com
O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com
O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com
O1 - Hosts: 64.15.125.33 sjc-v94.sjc.youtube.com
O1 - Hosts: 64.15.125.34 sjc-v95.sjc.youtube.com
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230281557656
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0910154-FCCF-4834-802E-A57177335AE9}: NameServer = 4.2.2.1,4.2.2.2
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 9361 bytes
-
quote:
Orjinalden alıntı: !brahim
Hızlı yanıt için teşekkürler, perfect xp kullanmıyorum, sadece zamanında sp3 ü nLite ile xp içine gömmüştüm ve o şekilde bir cd hazırlamıştım, ondan dolayıdır belki...
Rica ederim. Evet soyledigim gibi nlite ile ozellestirilmis bir xp versiyonu oldugundan dolayi bu sekilde.
quote:
Orjinalden alıntı: firstknigth
SERJI tamam anladım da işletim sistemi sormadan direkt açılması için ne yapacağım ?
[boot loader]
timeout=20
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsost Windows XP Proffessional" /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="E" Microsoft Windows XP Proffessional
Soyledim ya
Baslat - calistir - c:\boot.ini yazip entera bas.
[boot loader]
timeout=20
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
Bu sekilde degistir icerigi tamamen. Kaydet ve kapat.
-
quote:
Orjinalden alıntı: FreddY06
quote:
Orjinalden alıntı: serji
* Mesajınızda sorununuzu kısa da olsa bir şekilde belirtin. Hiç bir şekilde yorum yapılmayan, sadece log içeren mesajlar yanıtlanmayacaktır.
-
quote:
Orjinalden alıntı: mvpeko
serji hocam ben senin başını çok ağrıtıyorum ama bir pc daha var aynı dertten muzdarip...daha önce sölediklerini uygulamaya çalıştım ama sanırım pek başarılı olamadım..yardımcı olurmusunnn????
hocam birde bu bilgisayarda da avast silinemiyor daha önce yardım ettiğin bilgisayarda da avast silinemiyor..ne yapabiliriz bu konuda???avastı silemiyorum güncelleyemiyorum hiç bir işe yaramıyor...
hocam avastı güvenli modda silebildimmm...bu bilgisayar için de senden öğrendiğim kadarını yaptımm sınuçları da ekliyorum...ms dos ta virüs görünmüyo artık..
hocam son bi isteğim bana bir virüs programı önerebilir misin sistemi kasmayan.. p4 1.7 işlemci 512 ram notebook içinnn...
http://files.avast.com/files/eng/aswclear.exe
iki bilgisayardan da avasti bu program ile kaldirabilirsin.
Bitdefender en iyi koruma saglayan programlardan biri onu denemeni oneririm. Eger kasiyor dersen Avira ve kaspersky da kullanabilirsin. Fakat soyledigim gibi tercihim her zmaan bitdefenderdan yana.
-
Arkadaşlar alttaki logu kis 2009 ile tarratırıp virüs vb. sildirdikten sonra kayıt ettim.Şu an windowsun kurulu olduğu dizinden başka hiçbir sürücü bölümüne giremiyorum.Girmeye kalksam birlikte aç ekranı geliyor karşıma.Lütfen yardım edin
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:27, on 27.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
J:\WINDOWS\system32\RUNDLL32.EXE
J:\WINDOWS\RTHDCPL.EXE
J:\Program Files\Java\jre6\bin\jusched.exe
J:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Program Files\Steam\Steam.exe
J:\WINDOWS\system32\ctfmon.exe
J:\Program Files\Java\jre6\bin\jqs.exe
J:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
J:\Program Files\Speeditup Free\SearchDefender.exe
J:\Program Files\Speeditup Free\SpeedItUp.exe
J:\WINDOWS\system32\nvsvc32.exe
J:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
J:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
J:\WINDOWS\system32\wbem\wmiapsrv.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Program Files\WinRAR\WinRAR.exe
J:\WINDOWS\explorer.exe
J:\WINDOWS\regedit.exe
J:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\O1I7N8LI\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://www.searchgateway.net/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://www.searchgateway.net/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://www.searchgateway.net/search-Google-Gateway.php?sa=Search+Here&client=pub-4642981363251965&forid=1&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A11&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - j:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - J:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - J:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - j:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "J:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] J:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] J:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE J:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] J:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] J:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [AVP] "J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] J:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "J:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Search Defender] "J:\Program Files\Speeditup Free\SearchDefender.exe"
O4 - HKCU\..\Run: [SpeedItUpEX] J:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O8 - Extra context menu item: Add to Banner Ad Blocker - J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230304792281
O17 - HKLM\System\CCS\Services\Tcpip\..\{535F9E8B-1C09-40E5-AB50-C36A45FD4844}: NameServer = 4.2.2.1,4.2.2.2
O20 - AppInit_DLLs: J:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,J:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,J:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,J:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - J:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - J:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7044 bytes
< Bu mesaj bu kişi tarafından değiştirildi minerwa20 -- 27 Aralık 2008; 18:34:32 >
-
quote:
Orjinalden alıntı: yasef20
Arkadaşlar alttaki logu kis 2009 ile tarratırıp virüs vb. sildirdikten sonra kayıt ettim.Şu an windowsun kurulu olduğu dizinden başka hiçbir sürücü bölümüne giremiyorum.Girmeye kalksam birlikte aç ekranı geliyor karşıma.Lütfen yardım edin
* HijackThis adlı programı açın.
* Do a system scan only seçeneğine tıklayın.
* Aşağıdaki satırları işaretleyin.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://www.searchgateway.net/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://www.searchgateway.net/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://www.searchgateway.net/search-Google-Gateway.php?sa=Search+Here&client=pub-4642981363251965&forid=1&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A11&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - j:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - J:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - J:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - j:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
* CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı Adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.
Combofix adli programi indirin.
http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
-
Sistem son birkaç gündür durduk yerde kilitleniyor. Bir uygulama çalıştırmaya çalıştığımda Sistem dosyaya erişemedi. ...Öğeye erişmek için gereken izinlere sahip olmayabilirsiniz. Uyarısı veriyor... Ctrl + Alt+ Del çalışmıyor yönetici izniniz yok diye hata veriyor...
Yardımınız için şimdiden teşekkürler.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:00:57, on 27.12.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Deskcalc Pro\deskcalc.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Doctus\Doctus.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: TT Jacker :)
O1 - Hosts: 195.8.214.141 dailymotion.com
O1 - Hosts: 195.8.214.142 dailymotion.com
O1 - Hosts: 195.8.214.140www.dailymotion.com
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
O1 - Hosts: 67.228.223.62 mp3hanesi.com
O1 - Hosts: 67.228.223.62 mp3hanesi.net
O1 - Hosts: 67.228.223.62 mp3hanesi.org
O1 - Hosts: 67.228.223.62www.mp3hanesi.com
O1 - Hosts: 67.228.223.62www.mp3hanesi.net
O1 - Hosts: 67.228.223.62www.mp3hanesi.org
O1 - Hosts: 75.126.2.88 forumtr.com
O1 - Hosts: 75.126.2.88www.forumtr.com
O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ADPK] C:\PROGRA~1\ADPOPU~1\ADPOPU~1.EXE
O4 - HKCU\..\Run: [DeskCalc] "c:\program files\deskcalc pro\deskcalc.exe" /hide
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: &FlashGet ile indir - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Tümünü FlashGet ile indir - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AD Popup Killer - {9025307D-62EF-4695-BAC2-9DF246984533} - C:\PROGRA~1\ADPOPU~1\ADPopupKiller.exe
O9 - Extra 'Tools' menuitem: &ADPopupKiller - {9025307D-62EF-4695-BAC2-9DF246984533} - C:\PROGRA~1\ADPOPU~1\ADPopupKiller.exe
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 12022 bytes
ComboFix Log Dosyası
ComboFix 08-12-26.03 - haXan 2008-12-27 22:22:51.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1254.1.1055.18.2047.1129 [GMT 2:00]
Running from: c:\users\haXan\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 081227-0] *On-access scanning disabled* (Outdated)
FW: ZoneAlarm Pro Firewall *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\haXan\AppData\Roaming\BITS
c:\users\haXan\AppData\Roaming\BITS\BITS.ini
c:\users\haXan\AppData\Roaming\BITS\DHTTable.dat
c:\users\haXan\AppData\Roaming\BITS\ProxyList.ini
c:\users\haXan\AppData\Roaming\BITS\UPnP.ini
c:\windows\vmreg32.dll
D:\resycled
G:\resycled
.
((((((((((((((((((((((((( Files Created from 2008-11-27 to 2008-12-27 )))))))))))))))))))))))))))))))
.
2008-12-27 20:49 . 2008-12-27 20:51 <DIR> d-------- c:\program files\The Flash Ad Creator v2.5
2008-12-27 18:25 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe
2008-12-27 18:23 . 2008-12-27 21:51 <DIR> d-------- c:\program files\The Logo Creator v5
2008-12-27 16:33 . 2008-12-27 16:33 <DIR> d-------- c:\program files\Bonjour
2008-12-27 00:50 . 2008-12-27 00:50 67 --a------ c:\windows\ADPOPU~1.INI
2008-12-27 00:49 . 2008-12-27 00:49 <DIR> d-------- c:\program files\AD Popup Killer
2008-12-26 02:37 . 2008-12-26 02:37 <DIR> d-------- c:\users\All Users\Macromedia
2008-12-24 22:55 . 2008-12-24 22:55 <DIR> d-------- c:\windows\System32\FLIQLO dir
2008-12-24 22:55 . 2008-12-24 22:55 532,480 --a------ c:\windows\System32\FLIQLO.scr
2008-12-24 19:46 . 2008-12-24 19:46 <DIR> d-------- c:\users\All Users\WLInstaller
2008-12-24 19:46 . 2008-12-24 19:46 <DIR> d-------- c:\programdata\WLInstaller
2008-12-24 19:46 . 2008-12-24 19:49 <DIR> d-------- c:\program files\Windows Live
2008-12-24 19:46 . 2008-12-24 19:48 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-12-24 13:09 . 2008-12-24 13:09 <DIR> d--h----- c:\users\All Users\{76AA72E1-C501-4099-90B7-B7C19F09F53F}
2008-12-24 13:09 . 2008-12-24 13:09 <DIR> d--h----- c:\programdata\{76AA72E1-C501-4099-90B7-B7C19F09F53F}
2008-12-24 13:09 . 2008-12-24 13:09 <DIR> d-------- c:\program files\XPC Tools
2008-12-24 12:57 . 2008-12-24 12:57 <DIR> d-------- c:\program files\Microsoft IntelliType Pro
2008-12-24 12:55 . 2007-01-24 17:08 56,184 --a------ c:\windows\System32\drivers\SISAGPX.SYS
2008-12-24 12:48 . 2008-12-24 12:48 <DIR> d-------- c:\users\haXan\AppData\Roaming\ColorCop
2008-12-24 12:47 . 2008-12-24 12:47 <DIR> d-------- c:\program files\Driver-Soft
2008-12-24 12:47 . 2007-09-02 20:56 1,686,016 --a------ c:\windows\System32\clinetsuitex6.ocx
2008-12-24 12:47 . 2005-04-15 19:58 1,071,088 --a------ c:\windows\System32\MSCOMCTL.OCX
2008-12-24 12:47 . 2004-03-09 16:45 662,288 --a------ c:\windows\System32\MSCOMCT2.OCX
2008-12-24 12:47 . 2004-06-14 14:56 427,864 --a------ c:\windows\System32\XceedZip.dll
2008-12-24 12:06 . 2008-12-24 12:06 <DIR> d-------- c:\program files\RubyMicro Software
2008-12-24 11:21 . 2008-12-24 11:20 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-24 11:20 . 2008-12-24 11:20 <DIR> d-------- c:\program files\Java
2008-12-24 11:07 . 2008-12-24 11:08 <DIR> d-------- c:\users\All Users\SymplisIT
2008-12-24 11:07 . 2008-12-24 11:08 <DIR> d-------- c:\programdata\SymplisIT
2008-12-24 11:03 . 2008-12-24 12:06 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-24 11:03 . 2008-12-24 11:03 <DIR> d-------- c:\program files\SymplisIT
2008-12-24 01:23 . 2008-12-24 01:23 <DIR> d-------- C:\Driver
2008-12-24 01:23 . 2004-02-20 07:29 221,184 --a------ c:\windows\System32\SBSMiniDrv.dll
2008-12-24 01:23 . 2003-05-14 08:02 118,784 --a------ c:\windows\System32\MKCoInstaller.dll
2008-12-24 01:23 . 2003-02-19 01:38 17,504 --a------ c:\windows\System32\drivers\gt680x.sys
2008-12-24 01:23 . 2004-01-30 17:56 7,231 --a------ c:\windows\System32\drivers\SBSfw.usb
2008-12-24 01:04 . 2008-12-24 01:04 <DIR> d-------- c:\users\haXan\AppData\Roaming\ABBYY
2008-12-24 01:02 . 2008-12-24 01:03 <DIR> d-------- c:\program files\ABBYY FineReader 8.0 Professional Edition
2008-12-24 01:01 . 2008-12-24 01:01 <DIR> d-------- c:\temp\FR80PE
2008-12-24 01:01 . 2008-12-24 01:01 <DIR> d-------- C:\temp
2008-12-23 21:57 . 2008-12-23 21:57 <DIR> d-------- c:\users\All Users\TechSmith
2008-12-23 21:57 . 2008-12-23 21:57 <DIR> d-------- c:\programdata\TechSmith
2008-12-23 21:57 . 2008-12-23 21:57 <DIR> d-------- c:\program files\TechSmith
2008-12-23 21:52 . 2008-12-23 21:52 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-23 21:35 . 2008-12-23 21:35 311 --a------ c:\windows\pdf2word.INI
2008-12-23 21:33 . 2008-12-23 21:33 <DIR> d-------- c:\program files\VeryPDF PDF2Word v3.0
2008-12-23 19:34 . 2008-12-23 19:34 100,424 --ah----- c:\windows\System32\mlfcache.dat
2008-12-23 05:30 . 2008-12-12 03:53 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-19 17:27 . 2006-11-02 12:23 <DIR> dr------- c:\users\LogMeInRemoteUser\Videos
2008-12-19 17:27 . 2006-11-02 12:23 <DIR> d-------- c:\users\LogMeInRemoteUser\Saved Games
2008-12-19 17:27 . 2006-11-02 12:23 <DIR> dr------- c:\users\LogMeInRemoteUser\Pictures
2008-12-19 17:27 . 2006-11-02 12:23 <DIR> dr------- c:\users\LogMeInRemoteUser\Music
2008-12-19 17:27 . 2006-11-02 12:23 <DIR> dr------- c:\users\LogMeInRemoteUser\Links
2008-12-19 17:27 . 2006-11-02 12:23 <DIR> dr------- c:\users\LogMeInRemoteUser\Downloads
2008-12-19 17:27 . 2008-12-19 17:27 <DIR> dr------- c:\users\LogMeInRemoteUser\Documents
2008-12-19 17:27 . 2006-11-02 13:18 <DIR> d--h----- c:\users\LogMeInRemoteUser\AppData
2008-12-19 17:27 . 2008-12-19 17:27 <DIR> d-------- c:\users\LogMeInRemoteUser
2008-12-17 16:29 . 2008-12-17 16:29 <DIR> d-------- c:\users\All Users\DFX
2008-12-17 16:29 . 2008-12-17 16:29 <DIR> d-------- c:\programdata\DFX
2008-12-17 16:29 . 2008-12-17 16:29 <DIR> d-------- c:\program files\DFX
2008-12-17 16:27 . 2008-12-17 16:32 <DIR> d-------- c:\users\haXan\AppData\Roaming\Winamp
2008-12-17 16:27 . 2008-12-17 16:29 <DIR> d-------- c:\program files\Winamp
2008-12-17 16:27 . 2007-03-08 01:51 129,784 --------- c:\windows\System32\pxafs.dll
2008-12-17 15:31 . 2003-06-19 01:31 17,920 --a------ c:\windows\System32\mdimon.dll
2008-12-16 20:23 . 2008-12-16 20:24 <DIR> d-------- c:\users\haXan\AppData\Roaming\PC Suite
2008-12-16 20:23 . 2008-12-16 20:24 <DIR> d-------- c:\users\haXan\AppData\Roaming\Nokia
2008-12-16 20:23 . 2008-12-16 20:24 <DIR> d-------- c:\users\All Users\PC Suite
2008-12-16 20:23 . 2008-12-16 20:24 <DIR> d-------- c:\programdata\PC Suite
2008-12-16 20:21 . 2008-12-16 20:21 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-12-16 20:21 . 2008-12-16 20:21 <DIR> d-------- c:\program files\Common Files\Nokia
2008-12-16 20:20 . 2008-12-24 12:57 <DIR> d-------- c:\program files\DIFX
2008-12-16 20:20 . 2007-09-17 15:53 21,632 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2008-12-16 20:19 . 2008-12-16 20:19 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-12-16 20:16 . 2008-12-16 20:21 <DIR> d-------- c:\program files\Nokia
2008-12-16 20:16 . 2008-05-07 07:38 90,624 --a------ c:\windows\System32\nmwcdcls.dll
2008-12-16 20:15 . 2008-12-16 20:15 <DIR> d-------- c:\users\All Users\Installations
2008-12-16 20:15 . 2008-12-16 20:15 <DIR> d-------- c:\programdata\Installations
2008-12-16 16:22 . 2008-12-17 15:31 744 --a------ c:\windows\ODBC.INI
2008-12-16 16:20 . 2008-12-16 16:20 <DIR> d-------- c:\windows\PCHEALTH
2008-12-16 16:20 . 2008-12-16 16:20 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-16 15:43 . 2008-12-16 15:43 12,240,896 --a------ c:\windows\System32\NlsLexicons0007.dll
2008-12-16 15:42 . 2008-12-16 15:43 6,917,120 --a------ c:\windows\System32\NlsLexicons0c1a.dll
2008-12-16 15:42 . 2008-12-16 15:42 1,963,520 --a------ c:\windows\System32\NlsData0c1a.dll
2008-12-16 13:33 . 2008-12-16 13:33 <DIR> d-------- c:\users\haXan\AppData\Roaming\IrfanView
2008-12-16 13:33 . 2008-12-16 13:33 <DIR> d-------- c:\program files\IrfanView
2008-12-16 10:38 . 2008-12-16 10:38 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2008-12-16 10:37 . 2008-12-16 10:37 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-12-16 10:37 . 2008-12-16 10:37 272,896 --a------ c:\windows\System32\polstore.dll
2008-12-16 10:37 . 2008-12-16 10:37 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-12-16 10:37 . 2008-12-16 10:37 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-12-16 10:37 . 2008-12-16 10:37 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-12-16 10:37 . 2008-12-16 10:37 61,440 --a------ c:\windows\System32\winipsec.dll
2008-12-16 10:35 . 2008-12-16 10:35 205,824 --a------ c:\windows\System32\msoeacct.dll
2008-12-16 10:35 . 2008-12-16 10:35 87,040 --a------ c:\windows\System32\msoert2.dll
2008-12-16 10:35 . 2008-12-16 10:35 39,424 --a------ c:\windows\System32\ACCTRES.dll
2008-12-16 10:34 . 2008-12-16 10:34 1,655,289 --a------ c:\windows\System32\wlan.tmf
2008-12-16 10:34 . 2008-12-16 10:34 714,240 --a------ c:\windows\System32\timedate.cpl
2008-12-16 10:34 . 2008-12-16 10:34 704,000 --a------ c:\windows\System32\PhotoScreensaver.scr
2008-12-16 10:34 . 2008-12-16 10:34 542,720 --a------ c:\windows\System32\sysmain.dll
2008-12-16 10:34 . 2008-12-16 10:34 502,784 --a------ c:\windows\System32\wlansvc.dll
2008-12-16 10:34 . 2008-12-16 10:34 297,984 --a------ c:\windows\System32\wlansec.dll
2008-12-16 10:34 . 2008-12-16 10:34 290,816 --a------ c:\windows\System32\wlanmsm.dll
2008-12-16 10:34 . 2008-12-16 10:34 258,232 --a------ c:\windows\System32\drivers\acpi.sys
2008-12-16 10:34 . 2008-12-16 10:34 67,584 --a------ c:\windows\System32\wlanhlp.dll
2008-12-16 10:34 . 2008-12-16 10:34 47,104 --a------ c:\windows\System32\wlanapi.dll
2008-12-16 10:34 . 2008-12-16 10:34 24,064 --a------ c:\windows\System32\wtsapi32.dll
2008-12-16 10:32 . 2008-12-16 10:32 194,560 --a------ c:\windows\System32\WebClnt.dll
2008-12-16 10:32 . 2008-12-16 10:32 110,080 --a------ c:\windows\System32\drivers\mrxdav.sys
2008-12-16 10:30 . 2008-12-16 10:30 376,320 --a------ c:\windows\System32\winsrv.dll
2008-12-16 10:30 . 2008-12-16 10:30 49,664 --a------ c:\windows\System32\csrsrv.dll
2008-12-16 10:27 . 2008-12-16 10:27 297,472 --a------ c:\windows\System32\gdi32.dll
2008-12-16 10:26 . 2008-12-16 10:26 1,060,920 --a------ c:\windows\System32\drivers\ntfs.sys
2008-12-16 10:26 . 2008-12-16 10:26 41,984 --a------ c:\windows\System32\drivers\monitor.sys
2008-12-16 03:19 . 2008-12-16 03:19 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-12-16 03:18 . 2008-12-16 03:18 374,456 --a------ c:\windows\System32\mcupdate_GenuineIntel.dll
2008-12-16 03:17 . 2008-12-16 03:17 4,247,552 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-16 03:17 . 2008-12-16 03:17 1,687,040 --a------ c:\windows\System32\gameux.dll
2008-12-16 03:17 . 2008-12-16 03:17 268,800 --a------ c:\windows\System32\es.dll
2008-12-16 03:17 . 2008-12-16 03:17 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-16 03:16 . 2008-12-16 03:16 303,616 --a------ c:\windows\System32\wmpeffects.dll
2008-12-16 03:15 . 2008-12-16 03:15 2,027,520 --a------ c:\windows\System32\win32k.sys
2008-12-16 03:14 . 2008-12-16 03:14 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-12-16 03:14 . 2008-12-16 03:14 414,208 --a------ c:\windows\System32\msscp.dll
2008-12-16 03:14 . 2008-12-16 03:14 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-12-16 03:13 . 2008-12-16 03:13 8,147,968 --a------ c:\windows\System32\wmploc.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-27 18:50 167,485 ----a-w c:\program files\uninstal.log
2008-12-26 19:40 2,233,344 ----a-w c:\windows\Internet Logs\xDBE55A.tmp
2008-12-26 19:40 1,541,120 ----a-w c:\windows\Internet Logs\xDBDFB6.tmp
2008-12-23 08:52 493,056 ----a-w c:\windows\Internet Logs\xDBADE8.tmp
2008-12-16 13:50 --------- d-----w c:\program files\Windows Calendar
2008-12-16 13:43 9,892,864 ----a-w c:\windows\System32\NlsLexicons000a.dll
2008-12-16 08:47 174 --sha-w c:\program files\desktop.ini
2008-12-16 08:41 --------- d-----w c:\program files\Windows Mail
2008-12-16 08:41 --------- d-----w c:\program files\Windows Defender
2008-12-16 01:17 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-12-16 01:17 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-12-16 01:17 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-12-16 01:17 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-12-16 01:17 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-12-16 01:17 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-12-16 01:05 826,368 ----a-w c:\windows\System32\wininet.dll
2008-12-16 01:05 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-12-16 01:04 806,400 ----a-w c:\windows\system32\drivers\tcpip.sys
2008-12-16 01:04 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-12-16 01:04 29,184 ----a-w c:\windows\system32\drivers\BTHUSB.SYS
2008-12-16 01:04 24,064 ----a-w c:\windows\System32\netcfg.exe
2008-12-16 01:04 220,160 ----a-w c:\windows\system32\drivers\bthport.sys
2008-12-16 01:04 22,016 ----a-w c:\windows\System32\netiougc.exe
2008-12-16 01:04 217,144 ----a-w c:\windows\system32\drivers\netio.sys
2008-12-16 01:04 19,456 ----a-w c:\windows\system32\drivers\bthenum.sys
2008-12-16 01:04 181,760 ----a-w c:\windows\System32\fsquirt.exe
2008-12-16 01:04 167,424 ----a-w c:\windows\System32\tcpipcfg.dll
2008-12-15 22:00 1,883,648 ----a-w c:\windows\Internet Logs\xDBB354.tmp
2008-12-15 01:11 --------- d-----w c:\program files\Windows Sidebar
2008-12-15 01:05 996,352 ----a-w c:\windows\System32\WMNetMgr.dll
2008-12-15 01:05 98,816 ----a-w c:\windows\System32\mfps.dll
2008-12-15 01:05 94,720 ----a-w c:\windows\System32\logagent.exe
2008-12-15 01:05 84,992 ----a-w c:\windows\system32\drivers\srvnet.sys
2008-12-15 01:05 788,992 ----a-w c:\windows\System32\rpcrt4.dll
2008-12-15 01:05 58,368 ----a-w c:\windows\system32\drivers\mrxsmb20.sys
2008-12-15 01:05 52,736 ----a-w c:\windows\System32\rrinstaller.exe
2008-12-15 01:05 24,576 ----a-w c:\windows\System32\mfpmp.exe
2008-12-15 01:05 2,855,424 ----a-w c:\windows\System32\mf.dll
2008-12-15 01:05 2,048 ----a-w c:\windows\System32\mferror.dll
2008-12-15 01:05 130,048 ----a-w c:\windows\system32\drivers\srv2.sys
2008-12-15 01:05 101,888 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-12-14 23:06 --------- d-sh--w c:\programdata\Sık Kullanılanlar
2008-12-14 23:06 --------- d-sh--w c:\programdata\Belgeler
2008-11-07 12:23 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-10-16 18:35 23,736 ----a-w c:\windows\System32\lmimirr.dll
2008-10-16 18:35 10,040 ----a-w c:\windows\System32\lmimirr2.dll
2005-08-27 13:26 1,581,056 ----a-w c:\program files\SAFlashPlayer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeskCalc"="c:\program files\deskcalc pro\deskcalc.exe" [2008-01-21 3346432]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"DriverUpdaterPro"="c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe" [2008-05-10 2446848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-07-23 1994800]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-10-09 981904]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-13 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-13 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-13 81920]
"ADPK"="c:\progra~1\ADPOPU~1\ADPOPU~1.EXE" [2003-01-01 159744]
"P17RunE"="P17RunE.dll" [2007-04-09 c:\windows\System32\P17RunE.dll]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2008-11-06 7217480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\haXan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"DriverMagicLogon"="c:\program files\SymplisIT\DriverMagic\dmschedule.exe" /boot
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F7EC0CF9-FC74-40B8-AC65-86585E484AF7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2F019CA5-F5FD-4E06-BA33-9ABB78ED5B9F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{662D27CC-B92A-461F-B75A-8238D5595508}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{3EC1E11C-BE0D-482F-8B97-D0405E98F8AE}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"{2B3CC4DE-FAC4-4B0F-A689-7D2127133AFD}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.0
"{2C6DD40F-D5C7-43D9-8637-AF96E8C71724}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.0
"{B5896FD2-36A8-4BEF-AE63-100E8C5AD440}"= UDP:c:\program files\MSN Messenger\msncall.exe:Windows Live Messenger 8.0 (Phone)
"{12E9655C-02C7-4710-B673-F6A8791F6323}"= TCP:c:\program files\MSN Messenger\msncall.exe:Windows Live Messenger 8.0 (Phone)
"{7219E5C5-7D94-45D2-BDE7-9BB5B376D7F5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F4A3C4F7-7A61-4484-9293-8834111F02A2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5DFBEEBE-6FBF-4895-969D-73D0A6932E7B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\FlashGet.exe"= c:\program files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdate.exe"= c:\program files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdateEx.exe"= c:\program files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-15 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-15 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-12-15 51792]
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2008-12-15 47640]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-16 603904]
R3 LVHybrid;LVHybrid service;c:\windows\system32\DRIVERS\LVHybrid.sys [2005-07-25 800000]
S0 OemBiosDevice;Royalty OEM BIOS Extension;c:\windows\system32\DRIVERS\royal.sys [2008-12-15 240128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-12-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 22:36]
2008-12-27 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\haXan\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-15 04:07]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2008-12-27 22:27:03
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-12-27 22:32:47
ComboFix-quarantined-files.txt 2008-12-27 20:32:43
Pre-Run: 49.378.037.760 bayt boş
Post-Run: 48,916,516,864 bayt boş
292 --- E O F --- 2008-12-23 03:31:00
< Bu mesaj bu kişi tarafından değiştirildi haXan2849 -- 27 Aralık 2008; 23:23:13 >
-
quote:
Orjinalden alıntı: haXan2849
Sistem son birkaç gündür durduk yerde kilitleniyor. Bir uygulama çalıştırmaya çalıştığımda Sistem dosyaya erişemedi. ...Öğeye erişmek için gereken izinlere sahip olmayabilirsiniz. Uyarısı veriyor... Ctrl + Alt+ Del çalışmıyor yönetici izniniz yok diye hata veriyor...
Yardımınız için şimdiden teşekkürler.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: TT Jacker :)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
Malwarebytes Antimalware adlı programı indirin.
http://www.guvenlikuzmanim.com/dosyalar/mbam-setup.exe
* Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
* Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
* Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
* Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
* Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
* Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
* Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
* Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (bilgisayarınızı yeniden başlatmanız gerekebilir.)
* Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.
NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.
Ip işlemleri
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
