Üye Girişi
Bağlan Google+ ile Bağlan Facebook ile Bağlan
Yeni Kayıt
Tüm Forumlar
  • Tüm Forumlar
  • İşletim Sistemleri ve Yazılımlar
  • Yazılım Genel
  • Güvenlik Programları
  • Bu Konuda
Şimdi Ara

HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (382. sayfa)

Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Daha Fazla
Bu Konudaki Kullanıcılar: Daha Az
3 Misafir (1 Mobil) - 2 Masaüstü1 Mobil
5 sn
9.877
Cevap
17
Favori
1.238.788
Tıklama
Daha Fazla
İstatistik
  • Konu İstatistikleri Yükleniyor
Konuya Özel
0 oy
Öne Çıkar
Cevapla
Sayfa: önceki 380381382383384
Sayfaya Git
Git
sonraki
Giriş
Mesaj
  • Serci ilk basta yardımların ıcın tesekkur edeırm bende soyle bır hata vardı bılmemne yonergesınden bılmemne yonergesıne ulasılamıyor bellek read olmuor program sonlandırılacak dıye bı hata vardı senın bu programı ındırdım ve logları sana yolluorum lutfen yardım edın :(

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:14:29, on 28.05.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Documents and Settings\yasemin\Desktop\HiJackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://ui.skype.com/ui/0/2.0.0.97/tr/exitsurvey?
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    --
    End of file - 5064 bytes




  • quote:

    Orjinalden alıntı: baho92

    Biraz hızlı geçip gidiyor o mavi ekran onu durdurmanın yolu var mı?
    Çünkü okuyamıyorum ne olduğu sank bi Nvidia yazısı gördüm ama

    Bilgisayarim sag tiklayip ozellikler - gelismis - baslangic ve kurtarma altinda ayarlar - otomatik olarak yeniden baslat isaretini kaldridiktan sonra ekran otomatik gitmez.


    quote:

    Orjinalden alıntı: atalaycem

    Serci ilk basta yardımların ıcın tesekkur edeırm bende soyle bır hata vardı bılmemne yonergesınden bılmemne yonergesıne ulasılamıyor bellek read olmuor program sonlandırılacak dıye bı hata vardı senın bu programı ındırdım ve logları sana yolluorum lutfen yardım edın :(

    Burada bir sorun gozukmuyor. Hangi programda veriyor o hatayi?




  • quote:

    Orjinalden alıntı: serji



    quote:

    Orjinalden alıntı: atalaycem

    Serci ilk basta yardımların ıcın tesekkur edeırm bende soyle bır hata vardı bılmemne yonergesınden bılmemne yonergesıne ulasılamıyor bellek read olmuor program sonlandırılacak dıye bı hata vardı senın bu programı ındırdım ve logları sana yolluorum lutfen yardım edın :(

    Burada bir sorun gozukmuyor. Hangi programda veriyor o hatayi?


    Ilk basta yardımın ıcın cok tesekkur ederım. Benım sorun programda degıl Knıght Onlıne adlı oyunda yapıor daha 5 gune kadar hıc bır sorun yapmıordu cokda guzel oynuordum fakat 5 gunden berı yaklasık 2 saatde bır bellek read olmadı hatası alıorum. Bu sorunumu nasıl cozebılecegım hakkında bılgın varsa paylasırsan cok sevınırım tesekur ederım sımdıden.




  • Serji Knight Onlıne ısımlı oyunda bu hatayı alıorum 5 gun oncesıne kadar hıc bır sorun yoktu cokda rahat oynuordum ama taki bellek read olmadı dıyene kadar. Bılgısayara format attım olmadı ram bosalttım olmadı antı spw bı temızleme programı ıle temızledım olmadı :(
  • Merhabalar, öncelikle yararlı bilgiler için teşekkürler,

    attrib.exe ile başım belada bir çok attrib.exe dosyasi ayni anda calisiyor ve bilgisayarimda internet explorer bile acmakta zorlanıyorum..

    log dosyasi su sekilde ne yapmam gerekiyor

    Not: BU LOG DOSYASINI ALMADAN ONCE TUM ATTRIB.EXE 'LERI KAPADIM GÖREV YÖNETİCİSİNDEN






    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:48:29, on 28.05.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\WINDOWS\system32\attrib.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\ericcahs\Desktop\HiJackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyServer = 169.229.50.13:3127
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    Bağlantılar
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

    C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Betsson KEY - {071ABD1E-8652-4708-BA11-AB840BC1E95B} - C:\Program

    Files\Betsson\Betsson KEY\IE\BetssonKey.dll
    O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper -

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

    Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı -

    {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

    Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper -

    {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

    Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

    C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} -

    C:\PROGRA~1\FlashGet\getflash.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

    Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft

    ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [antisansurv1.1] C:\Program Files\Anti

    Sansur\antisansur.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite

    6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

    'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

    'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

    'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

    'Default user')
    O8 - Extra context menu item: Download All by FlashGet - C:\Program

    Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program

    Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Microsoft Excel'e Gö&nder -

    res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite -

    {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

    C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobil Sık Kullanılanı Oluştur... -

    {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

    C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet -

    {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer

    Class) -https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
    O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) -

    http://download.speakyweb.com/speakyldr.cab
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) -

    http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muwe

    b_site.cab?1148520451703
    O16 - DPF: {999E8DB8-16B2-45EE-A773-C4F6C0317849} -

    https://www.betsson08.com/v4/activex/tr/BetssonWBE.cab
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{76FABB2C-7760-4050-BCBF-0E6C4A3DEF78}:

    NameServer = 4.2.2.3,4.2.2.2
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{7C6C1450-708A-46FA-B3C2-1667391B00D2}:

    NameServer = 127.0.0.1
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{8446E749-5630-444E-BF0B-594C18835C28}:

    NameServer = 127.0.0.1
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{A7EB0263-F35B-4CE5-8F8A-916D224E3C0C}:

    NameServer = 127.0.0.1,127.0.0.1
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{C48D8782-6C6E-4598-83A0-2B15786C0D84}:

    NameServer = 127.0.0.1
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{CF7784F2-9441-456C-ADEE-7616D4362140}:

    NameServer = 127.0.0.1
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{DDD923BA-A64A-45B9-84EA-ACF736AFD881}:

    NameServer = 127.0.0.1
    O17 -

    HKLM\System\CS2\Services\Tcpip\..\{04D07701-DDE2-4BDF-A37E-5ECDE0489D95}:

    NameServer = 127.0.0.1
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

    C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: ????????P
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common

    Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common

    Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program

    Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation -

    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O24 - Desktop Component 0: (no name) -

    http://images.gittigidiyor.com/375/3758269_0.jpg

    --
    End of file - 6416 bytes



    < Bu mesaj bu kişi tarafından değiştirildi Genius -- 28 Mayıs 2009; 19:55:58 >




  • quote:

    Orjinalden alıntı: atalaycem

    Serji Knight Onlıne ısımlı oyunda bu hatayı alıorum 5 gun oncesıne kadar hıc bır sorun yoktu cokda rahat oynuordum ama taki bellek read olmadı dıyene kadar. Bılgısayara format attım olmadı ram bosalttım olmadı antı spw bı temızleme programı ıle temızledım olmadı :(

    Format atinca da olmadiysa programlarla ilgili bir problemdir. Format atinca duzelmesi gerekir ki duzelmedigine gore kurulu olan programlardan biri bu hataya sebep oluyordemektir.


    quote:

    Orjinalden alıntı: Genius

    Merhabalar, öncelikle yararlı bilgiler için teşekkürler,

    attrib.exe ile başım belada bir çok attrib.exe dosyasi ayni anda calisiyor ve bilgisayarimda internet explorer bile acmakta zorlanıyorum..

    log dosyasi su sekilde ne yapmam gerekiyor

    Not: BU LOG DOSYASINI ALMADAN ONCE TUM ATTRIB.EXE 'LERI KAPADIM GÖREV YÖNETİCİSİNDEN

    ComboFix adlı programı masaüstünüze indirin.

    http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe

    1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
    2. antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
    3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
    4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
    5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
    6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
    7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
    8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
    9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.




  • Serji bunada bi bakarmısın...Saygı ve sevgiler..


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:20:18, on 30.05.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Faronics\Deep Freeze\Install C-1\DF5Serv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Faronics\Deep Freeze\Install C-1\_$Df\FrzState2k.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\HHVcdV6Sys\VC6SecS.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\PROGRAMLAR\TİREND MİCRO HİJACK THİS\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
    O4 - HKCU\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
    O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
    O8 - Extra context menu item: &FlashGet ile indir - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
    O8 - Extra context menu item: &Tümünü Flashget ile indir - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
    O9 - Extra button: Ağ trafiği koruma istatistikleri - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221599815843
    O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} (JaguarEditControl-ISBANK) -https://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv27.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C1EFDF30-F5D3-470A-A8AE-4E29DBFA8812}: NameServer = 192.168.2.1
    O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll
    O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    O23 - Service: CBRContentFilter - Unknown owner - c:\CBR\Webjinihome\wrapper.exe
    O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-1\DF5Serv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Virtual CD v6 Management Service (VC6SecS) - H+H Software GmbH - C:\Program Files\HHVcdV6Sys\VC6SecS.exe
    O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

    --
    End of file - 6818 bytes




  • quote:

    Orjinalden alıntı: f5s5b5


    Serji bunada bi bakarmısın...Saygı ve sevgiler..


    Bir sorun gozukmuyor.
  • Selam serji bilgisayarım çok yavaşladı.. ve ilginçtir ki klavyeyle birşeyler yazarken bazen bazı harfleri yazmıyor .. klavye sorunsuz..
  • quote:

    Orjinalden alıntı: ozzyouz

    Selam serji bilgisayarım çok yavaşladı.. ve ilginçtir ki klavyeyle birşeyler yazarken bazen bazı harfleri yazmıyor .. klavye sorunsuz..

    Guvenli modda ayni sorunlar var mi?
  • usta ben anlayamadım şimdi win32:jefoo var pc de bu konuya yönlendirdiler.Bir de fix derken ?nasıl fix liycez?


    aha bu da log

    quote:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:32:01, on 31.05.2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16830)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\Ali Haydar\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.explorerstartpage.com/spage.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.explorerstartpage.com/spage.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 58.227.194.87:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoca.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoca.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoca.dll
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
    O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: HP Akıllı Seçim - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O13 - DefaultPrefix:http://www.myhottersearchbox.com/not_found_tr/?url=
    O13 - WWW Prefix:http://www.myhottersearchbox.com/not_found_tr/?url=
    O13 - Gopher Prefix:
    O15 - Trusted Zone:http://click.getmirar.com (HKLM)
    O15 - Trusted Zone:http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone:http://redirect.mirarsearch.com (HKLM)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

    --
    End of file - 6307 bytes




  • quote:

    Orjinalden alıntı: Cy[B]eR Sp[A]cE

    usta ben anlayamadım şimdi win32:jefoo var pc de bu konuya yönlendirdiler.Bir de fix derken ?nasıl fix liycez?


    aha bu da log

    Bitdefender Antivirus 2009 indirip tarattiktan sonra virusleri temizler. Bir dene bakalim.
  • quote:

    Orjinalden alıntı: serji


    quote:

    Orjinalden alıntı: ozzyouz

    Selam serji bilgisayarım çok yavaşladı.. ve ilginçtir ki klavyeyle birşeyler yazarken bazen bazı harfleri yazmıyor .. klavye sorunsuz..

    Guvenli modda ayni sorunlar var mi?

    yok .. ne yapılabilir hızlandırma için

    edit :

    bunları buldu ;

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:51:12, on 31.05.2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\explorer.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    E:\program yeni\HiJackThis.exe
    C:\Windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Oğuzhan
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Web trafiği koruması istatistikleri - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
    O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} -http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?TR (file missing)
    O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} -http://www.amazon.co.uk/exec/obidos/redirect-home?&site=home (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} -http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?TR (file missing)
    O13 - Gopher Prefix:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D00227D5-BF59-46AE-80EF-07C5945A0A81}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 9789 bytes



    < Bu mesaj bu kişi tarafından değiştirildi yaniyorsunfuatabi -- 31 Mayıs 2009; 17:51:14 >




  • quote:

    Orjinalden alıntı: ozzyouz

    yok .. ne yapılabilir hızlandırma için

    edit :

    bunları buldu ;

    O zaman acilista calisan programlardan birinde sorun vardir.
  • Logfile of HijackThis v1.99.1
    Scan saved at 20:12:55, on 5/31/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20772)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Eset\nod32.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis log temizleme.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Sık Kullanılanlar
    O1 - Hosts: TT Jacker :)
    O1 - Hosts: 195.8.214.141 dailymotion.com
    O1 - Hosts: 195.8.214.142 dailymotion.com
    O1 - Hosts: 195.8.214.140www.dailymotion.com
    O1 - Hosts: 208.117.236.70 youtube.com
    O1 - Hosts: 208.117.236.70www.youtube.com
    O1 - Hosts: 74.125.65.118 img.youtube.com
    O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
    O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
    O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
    O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
    O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
    O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
    O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
    O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
    O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
    O1 - Hosts: 67.228.223.62 mp3hanesi.com
    O1 - Hosts: 67.228.223.62 mp3hanesi.net
    O1 - Hosts: 67.228.223.62 mp3hanesi.org
    O1 - Hosts: 67.228.223.62www.mp3hanesi.com
    O1 - Hosts: 67.228.223.62www.mp3hanesi.net
    O1 - Hosts: 67.228.223.62www.mp3hanesi.org
    O1 - Hosts: 75.126.2.88 forumtr.com
    O1 - Hosts: 75.126.2.88www.forumtr.com
    O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
    O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
    O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
    O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
    O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
    O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
    O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
    O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
    O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
    O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
    O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
    O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
    O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
    O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
    O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
    O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
    O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
    O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
    O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
    O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
    O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
    O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
    O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
    O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
    O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
    O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
    O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
    O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
    O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
    O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
    O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
    O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
    O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
    O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
    O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
    O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
    O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
    O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
    O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
    O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
    O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
    O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
    O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
    O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
    O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
    O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
    O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
    O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
    O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
    O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
    O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
    O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
    O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
    O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
    O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
    O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
    O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
    O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
    O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
    O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
    O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
    O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
    O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
    O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
    O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
    O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
    O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
    O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
    O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
    O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
    O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
    O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
    O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
    O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
    O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
    O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
    O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: TBSB00283 - {38D0411E-EDDC-4F74-9647-DB013CF69E8F} - C:\Program Files\ETi Craxla\ETi Craxla!\tbcore3.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: ETi Craxla! - {435E30BF-C217-4969-BD75-7307565E693A} - C:\Program Files\ETi Craxla\ETi Craxla!\tbcore3.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
    O4 - HKLM\..\Run: [Syswin] Syswin.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe



    hocam şuna da bakarsanız memnun olurum




  • quote:

    Orjinalden alıntı: denizkubi
    hocam şuna da bakarsanız memnun olurum

    * HijackThis adlı programı açın.
    * Do a system scan only seçeneğine tıklayın.
    * Aşağıdaki satırları işaretleyin. 

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Sık Kullanılanlar 
      O1 - Hosts: TT Jacker :)  
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll 
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll 
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll  
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"  
      O4 - HKLM\..\Run: [Syswin] Syswin.exe 
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


    * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı Adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.

    ComboFix adlı programı masaüstünüze indirin.

    http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe

    1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
    2. antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
    3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
    4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
    5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
    6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
    7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
    8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
    9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin. 




  • ComboFix 09-05-31.05 - T C 01.06.2009 13:42.16 - NTFSx86 
      Microsoft Windows XP Professional  5.1.2600.2.1254.90.1055.18.1015.688 [GMT 3:00] 
      Running from: c:\documents and settings\T C\Desktop\ComboFix.exe 
      AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B} 
       
      WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! 
      . 
       
      (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))) 
      . 
       
      c:\windows\system32\scrrntr.dll 
       
      . 
      (((((((((((((((((((((((((   Files Created from 2009-05-01 to 2009-06-01  ))))))))))))))))))))))))))))))) 
      . 
       
      2009-05-29 16:18 . 2009-05-29 16:18	--------	d-----w-	C:\NVIDIA 
      2009-05-29 11:53 . 2001-08-17 18:02	9600	-c--a-w-	c:\windows\system32\dllcache\hidusb.sys 
      2009-05-29 11:53 . 2001-08-17 18:02	9600	----a-w-	c:\windows\system32\drivers\hidusb.sys 
      2009-05-22 16:27 . 2009-05-22 16:27	--------	d-----w-	c:\program files\VeryPDF PDF2Word v3.0 
      2009-05-22 15:08 . 2009-05-22 15:08	--------	d-----w-	c:\documents and settings\T C\Local Settings\Application Data\ATI 
      2009-05-22 15:08 . 2009-05-22 15:08	--------	d-----w-	c:\documents and settings\T C\Application Data\ATI 
      2009-05-22 15:06 . 2009-05-22 15:32	--------	d-----w-	c:\program files\ATI Technologies 
      2009-05-22 15:06 . 2009-06-01 10:28	--------	d-----w-	c:\program files\BitDefender 
      2009-05-22 15:06 . 2009-05-22 15:06	--------	d--h--w-	c:\program files\InstallShield Installation Information 
      2009-05-22 12:02 . 2009-05-22 12:02	--------	d-----w-	C:\ATI 
      2009-05-20 15:21 . 2009-05-20 16:53	--------	d-----w-	c:\program files\VS Revo Group 
      2009-05-18 19:08 . 2009-05-25 11:49	--------	d-----w-	c:\documents and settings\T C\Application Data\LimeWire 
      2009-05-18 19:07 . 2009-05-18 19:07	410984	----a-w-	c:\windows\system32\deploytk.dll 
      2009-05-18 19:07 . 2009-05-18 19:07	--------	d-----w-	c:\program files\Java 
      2009-05-18 19:07 . 2009-05-18 19:07	152576	----a-w-	c:\documents and settings\T C\Application Data\Sun\Java\jre1.6.0_11\lzma.dll 
      2009-05-13 08:57 . 2009-05-13 08:57	--------	d-----w-	c:\documents and settings\T C\Application Data\FUJIFILM 
      2009-05-12 16:28 . 2005-11-28 05:56	139264	----a-r-	c:\windows\system32\igfxres.dll 
       
      . 
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) 
      . 
      2009-06-01 10:39 . 2001-11-22 11:00	73218	----a-w-	c:\windows\system32\perfc01F.dat 
      2009-06-01 10:39 . 2001-11-22 11:00	391842	----a-w-	c:\windows\system32\perfh01F.dat 
      2009-06-01 06:43 . 2008-12-31 16:15	--------	d-----w-	c:\documents and settings\T C\Application Data\uTorrent 
      2009-05-21 18:59 . 2008-12-31 11:07	--------	d-----w-	c:\program files\USB Disk Security 
      2009-05-20 16:09 . 2008-12-31 11:16	--------	d-----w-	c:\program files\Common Files\InstallShield 
      2009-05-20 15:19 . 2009-04-20 07:38	81984	----a-w-	c:\windows\system32\bdod.bin 
      2009-05-12 17:03 . 2009-03-17 17:35	--------	d-----w-	c:\documents and settings\T C\Application Data\dvdcss 
      2009-05-12 14:14 . 2009-04-13 10:19	--------	d-----w-	c:\program files\Red Eye Pilot 
      2009-05-12 14:14 . 2009-04-13 10:20	--------	d-----w-	c:\documents and settings\T C\Application Data\RedEyePilot 
      2009-05-12 09:31 . 2009-03-06 19:19	--------	d-----w-	c:\documents and settings\T C\Application Data\GetRight 
      2009-05-11 20:35 . 2009-02-20 13:15	--------	d-----w-	c:\program files\AutoShutdown 
      2009-05-05 13:48 . 2009-01-05 10:54	68384	----a-w-	c:\documents and settings\T C\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 
      2009-04-30 15:42 . 2009-03-09 12:04	--------	d-----w-	c:\program files\Web Page Maker V2 
      2009-04-28 17:30 . 2009-04-20 09:25	--------	d-----w-	c:\program files\Nanjing Swansoft 
      2009-04-28 17:10 . 2009-04-28 17:10	--------	d-----w-	c:\program files\Philips 
      2009-04-22 13:12 . 2009-04-22 09:22	--------	d-----w-	c:\program files\Logitech 
      2009-04-22 09:37 . 2009-04-22 09:22	--------	d-----w-	c:\program files\Common Files\Logitech 
      2009-04-22 09:20 . 2009-04-21 18:29	--------	d-----w-	c:\documents and settings\All Users\Application Data\Logishrd 
      2009-04-21 18:29 . 2009-04-21 18:29	--------	d-----w-	c:\documents and settings\All Users\Application Data\Logitech 
      2009-04-21 14:08 . 2009-04-16 10:17	--------	d-----w-	c:\program files\RegCleaner 
      2009-04-21 10:25 . 2009-04-21 10:25	135	----a-w-	c:\documents and settings\T C\Local Settings\Application Data\fusioncache.dat 
      2009-04-20 17:35 . 2009-04-01 15:56	--------	d-----w-	c:\program files\AutoCAD 2004 
      2009-04-20 07:34 . 2009-04-20 07:34	--------	d-----w-	c:\documents and settings\T C\Application Data\BitDefender 
      2009-04-20 06:59 . 2009-04-20 06:59	--------	d-----w-	c:\program files\ABBYY FineReader 4.0 Sprint 
      2009-04-20 06:57 . 2009-04-20 06:57	--------	d-----w-	c:\program files\BearPaw 2400CU Plus 
      2009-04-15 08:19 . 2009-04-15 08:19	--------	d-----w-	c:\documents and settings\T C\Application Data\Malwarebytes 
      2009-04-15 08:19 . 2009-04-15 08:19	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes 
      2009-04-13 10:51 . 2009-04-03 19:36	--------	d-----w-	c:\program files\Doctus 
      2009-04-06 09:44 . 2009-04-06 09:43	--------	d-----w-	c:\program files\Allok Video to 3GP Converter 
      2009-04-06 09:02 . 2009-04-06 09:00	--------	d-----w-	c:\program files\AVI DivX to DVD SVCD VCD Converter 
      2009-04-06 08:44 . 2009-04-06 08:40	--------	d-----w-	c:\program files\Allok Video Splitter 
      2009-03-06 14:45 . 2004-08-03 20:45	282624	----a-w-	c:\windows\system32\pdh.dll 
      2009-01-23 10:09 . 2009-01-23 10:09	2	--shatr-	c:\windows\winstart.bat 
      . 
       
      ------- Sigcheck ------- 
       
      [-] 2008-04-14 16:00	1571840	043873D830016BB0F1E7759F7BCEDE81	c:\windows\SoftwareDistribution\Download\31d7b774df1570be3bd6cc99092a4043\sfcfiles.dll 
      [-] 2008-12-29 14:06	1548288	5DBFC36FC0C9BDC8B7615143F422CC9B	c:\windows\system32\sfcfiles.dll 
      . 
      (((((((((((((((((((((((((((((   SnapShot@2009-06-01_10.22.20   ))))))))))))))))))))))))))))))))))))))))) 
      . 
      - 2001-11-22 11:00 . 2009-05-29 10:59	63266              c:\windows\system32\perfc009.dat 
      + 2001-11-22 11:00 . 2009-06-01 10:39	63266              c:\windows\system32\perfc009.dat 
      + 2001-11-22 11:00 . 2009-06-01 10:39	403664              c:\windows\system32\perfh009.dat 
      - 2001-11-22 11:00 . 2009-05-29 10:59	403664              c:\windows\system32\perfh009.dat 
      . 
      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) 
      . 
      . 
      *Note* empty entries & legit default entries are not shown  
      REGEDIT4 
       
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] 
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
      "USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2009-04-16 798720] 
       
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] 
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] 
       
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] 
      "usnjsvc"=3 (0x3) 
      "ose"=3 (0x3) 
      "C-DillaCdaC11BA"=2 (0x2) 
      "VSSERV"=2 (0x2) 
      "LIVESRV"=2 (0x2) 
      "JavaQuickStarterService"=2 (0x2) 
       
      [HKEY_LOCAL_MACHINE\software\microsoft\security center] 
      "AntiVirusDisableNotify"=dword:00000001 
      "UpdatesDisableNotify"=dword:00000001 
       
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] 
      "%windir%\\system32\\sessmgr.exe"= 
      "c:\\Program Files\\uTorrent\\uTorrent.exe"= 
      "c:\\Program Files\\Messenger\\msmsgs.exe"= 
      "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= 
      "c:\\Program Files\\MSN Messenger\\livecall.exe"= 
       
      S2 BDVEDISK;BDVEDISK;\??\c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys --> c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [?] 
      S3 Arrakis3;BitDefender Arrakis Server;"c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe" --> c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [?] 
       
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] 
      bdx	REG_MULTI_SZ   	scan 
      . 
      . 
      ------- Supplementary Scan ------- 
      . 
      uStart Page = hxxp://www.google.com.tr/ 
      TCP: {225BF9D4-9CF4-4BB9-B386-2206DD9DC885} = 192.168.119.2,192.168.119.1 
      FF - ProfilePath - c:\documents and settings\T C\Application Data\Mozilla\Firefox\Profiles\qs66javf.default\ 
      . 
       
      ************************************************************************** 
       
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net 
      Rootkit scan 2009-06-01 13:44 
      Windows 5.1.2600 Service Pack 2 NTFS 
       
      scanning hidden processes ...   
       
      scanning hidden autostart entries ...  
       
      scanning hidden files ...   
       
      scan completed successfully 
      hidden files:  
       
      ************************************************************************** 
      . 
      Completion time: 2009-06-01 13:44 
      ComboFix-quarantined-files.txt  2009-06-01 10:44 
      ComboFix2.txt  2009-06-01 10:31 
      ComboFix3.txt  2009-06-01 10:22 
      ComboFix4.txt  2009-05-20 15:03 
      ComboFix5.txt  2009-06-01 10:42 
       
      Pre-Run: 10.335.399.936 bayt boş 
      Post-Run: 10.321.850.368 bayt boş 
       
      135	--- E O F ---	2009-04-27 10:27




  • Bu bir arkadaşımın 
    ComboFix 09-05-31.05 - Ugur 01.06.2009 18:04.1 - NTFSx86 
      Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1254.90.1055.18.3036.1522 [GMT 3:00] 
      Running from: c:\downloads\ComboFix.exe 
      FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} 
      SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} 
      SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60} 
       * Created a new restore point 
      . 
       
      (((((((((((((((((((((((((   Files Created from 2009-05-01 to 2009-06-01  ))))))))))))))))))))))))))))))) 
      . 
       
      2009-05-30 18:57 . 2009-05-30 18:57	0	----a-w-	c:\users\Ugur\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe 
      2009-05-30 11:11 . 2008-01-21 02:25	1203792	----a-w-	c:\programdata\SecTaskMan\_enviewlist.dll 
      2009-05-30 11:11 . 2008-01-21 02:24	798720	----a-w-	c:\programdata\SecTaskMan\_entreelist.dll 
      2009-05-30 11:11 . 2009-05-30 11:11	10	----a-w-	c:\programdata\SecTaskMan\icn_2796D899E85FD9742984F871E955EA83.dll 
      2009-05-30 11:11 . 2009-05-30 11:14	--------	d-----w-	c:\programdata\SecTaskMan 
      2009-05-30 11:11 . 2009-05-30 11:11	--------	d-----w-	c:\program files\Security Task Manager 
      2009-05-30 02:08 . 2009-05-30 02:08	--------	d-----w-	c:\users\Ugur\AppData\Roaming\Media Player Classic 
      2009-05-26 22:02 . 2009-05-26 22:25	--------	d-----w-	c:\users\Ugur\AppData\Local\Rockstar Games 
      2009-05-26 21:59 . 2009-05-26 21:59	--------	d-----w-	c:\windows\system32\xlive 
      2009-05-26 21:59 . 2009-05-26 22:12	--------	d-----w-	c:\program files\Microsoft Games for Windows - LIVE 
      2009-05-25 23:09 . 2009-05-25 23:13	--------	d-----w-	c:\program files\Windows Live Safety Center 
      2009-05-24 13:11 . 2009-05-24 13:11	--------	d-----w-	c:\users\Ugur\AppData\Roaming\Notepad++ 
      2009-05-24 13:11 . 2009-05-24 13:11	--------	d-----w-	c:\program files\Notepad++ 
      2009-05-24 01:16 . 2009-05-24 01:16	--------	d-----w-	c:\windows\SQL9_KB960089_ENU 
      2009-05-23 12:00 . 2009-05-23 12:26	--------	d-----w-	c:\programdata\Spybot - Search & Destroy 
      2009-05-23 12:00 . 2009-05-23 12:00	--------	d-----w-	c:\program files\Spybot - Search & Destroy 
      2009-05-21 23:07 . 2009-05-21 23:07	--------	d-----w-	c:\users\Ugur\AppData\Roaming\Auslogics 
      2009-05-21 23:07 . 2009-05-21 23:07	--------	d-----w-	c:\program files\Auslogics 
      2009-05-21 10:29 . 2009-05-21 10:29	--------	d-----w-	c:\users\Ugur\AppData\Roaming\CSOdessa 
      2009-05-21 10:27 . 2009-05-21 10:27	--------	d-----w-	c:\program files\ConceptDraw Office 
      2009-05-19 22:23 . 2009-05-30 19:17	--------	d-----w-	c:\users\Ugur\AppData\Roaming\FrostWire 
      2009-05-19 22:22 . 2009-05-19 22:23	--------	d-----w-	c:\program files\FrostWire 
      2009-05-14 17:28 . 2009-05-14 17:28	--------	d-----w-	c:\users\Ugur\AppData\Local\PunkBuster 
      2009-05-14 17:09 . 2009-05-14 17:09	--------	d-----w-	c:\users\Ugur\AppData\Local\Activision 
      2009-05-14 17:07 . 2009-05-16 22:46	138464	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys 
      2009-05-14 17:06 . 2009-05-14 17:06	22328	----a-w-	c:\users\Ugur\AppData\Roaming\PnkBstrK.sys 
      2009-05-14 17:06 . 2009-05-16 22:44	111928	----a-w-	c:\windows\system32\PnkBstrB.exe 
      2009-05-14 17:06 . 2009-05-14 17:06	682280	----a-w-	c:\windows\system32\pbsvc.exe 
      2009-05-14 17:06 . 2009-05-14 17:06	66872	----a-w-	c:\windows\system32\PnkBstrA.exe 
      2009-05-12 13:13 . 2009-05-30 16:00	--------	d-----w-	c:\users\Ugur\workspace2 
      2009-05-11 17:40 . 2009-05-11 17:40	--------	d-----w-	c:\users\Ugur\AppData\Local\Opera 
      2009-05-11 17:40 . 2009-05-11 17:40	--------	d-----w-	c:\program files\Opera 
      2009-05-10 21:31 . 2007-10-23 06:27	110592	----a-w-	c:\users\Ugur\AppData\Roaming\U3\temp\cleanup.exe 
      2009-05-10 21:13 . 2008-05-02 07:41	3493888	---ha-w-	c:\users\Ugur\AppData\Roaming\U3\temp\Launchpad Removal.exe 
      2009-05-10 21:13 . 2009-05-10 21:31	--------	d-----w-	c:\users\Ugur\AppData\Roaming\U3 
      2009-05-03 20:11 . 2008-12-03 08:53	521472	----a-w-	c:\users\Ugur\AppData\Roaming\Mozilla\Firefox\Profiles\8yisedij.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll 
       
      . 
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) 
      . 
      2009-06-01 13:06 . 2008-01-21 06:25	731528	----a-w-	c:\windows\system32\perfh01F.dat 
      2009-06-01 13:06 . 2008-01-21 06:25	164482	----a-w-	c:\windows\system32\perfc01F.dat 
      2009-06-01 12:59 . 2009-04-28 09:25	350192	---ha-w-	c:\windows\system32\drivers\vsconfig.xml 
      2009-05-30 22:17 . 2009-05-30 22:19	1512960	----a-w-	c:\windows\Internet Logs\xDB7C02.tmp 
      2009-05-30 20:03 . 2009-05-03 22:16	4359351	----a-w-	c:\windows\Internet Logs\tvDebug.Zip 
      2009-05-30 20:02 . 2009-05-30 20:03	1512448	----a-w-	c:\windows\Internet Logs\xDB847A.tmp 
      2009-05-30 12:05 . 2009-05-30 12:06	1511936	----a-w-	c:\windows\Internet Logs\xDB7676.tmp 
      2009-05-30 11:17 . 2009-04-21 22:36	12	----a-w-	c:\windows\bthservsdp.dat 
      2009-05-30 11:03 . 2009-04-30 19:00	--------	d-----w-	c:\users\Ugur\AppData\Roaming\uTorrent 
      2009-05-30 00:36 . 2009-05-30 00:37	1507840	----a-w-	c:\windows\Internet Logs\xDB74B2.tmp 
      2009-05-26 22:13 . 2009-04-23 13:11	--------	d--h--r-	c:\users\Ugur\AppData\Roaming\SecuROM 
      2009-05-26 21:21 . 2009-01-16 21:07	--------	d--h--w-	c:\program files\InstallShield Installation Information 
      2009-05-24 01:17 . 2009-04-26 12:21	--------	d-----w-	c:\program files\Microsoft SQL Server 
      2009-05-23 23:08 . 2009-05-23 23:10	1480192	----a-w-	c:\windows\Internet Logs\xDB9165.tmp 
      2009-05-20 22:30 . 2009-05-20 22:35	1282560	----a-w-	c:\windows\Internet Logs\xDBE677.tmp 
      2009-05-18 14:43 . 2009-05-18 14:44	1464320	----a-w-	c:\windows\Internet Logs\xDB72BE.tmp 
      2009-05-16 22:41 . 2009-05-16 22:42	1462784	----a-w-	c:\windows\Internet Logs\xDB733B.tmp 
      2009-05-14 19:26 . 2009-05-14 19:28	1470464	----a-w-	c:\windows\Internet Logs\xDB2B82.tmp 
      2009-05-14 00:00 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail 
      2009-05-10 20:15 . 2009-05-10 20:17	1447424	----a-w-	c:\windows\Internet Logs\xDB8D60.tmp 
      2009-05-09 23:50 . 2009-04-29 22:51	--------	d-----w-	c:\users\Ugur\AppData\Roaming\TinyPad 
      2009-05-09 23:45 . 2009-05-09 23:47	1446912	----a-w-	c:\windows\Internet Logs\xDB2599.tmp 
      2009-05-05 07:06 . 2009-05-05 13:40	1440256	----a-w-	c:\windows\Internet Logs\xDB98C5.tmp 
      2009-05-01 13:37 . 2009-05-01 13:37	--------	d-----w-	c:\programdata\Office Genuine Advantage 
      2009-05-01 09:21 . 2009-01-16 21:21	--------	d-----w-	c:\programdata\Microsoft Help 
      2009-04-30 19:00 . 2009-04-30 19:00	--------	d-----w-	c:\program files\uTorrent 
      2009-04-30 18:49 . 2009-04-30 18:49	--------	d-----w-	c:\users\Ugur\AppData\Roaming\JCreator 
      2009-04-30 18:49 . 2009-04-30 18:49	--------	d-----w-	c:\programdata\JCreator 
      2009-04-30 18:49 . 2009-04-30 18:49	--------	d-----w-	c:\program files\Xinox Software 
      2009-04-30 15:18 . 2009-04-30 15:18	0	----a-w-	c:\users\Ugur\AppData\Roaming\wklnhst.dat 
      2009-04-30 15:18 . 2009-04-30 15:18	--------	d-----w-	c:\users\Ugur\AppData\Roaming\Template 
      2009-04-30 00:21 . 2009-04-30 00:21	--------	d-----w-	c:\users\Ugur\AppData\Roaming\Thinstall 
      2009-04-29 22:51 . 2009-04-29 22:51	--------	d-----w-	c:\program files\TinyPad Team 
      2009-04-29 15:23 . 2009-04-29 15:23	--------	d-----w-	c:\program files\PCSpim 
      2009-04-29 14:59 . 2009-04-28 10:09	--------	d-----w-	c:\program files\Microsoft Silverlight 
      2009-04-28 13:08 . 2009-04-28 13:08	44384	----a-w-	c:\windows\system32\drivers\tifsfilt.sys 
      2009-04-28 13:08 . 2009-04-28 13:08	441760	----a-w-	c:\windows\system32\drivers\timntr.sys 
      2009-04-28 13:08 . 2009-04-28 13:08	129248	----a-w-	c:\windows\system32\drivers\snapman.sys 
      2009-04-28 13:08 . 2009-04-28 13:08	368544	----a-w-	c:\windows\system32\drivers\tdrpman.sys 
      2009-04-28 13:08 . 2009-04-23 00:52	--------	d-----w-	c:\program files\Common Files\Acronis 
      2009-04-28 13:07 . 2009-04-22 18:12	--------	d-----w-	c:\program files\Acronis 
      2009-04-28 10:55 . 2009-04-28 10:06	--------	d-----w-	c:\program files\Microsoft Visual Studio 9.0 
      2009-04-28 10:55 . 2009-04-28 10:55	--------	d-----w-	c:\program files\Microsoft Synchronization Services 
      2009-04-28 10:55 . 2009-01-16 21:45	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition 
      2009-04-28 10:55 . 2009-04-28 10:55	187328	----a-w-	c:\programdata\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll 
      2009-04-28 10:54 . 2009-04-28 10:07	416	----a-w-	c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll 
      2009-04-28 10:44 . 2009-04-21 16:00	71352	----a-w-	c:\users\Ugur\AppData\Local\GDIPFONTCACHEV1.DAT 
      2009-04-28 10:08 . 2009-04-28 10:08	488576	----a-w-	c:\programdata\Microsoft\VWDExpress\9.0\1033\ResourceCache.dll 
      2009-04-28 10:05 . 2009-04-28 10:05	--------	d-----w-	c:\program files\Microsoft Web Designer Tools 
      2009-04-28 10:03 . 2009-04-28 10:03	--------	d-----w-	c:\program files\Microsoft SDKs 
      2009-04-28 10:03 . 2009-04-28 10:02	--------	d-----w-	c:\program files\NetBeans 6.5.1 
      2009-04-28 09:25 . 2009-04-28 09:25	--------	d-----w-	c:\program files\Zone Labs 
      2009-04-28 09:23 . 2009-04-28 09:23	--------	d-----w-	c:\programdata\CheckPoint 
      2009-04-27 21:09 . 2009-04-26 13:00	--------	d-----w-	c:\program files\Microsoft Visual Studio 8 
      2009-04-27 17:31 . 2009-04-27 17:30	--------	d-----w-	c:\program files\Winamp 
      2009-04-27 17:30 . 2009-04-27 16:04	--------	d-----w-	c:\users\Ugur\AppData\Roaming\Winamp 
      2009-04-27 17:30 . 2009-04-27 17:30	--------	d-----w-	c:\program files\Common Files\PX Storage Engine 
      2009-04-27 17:28 . 2009-04-27 17:28	--------	d-----w-	c:\users\Ugur\AppData\Roaming\Logitech 
      2009-04-27 17:28 . 2009-04-27 17:26	--------	d-----w-	c:\programdata\Logitech 
      2009-04-27 17:26 . 2009-04-23 01:45	--------	d-----w-	c:\program files\Common Files\Logishrd 
      2009-04-27 17:26 . 2009-04-27 17:26	--------	d-----w-	c:\program files\Logitech 
      2009-04-27 14:39 . 2009-04-27 14:39	--------	d-----w-	c:\program files\ESET 
      2009-04-27 14:33 . 2009-04-27 14:33	--------	d-----w-	c:\programdata\McAfee 
      2009-04-26 13:37 . 2009-04-26 13:37	--------	d-----w-	c:\users\Ugur\AppData\Roaming\Flood Light Games 
      2009-04-26 13:37 . 2009-04-26 13:37	--------	d-----w-	c:\programdata\Flood Light Games 
      2009-04-26 13:00 . 2009-04-26 13:00	--------	d-----w-	c:\program files\Common Files\Merge Modules 
      2009-04-26 12:52 . 2009-04-26 12:52	--------	d-----w-	c:\program files\SQLXML 4.0 
      2009-04-26 12:50 . 2009-01-16 21:22	--------	d-----w-	c:\program files\Microsoft.NET 
      2009-04-26 12:47 . 2009-04-26 12:47	--------	d-----w-	c:\program files\Microsoft Analysis Services 
      2009-04-26 11:55 . 2009-01-16 21:33	--------	d-----w-	c:\program files\Google 
      2009-04-25 19:19 . 2009-04-21 16:24	--------	d-----w-	c:\programdata\CyberLink 
      2009-04-25 19:19 . 2009-04-21 16:27	--------	d-----w-	c:\users\Ugur\AppData\Roaming\PowerCinema 
      2009-04-25 16:57 . 2009-04-25 16:57	--------	d-----w-	c:\program files\Sun 
      2009-04-25 16:57 . 2009-04-25 16:57	410984	----a-w-	c:\windows\system32\deploytk.dll 
      2009-04-25 16:57 . 2009-04-25 16:57	--------	d-----w-	c:\program files\Java 
      2009-04-24 00:18 . 2009-04-24 00:18	--------	d-----w-	c:\program files\NeoSmart Technologies 
      2009-04-23 20:15 . 2009-04-23 13:35	--------	d-----w-	c:\program files\nLite 
      2009-04-23 16:34 . 2009-04-23 16:33	--------	d-----w-	c:\program files\BurnAware Free 
      2009-04-23 15:06 . 2009-04-23 15:06	--------	d-----w-	c:\users\Ugur\AppData\Roaming\Ubisoft 
      2009-04-23 15:05 . 2009-04-23 15:05	--------	d-----w-	c:\programdata\Ubisoft 
      2009-04-23 11:15 . 2009-04-23 11:15	107888	----a-w-	c:\windows\system32\CmdLineExt.dll 
      2009-04-23 01:47 . 2009-04-23 01:47	--------	d-----w-	c:\programdata\LogiShrd 
      2009-04-23 01:46 . 2009-04-23 01:46	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 
      2009-04-23 01:46 . 2009-04-23 01:46	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 
      2009-04-23 01:33 . 2009-04-23 01:05	1392304	----a-w-	c:\windows\system32\AutoPartNt.exe 
      2009-04-23 00:01 . 2009-01-16 21:22	--------	d-----w-	c:\program files\Microsoft Works 
      2009-04-22 23:54 . 2009-04-22 23:54	--------	d-----w-	c:\program files\DAEMON Tools 
      2009-04-22 23:48 . 2009-04-22 23:48	680	----a-w-	c:\users\Ugur\AppData\Local\d3d9caps.dat 
      2009-04-22 20:12 . 2009-01-16 21:09	--------	d-----w-	c:\program files\Realtek 
      2009-04-22 19:48 . 2009-04-22 17:45	--------	d-----w-	c:\users\Ugur\AppData\Roaming\BSplayer PRO 
      2009-04-22 18:15 . 2009-04-22 18:15	682232	----a-w-	c:\windows\system32\drivers\sptd.sys 
      2009-04-22 18:10 . 2009-04-22 18:10	--------	d-----w-	c:\program files\K-Lite Codec Pack 
      2009-04-22 17:45 . 2009-04-22 17:43	--------	d-----w-	c:\program files\FlashGet 
      2009-04-22 17:45 . 2009-04-22 17:45	--------	d-----w-	c:\program files\Webteh 
      2009-04-22 17:44 . 2009-04-22 17:44	--------	d-----w-	c:\users\Ugur\AppData\Roaming\FlashGet 
      2009-04-22 17:43 . 2009-04-22 17:29	--------	d-----w-	c:\program files\PowerQuest 
      2009-04-22 17:00 . 2009-04-22 17:00	167376	----a-w-	c:\users\Ugur\AppData\Roaming\Mozilla\Firefox\Profiles\8yisedij.default\FlashGot.exe 
      2009-04-22 16:58 . 2009-04-22 16:58	0	----a-w-	c:\windows\nsreg.dat 
      2009-04-22 16:57 . 2009-04-22 16:57	--------	d-----w-	c:\program files\7-Zip 
      2009-04-22 15:33 . 2009-04-22 15:32	--------	d-----w-	c:\users\Ugur\AppData\Roaming\SoftDMA 
      . 
       
      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) 
      . 
      . 
      *Note* empty entries & legit default entries are not shown  
      REGEDIT4 
       
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] 
      @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" 
      [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 
      2008-07-29 15:52	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll 
       
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] 
      "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784] 
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-21 68856] 
      "RGSC"="d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-05-26 306088] 
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
      "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808] 
      "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-16 30192] 
      "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-11-28 417792] 
      "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 544768] 
      "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896] 
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] 
      "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] 
      "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] 
      "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896] 
      "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672] 
      "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-10-08 147456] 
      "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-10-08 167936] 
      "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-10-17 167936] 
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-25 148888] 
      "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400] 
      "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384] 
      "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 2595616] 
      "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 909208] 
      "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 140568] 
      "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-09-18 6294048] 
      "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304] 
       
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ 
      Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-23 727592] 
      Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-27 809488] 
       
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] 
      "EnableUIADesktopToggle"= 0 (0x0) 
       
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] 
      "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll 
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] 
      @="Service" 
       
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] 
      "DisableMonitoring"=dword:00000001 
       
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] 
      "EnableFirewall"= 0 (0x0) 
       
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] 
      "{FF4886EB-0E19-4253-B6D0-1B85908A0A2A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote 
      "{74DA89E2-3303-4957-B927-E0849E34AADA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote 
      "{FB5EF705-DE05-42AC-9E62-0F70EC15703E}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe 
      "{B1EEDD10-0807-4CC8-B387-790189E7F65E}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe 
      "{84D7F033-1B2C-488C-AD5D-BE97AFC3E09C}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe 
      "{E568BFBE-6570-44BD-93E7-181D6E4DAA99}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe 
      "{CB682EC2-0001-4982-997D-73BAA665D3DB}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector 
      "{FC3D25A8-AAFB-45E5-90BE-2D1CB45F1F03}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe 
      "{F88C59B8-96FD-4246-91ED-1ACA1A1C6947}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie 
      "{F9E16516-D03A-496A-A65A-2BD55C879CAC}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program 
      "{3D0D1E50-7E06-44AD-BD92-ED79F08D2FCE}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia 
      "{B85CC428-1F96-4104-86DC-CE0818F5128E}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync 
      "{F004315A-D537-47D8-A0C0-BA056F4DA567}"= UDP:d:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 
      "{227C3AF8-EA31-41FE-B4A7-7106BC5D0839}"= TCP:d:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 
      "{2FA1C996-C108-4067-A065-D821C427326A}"= UDP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater 
      "{2DE5D694-F3DC-4676-B955-A9AAEA10C279}"= TCP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater 
      "{D05EB374-3EA0-4873-A5FA-FE2337B1C861}"= UDP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor 
      "{3DE7FE73-514F-4406-B0EB-51B56C919D7A}"= TCP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor 
      "{01B54DCF-7BCE-4B23-8FCC-4E73AF7711DF}"= UDP:d:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 
      "{F01E3856-D427-4D8C-AD15-AB7F96398BC1}"= TCP:d:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 
      "{7A08160A-8858-4DCF-B820-E97DCDFA741A}"= UDP:d:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 
      "{E7ECE499-9165-4ED7-BECB-87600C5264EF}"= TCP:d:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 
      "{7B0A6579-6717-4C0F-A894-743DF614ABA0}"= UDP:d:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update 
      "{63258A6D-E32A-4CAE-A394-5B7C31377D17}"= TCP:d:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update 
      "TCP Query User{F3FB5AF1-816E-4A33-8195-D59BEA93B257}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet 
      "UDP Query User{A65AF6E0-0F0C-4920-B726-F3DCBB1EF6F5}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet 
      "{0DD9C5E2-8364-4DCC-B311-F91C336F5CE3}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) 
      "{8DCDD3D2-3559-4218-99BC-F8C29C359B11}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) 
      "{969DC6D0-9E8C-4971-845F-8E94DE6AECF4}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA 
      "{4A58E19E-C9AF-4AB7-ADD7-F6B2E02EE9EE}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA 
      "{FD552695-A842-4958-8012-A62AEC6B4F0D}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB 
      "{EA330064-3F05-4B94-902E-AC643DBE8715}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB 
      "{DD7C26EA-D7B9-4795-9605-0AFB133F28ED}"= UDP:d:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM) 
      "{ADE29001-9764-48DC-83FD-B44EFEBDDB87}"= TCP:d:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM) 
      "{58872732-CA66-4552-A465-A9AB08873640}"= UDP:d:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM) 
      "{19257F45-94DA-4FC5-A06B-3E0526ADD05E}"= TCP:d:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM) 
      "{D59D7693-C053-4A69-A3B1-B31E648E6D18}"= UDP:d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club 
      "{1DBBDCA6-8DA3-4AE8-9B49-78ACA10A6827}"= TCP:d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club 
      "{3065FCA0-7EF6-4E3B-891B-3465CC801620}"= UDP:d:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV 
      "{BA682523-0BE4-464A-B726-898C401F1697}"= TCP:d:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV 
       
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] 
      "EnableFirewall"= 0 (0x0) 
       
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] 
      "EnableFirewall"= 0 (0x0) 
       
      R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [06.02.2009 14:23 106208] 
      R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [21.04.2009 19:28 69632] 
      R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06.02.2009 14:23 727720] 
      R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [06.02.2009 14:24 92800] 
      R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [17.01.2009 00:32 24576] 
      R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [10.02.2007 05:23 206192] 
      R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [23.09.2008 15:11 144632] 
      R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [17.01.2009 08:19 47104] 
      R3 NETw5v32;Windows Vista 32 Bit için Intel(R) Wireless WiFi Link Bağdaştırıcı Sürücüsü ;c:\windows\System32\drivers\NETw5v32.sys [17.01.2009 08:19 3658752] 
      R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28.03.2007 08:51 43008] 
      S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [22.02.2007 19:53 2217416] 
      S3 A310;AVerMedia A310 DVB-T;c:\windows\System32\drivers\AVerA310USB.sys [17.01.2009 08:19 26752] 
      S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\System32\drivers\AVerA310Cap.sys [17.01.2009 08:19 47104] 
      S3 GoogleDesktopManager-092308-165331;Google Desktop Yöneticisi 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [17.01.2009 00:33 30192] 
      S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [23.09.2008 15:11 50424] 
      S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [22.02.2007 18:39 2808664] 
       
      --- Other Services/Drivers In Memory --- 
       
      *Deregistered* - sptd 
       
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] 
      bthsvcs	REG_MULTI_SZ   	BthServ 
       
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] 
      "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP 
      . 
      Contents of the 'Scheduled Tasks' folder 
       
      2009-05-31 c:\windows\Tasks\User_Feed_Synchronization-{3A68D667-7EA3-4EA5-A8EF-E7FEF07B740C}.job 
      - c:\windows\system32\msfeedssync.exe [2009-04-29 11:31] 
      . 
      - - - - ORPHANS REMOVED - - - - 
       
      HKLM-Run-eRecoveryService - (no file) 
      SafeBoot-procexp90.Sys 
       
       
      . 
      ------- Supplementary Scan ------- 
      . 
      uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041f&s=2&o=vp32&d=0409&m=aspire_6930g 
      mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041f&s=2&o=vp32&d=0409&m=aspire_6930g 
      uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s 
      IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm 
      IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm 
      IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 
      IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm 
      IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm 
      Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll 
      FF - ProfilePath - c:\users\Ugur\AppData\Roaming\Mozilla\Firefox\Profiles\8yisedij.default\ 
      FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ 
      FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll 
      FF - plugin: c:\users\Ugur\AppData\Roaming\Mozilla\Firefox\Profiles\8yisedij.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll 
      . 
       
      ************************************************************************** 
       
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net 
      Rootkit scan 2009-06-01 18:10 
      Windows 6.0.6001 Service Pack 1 NTFS 
       
      scanning hidden processes ...   
       
      scanning hidden autostart entries ...  
       
      scanning hidden files ...   
       
      scan completed successfully 
      hidden files: 0 
       
      ************************************************************************** 
       
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msftesql] 
      "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER" 
      . 
      --------------------- LOCKED REGISTRY KEYS --------------------- 
       
      [HKEY_USERS\S-1-5-21-2515397995-1580025248-2578165498-1000\Software\SecuROM\License information*] 
      "datasecu"=hex:b2,16,4a,9d,06,84,0d,b1,91,d6,9f,64,f6,99,38,84,03,dd,7e,23,db, 
         87,73,3f,30,b9,29,65,49,41,eb,2d,32,2d,18,46,89,d1,9d,85,d8,4c,11,b0,03,3d,\ 
      "rkeysecu"=hex:84,06,94,9c,9c,c4,85,81,04,8b,75,2d,d2,e9,40,54 
       
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings] 
      @Denied: (A) (Users) 
      @Denied: (A) (Everyone) 
      @Allowed: (B 1 2 3 4 5) (S-1-5-20) 
      "BlindDial"=dword:00000000 
      . 
      --------------------- DLLs Loaded Under Running Processes --------------------- 
       
      - - - - - - - > 'lsass.exe'(920) 
      c:\windows\system32\relog_ap.dll 
       
      - - - - - - - > 'Explorer.exe'(3248) 
      c:\program files\FlashGet\fgmgr.dll 
      c:\program files\Logitech\SetPoint\lgscroll.dll 
      c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll 
      c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll 
      c:\windows\system32\btmmhook.dll 
      c:\windows\System32\SysHook.dll 
      . 
      Completion time: 2009-06-01 18:11 
      ComboFix-quarantined-files.txt  2009-06-01 15:11 
       
      Pre-Run: 7.886.508.032 bayt boş 
      Post-Run: 11.700.244.480 bayt boş 
       
      Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10 
      331	--- E O F ---	2009-05-28 15:57




  • Zahmet veriyorum özür diliyorum öncelikle: pc imde herhangi bi zararlı var mı acaba? Hiç Sebep yokken internet kesilmesi yaşanıyor ve nadiren bazı programlar sapıtıyor mesela:Opera browserda yazı dahi yazamıyorum laf dinlemiyor...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:17:05, on 01.06.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\TUProgSt.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231861309125
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231861550843
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2B162CEF-0864-42E2-817A-B81094AA4938}: NameServer = 208.67.222.222,208.67.220.220
    O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

    --
    End of file - 6212 bytes



    < Bu mesaj bu kişi tarafından değiştirildi hernando -- 1 Haziran 2009; 20:29:54 >




  • Benimkinede bakarmısınız zahmet olmassa hocam ve benim virüs yerel disk d: deydi combofix ve hijackthis ile tarama yaptım
    Combofix 
    ComboFix 09-05-31.06 - XPlus 2009 01.07.2008  2:25.1 - NTFSx86 
      Microsoft Windows XP Professional  5.1.2600.3.1254.90.1055.18.2047.1613 [GMT 3:00] 
      Running from: c:\documents and settings\XPlus 2009\Belgelerim\Downloads\Programs\ComboFix.exe 
       
      WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! 
      . 
       
      (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))) 
      . 
       
      c:\windows\system32\msconfig.exe 
      c:\windows\system32\scrrntr.dll 
       
      . 
      (((((((((((((((((((((((((   Files Created from 2008-05-28 to 2008-06-30  ))))))))))))))))))))))))))))))) 
      . 
       
      No new files created in this timespan 
       
      . 
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) 
      . 
      2009-05-31 23:21 . 2009-05-31 23:21	--------	d-----w-	c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 
      2009-05-31 22:59 . 2009-05-31 22:59	--------	d-----w-	c:\documents and settings\XPlus 2009\Application Data\DAEMON Tools Pro 
      2009-05-31 22:59 . 2009-05-31 22:07	721904	----a-w-	c:\windows\system32\drivers\sptd.sys 
      2009-05-31 22:58 . 2009-05-31 22:58	--------	d-----w-	c:\documents and settings\XPlus 2009\Application Data\URSoft 
      2009-05-31 22:39 . 2009-05-31 22:39	--------	d-----w-	c:\program files\A4Tech 
      2009-05-31 22:18 . 2009-05-31 22:18	--------	d-----w-	c:\documents and settings\XPlus 2009\Application Data\ViStart 
      2009-05-31 22:18 . 2009-05-31 22:18	12272	----a-w-	c:\documents and settings\XPlus 2009\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 
      2009-05-31 22:18 . 2009-05-31 22:02	--------	d-----w-	c:\program files\VistaExperience.org 
      2009-05-31 22:13 . 2008-04-15 10:00	79760	----a-w-	c:\windows\system32\perfc01F.dat 
      2009-05-31 22:13 . 2008-04-15 10:00	425278	----a-w-	c:\windows\system32\perfh01F.dat 
      2009-05-31 22:13 . 2009-05-31 22:13	62552	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 
      2009-05-31 22:12 . 2009-05-31 22:12	--------	d-----w-	c:\program files\MSBuild 
      2009-05-31 22:12 . 2009-05-31 22:12	--------	d-----w-	c:\program files\Reference Assemblies 
      2009-05-31 22:10 . 2009-05-31 22:16	--------	d-----w-	c:\documents and settings\XPlus 2009\Application Data\Xentient 
      2009-05-31 22:10 . 2009-05-31 22:10	--------	d-----w-	c:\documents and settings\Default User\Application Data\Xentient 
      2009-05-31 22:10 . 2009-05-31 22:10	--------	d-----w-	c:\program files\Microsoft Silverlight 
      2009-05-31 22:09 . 2009-05-31 22:09	--------	d-----w-	c:\program files\XPlus Live! 2009 
      2009-05-31 22:09 . 2009-05-31 22:09	--------	d-----w-	c:\program files\RocketDock 
      2009-05-31 22:09 . 2009-05-31 22:16	71680	----a-w-	c:\documents and settings\XPlus 2009\GLB1C4C.tmp 
      2009-05-31 22:09 . 2009-05-31 22:14	71680	----a-w-	c:\windows\system32\config\systemprofile\GLB1C4C.tmp 
      2009-05-31 22:09 . 2009-05-31 22:09	71680	----a-w-	c:\documents and settings\Default User\GLB1C4C.tmp 
      2009-05-31 22:09 . 2009-05-31 22:09	--------	d-----w-	c:\program files\MTU 
      2009-05-31 22:08 . 2009-05-31 22:08	410984	----a-w-	c:\windows\system32\deploytk.dll 
      2009-05-31 22:08 . 2009-05-31 22:08	--------	d-----w-	c:\program files\Java 
      2009-05-31 22:07 . 2009-05-31 22:07	--------	d-----w-	c:\program files\D-Tools 
      2009-05-31 22:07 . 2009-05-31 22:00	--------	d-----w-	c:\program files\Windows Sidebar 
      2009-05-31 22:06 . 2009-05-31 22:06	--------	d-----w-	c:\program files\Alky for Applications 
      2009-05-31 22:04 . 2009-05-31 22:04	21736	----a-w-	c:\windows\system32\emptyregdb.dat 
      2009-05-31 21:59 . 2009-05-31 21:59	--------	d-----w-	c:\program files\System 
      2009-05-31 21:59 . 2009-05-31 21:59	--------	d-----w-	c:\program files\Windows Media Connect 2 
      2009-04-09 12:21 . 2009-04-09 12:21	94360	----a-w-	c:\windows\system32\drivers\epfwtdir.sys 
      2009-04-09 12:18 . 2009-04-09 12:18	107256	----a-w-	c:\windows\system32\drivers\ehdrv.sys 
      2009-04-09 12:10 . 2009-04-09 12:10	113960	----a-w-	c:\windows\system32\drivers\eamon.sys 
      2009-03-26 15:35 . 2009-05-27 10:22	210352	----a-w-	c:\windows\system32\idmmbc.dll 
      2009-03-20 13:56 . 2008-06-29 23:35	357182	----a-w-	c:\windows\reset.exe 
      2009-02-18 11:43 . 2009-02-18 11:43	243024	----a-w-	c:\windows\system32\LSPInstall.dll 
      2009-02-18 11:43 . 2009-02-18 11:43	111960	----a-w-	c:\windows\system32\INetHTTPFilter.dll 
      2009-02-06 15:52 . 2009-02-06 15:52	49504	----a-w-	c:\windows\system32\sirenacm.dll 
      2009-01-29 22:47 . 2009-01-29 22:47	3186	----a-w-	c:\windows\system32\presetup.cmd 
      2009-01-29 22:47 . 2009-01-29 22:47	28672	----a-w-	c:\windows\system32\setupold.exe 
      2009-01-29 22:18 . 2009-01-29 22:18	3630592	----a-w-	c:\windows\system32\logonui.exe 
      2009-01-29 20:13 . 2009-01-29 20:13	8007168	----a-w-	c:\windows\system32\winntbbu.dll 
      2009-01-29 14:03 . 2009-01-29 14:03	361600	----a-w-	c:\windows\system32\drivers\tcpip.sys 
      2009-01-29 14:03 . 2009-01-29 14:03	218624	----a-w-	c:\windows\system32\uxtheme.dll 
      2009-01-29 14:03 . 2009-01-29 14:03	163840	----a-w-	c:\windows\system32\sfc_os.dll 
      2009-01-29 14:02 . 2009-01-29 14:03	3688960	----a-w-	c:\windows\system32\syssetup.dll 
      2009-01-29 13:57 . 2009-01-29 13:57	773120	----a-w-	c:\windows\system32\ss3dfo.scr 
      2009-01-29 13:57 . 2009-01-29 13:57	69632	----a-w-	c:\windows\system32\ssstars.scr 
      2009-01-29 13:57 . 2009-01-29 13:57	69632	----a-w-	c:\windows\system32\ssmarque.scr 
      2009-01-29 13:57 . 2009-01-29 13:57	57344	----a-w-	c:\windows\system32\ssmyst.scr 
      2009-01-29 13:57 . 2009-01-29 13:57	294912	----a-w-	c:\windows\system32\ssbezier.scr 
      2009-01-29 13:57 . 2009-01-29 13:57	118845	----a-w-	c:\windows\system32\ssflwbox.scr 
      2009-01-29 13:57 . 2009-01-29 13:57	117248	----a-w-	c:\windows\system32\sspipes.scr 
      2009-01-29 13:57 . 2009-01-29 13:57	244224	----a-w-	c:\windows\system32\logon.scr 
      2009-01-29 13:54 . 2009-01-29 13:54	181760	----a-w-	c:\windows\system32\wintrust.dll 
      2009-01-29 13:54 . 2009-01-29 13:54	285696	----a-w-	c:\windows\system32\winsrv.dll 
      2009-01-29 13:54 . 2009-05-31 21:59	118784	----a-w-	c:\windows\system32\winmine.exe 
      2009-01-29 13:54 . 2009-05-31 21:59	18944	----a-w-	c:\windows\system32\wbem\winmgmt.exe 
      2009-01-29 13:54 . 2009-01-29 13:54	961536	----a-w-	c:\windows\system32\wininet.dll 
      2009-01-29 13:54 . 2009-01-29 13:54	557056	----a-w-	c:\windows\system32\winlogon.exe 
      2009-01-29 13:54 . 2009-01-29 13:54	357376	----a-w-	c:\windows\winhlp32.exe 
      2009-01-29 13:54 . 2009-01-29 13:54	2870784	----a-w-	c:\windows\system32\winbrand.dll 
      2009-01-29 13:54 . 2009-01-29 13:54	2510848	----a-w-	c:\windows\system32\wiashext.dll 
      2009-01-29 13:54 . 2009-01-29 13:54	7769600	----a-w-	c:\windows\system32\wiadefui.dll 
      2009-01-29 13:54 . 2009-01-29 13:54	1085952	----a-w-	c:\windows\system32\wiaacmgr.exe 
      2009-01-29 13:54 . 2009-01-29 13:54	409088	----a-w-	c:\windows\system32\wextract.exe 
      2009-01-29 13:54 . 2009-05-31 21:58	296448	----a-w-	c:\windows\system32\wbem\wbemcntl.dll 
      2009-01-29 13:52 . 2009-01-29 13:52	891904	----a-w-	c:\windows\system32\shdoclc.dll 
      2009-01-29 13:52 . 2009-01-29 13:52	3767808	----a-w-	c:\windows\system32\setupapi.dll 
      2009-01-29 13:50 . 2009-05-31 22:04	323072	----a-w-	c:\windows\system32\mstask.dll 
      2009-01-29 13:49 . 2009-01-29 13:49	397312	----a-w-	c:\windows\system32\mmcbase.dll 
      2009-01-29 13:48 . 2009-01-29 13:48	428032	----a-w-	c:\windows\system32\fsquirt.exe 
      2009-01-29 13:47 . 2009-01-29 13:47	362496	----a-w-	c:\windows\system32\appmgr.dll 
      2009-01-29 13:47 . 2009-01-29 13:47	97280	----a-w-	c:\windows\system32\ahui.exe 
      2009-01-29 13:47 . 2009-01-29 13:47	87552	----a-w-	c:\windows\system32\admparse.dll 
      2009-01-29 13:47 . 2009-05-31 22:05	102400	----a-w-	c:\windows\system32\acctres.dll 
      2009-01-29 13:47 . 2009-05-31 21:59	393728	----a-w-	c:\windows\system32\accwiz.exe 
      2009-01-29 13:41 . 2009-01-29 13:41	16384	----a-w-	c:\windows\system32\lcid.exe 
      2009-01-29 13:39 . 2009-01-29 13:39	633344	----a-w-	c:\windows\system32\gpprefcl.dll 
      2009-01-29 13:38 . 2009-01-29 13:38	225856	----a-w-	c:\windows\system32\drivers\tcpip6.sys 
      2009-01-29 13:37 . 2009-01-29 13:37	542720	----a-w-	c:\windows\system32\blackbox.dll 
      2009-01-29 13:37 . 2009-01-29 13:37	6656	----a-w-	c:\windows\system32\asferror.dll 
      2009-01-29 13:37 . 2009-01-29 13:37	68096	----a-w-	c:\windows\system32\adsmsext.dll 
      2009-01-29 13:37 . 2009-01-29 13:37	176128	----a-w-	c:\windows\system32\adsldp.dll 
      2009-01-29 13:37 . 2009-01-29 13:37	138496	----a-w-	c:\windows\system32\drivers\afd.sys 
      2009-01-29 09:38 . 2009-05-31 21:59	165888	----a-w-	c:\windows\system32\sndvol32.exe 
      2009-01-27 17:57 . 2009-01-27 17:57	2413568	----a-w-	c:\windows\system32\netshell.dll 
      2009-01-27 17:57 . 2009-01-27 17:57	436224	----a-w-	c:\windows\system32\mydocs.dll 
      2009-01-27 17:55 . 2009-01-27 17:55	2465280	----a-w-	c:\windows\explorer.exe 
      2009-01-25 09:38 . 2009-01-25 09:38	15012864	----a-w-	c:\windows\system32\wmploc.dll 
      2008-10-31 02:14 . 2009-06-01 00:50	117888	----a-w-	c:\windows\system32\drivers\Rtenicxp.sys 
      2008-10-27 07:04 . 2009-05-31 22:08	514384	----a-w-	c:\windows\system32\xaudio2_3.dll 
      2008-10-27 07:04 . 2009-05-31 22:08	235856	----a-w-	c:\windows\system32\xactengine3_3.dll 
      2008-10-27 07:04 . 2009-05-31 22:08	23376	----a-w-	c:\windows\system32\x3daudio1_5.dll 
      2008-10-27 07:04 . 2009-05-31 22:08	70992	----a-w-	c:\windows\system32\xapofx1_2.dll 
      2008-10-10 01:52 . 2009-05-31 22:08	4379984	----a-w-	c:\windows\system32\d3dx9_40.dll 
      2008-10-10 01:52 . 2009-05-31 22:08	452440	----a-w-	c:\windows\system32\d3dx10_40.dll 
      2008-10-10 01:52 . 2009-05-31 22:08	2036576	----a-w-	c:\windows\system32\d3dcompiler_40.dll 
      2008-07-31 13:41 . 2009-05-31 22:08	238088	----a-w-	c:\windows\system32\xactengine3_2.dll 
      2008-07-31 13:41 . 2009-05-31 22:08	68616	----a-w-	c:\windows\system32\xapofx1_1.dll 
      . 
       
      ------- Sigcheck ------- 
       
      [-] 2009-01-29 13:53	639488	B3A28AB23450EBFEAB3CEE207B97EAA5	c:\windows\system32\user32.dll 
       
      [-] 2009-01-29 13:54	961536	7DB6F0697620EB3E0B1F4309AA8CF3C8	c:\windows\system32\wininet.dll 
       
      [-] 2009-01-29 14:03	361600	038CA45522FE9B756EFB90DBFA9141EA	c:\windows\system32\drivers\tcpip.sys 
       
      [-] 2009-01-29 13:54	557056	106267D1B1188EBD7FA9A95B6ABCAEBA	c:\windows\system32\winlogon.exe 
       
      [-] 2009-01-29 14:05	2186752	25EC936928F733C8F43749E76A59BE25	c:\windows\system32\ntkrnlpa.exe 
       
      [-] 2009-01-29 13:51	2308096	8B50C48D9E3F4D1FDD43012F2832DEE1	c:\windows\system32\ntoskrnl.exe 
       
      [-] 2009-01-27 17:55	2465280	F69BE296372DB752B498899D261DFB2D	c:\windows\explorer.exe 
       
      [-] 2009-01-29 13:48	40960	CBC8C36E4610EE06EBEBBEC153364B52	c:\windows\system32\ctfmon.exe 
      . 
      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) 
      . 
      . 
      *Note* empty entries & legit default entries are not shown  
      REGEDIT4 
       
      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}] 
      2009-05-20 04:26	429800	----a-w-	c:\program files\kikin\ie_kikin.dll 
       
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
      "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] 
      "TransBar"="c:\program files\XPlus Live! 2009\TransBar\TransBar.exe" [2005-06-01 186368] 
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-11-23 1248256] 
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-01-29 40960] 
      "IDMan"="c:\programlar\Internet Download Manager\IDMan.exe" [2008-06-30 2815408] 
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448] 
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016] 
      "RightClick Menu"="c:\windows\system32\mmm.exe" [2005-07-05 828416] 
      "Vistart"="c:\program files\XPlus Live! 2009\vistart\vistart.exe" [2008-07-02 581632] 
      "Visual Task"="c:\program files\XPlus Live! 2009\VisualTask\VisualTask.exe" [2006-05-28 36864] 
      "WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 241664] 
      "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640] 
      "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696] 
      "ParetoLogic Anti-Virus PLUS"="c:\programlar\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" [2008-06-30 1968] 
      "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-11-12 1630208] 
       
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] 
      "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] 
      "TransBar"="c:\program files\XPlus Live! 2009\TransBar\TransBar.exe" [2005-06-01 186368] 
       
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] 
      "ShowDeskFix"="shell32" [X] 
      "_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-01-29 124928] 
       
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] 
      "NoSMMyPictures"= 1 (0x1) 
      "NoStartMenuMyMusic"= 1 (0x1) 
      "NoSMConfigurePrograms"= 1 (0x1) 
       
      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] 
      "NoSMHelp"= 1 (0x1) 
      "NoSMConfigurePrograms"= 1 (0x1) 
      "ForceClassicControlPanel"= 1 (0x1) 
      "NoResolveTrack"= 1 (0x1) 
       
      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] 
      "NoSMHelp"= 1 (0x1) 
      "NoSMConfigurePrograms"= 1 (0x1) 
      "ForceClassicControlPanel"= 1 (0x1) 
      "NoResolveTrack"= 1 (0x1) 
       
      [HKEY_LOCAL_MACHINE\software\microsoft\security center] 
      "AntiVirusDisableNotify"=dword:00000001 
       
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] 
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"= 
      "%windir%\\system32\\sessmgr.exe"= 
      "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= 
      "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= 
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= 
       
      R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [09.04.2009 15:18 107256] 
      R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [09.04.2009 15:21 94360] 
      R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\System\CPL Bonus\vcdrom.sys [01.06.2009 00:59 8576] 
      R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [09.04.2009 15:19 731840] 
      R2 ZeppelinService;plasservice;c:\program files\Common Files\ParetoLogic\PLAS\plasservice.exe [18.02.2009 14:40 587216] 
      R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [10.02.2007 05:04 14336] 
      S2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [30.06.2008 02:35 357182] 
       
      --- Other Services/Drivers In Memory --- 
       
      *NewlyCreated* - VCDROM 
       
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] 
      RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register 
      . 
      - - - - ORPHANS REMOVED - - - - 
       
      SafeBoot-procexp90.Sys 
       
       
      . 
      ------- Supplementary Scan ------- 
      . 
      uStart Page = hxxp://www.google.com.tr 
      uInternet Connection Wizard,ShellNext = hxxp://www.google.com.tr/ 
      IE: Bütün linkleri IDM ile indir - c:\programlar\Internet Download Manager\IEGetAll.htm 
      IE: FLV video içeriğini IDM ile indir - c:\programlar\Internet Download Manager\IEGetVL.htm 
      IE: IDM ile indir - c:\programlar\Internet Download Manager\IEExt.htm 
      IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll 
      FF - ProfilePath - c:\documents and settings\XPlus 2009\Application Data\Mozilla\Firefox\Profiles\c4bx6ap9.default\ 
      FF - prefs.js: browser.search.selectedEngine - SpamMeNot 
      FF - component: c:\documents and settings\XPlus 2009\Application Data\IDM\idmmzcc3\components\idmmzcc.dll 
       
      ---- FIREFOX POLICIES ---- 
      c:\programlar\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.enforce_same_site_origin", false); 
      c:\programlar\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.cache_size", 51200); 
      c:\programlar\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.ogg.enabled", true); 
      c:\programlar\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.wave.enabled", true); 
      c:\programlar\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.autoplay.enabled", true); 
      c:\programlar\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); 
      c:\programlar\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); 
      c:\programlar\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("dom.storage.default_quota",      5120); 
      c:\programlar\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); 
      c:\programlar\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("gestures.enable_single_finger_input", true); 
      c:\programlar\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); 
      c:\programlar\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); 
      c:\programlar\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); 
      c:\programlar\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); 
      c:\programlar\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); 
      c:\programlar\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); 
      c:\programlar\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); 
      c:\programlar\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); 
      c:\programlar\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); 
      . 
       
      ************************************************************************** 
       
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net 
      Rootkit scan 2008-07-01 02:30 
      Windows 5.1.2600 Service Pack 3 NTFS 
       
      scanning hidden processes ...   
       
      scanning hidden autostart entries ...  
       
      scanning hidden files ...   
       
      scan completed successfully 
      hidden files: 0 
       
      ************************************************************************** 
      . 
      --------------------- DLLs Loaded Under Running Processes --------------------- 
       
      - - - - - - - > 'winlogon.exe'(712) 
      c:\windows\system32\SETUPAPI.dll 
      c:\windows\system32\cscui.dll 
       
      - - - - - - - > 'lsass.exe'(768) 
      c:\windows\system32\setupapi.dll 
      . 
      Completion time: 2008-06-30  2:31 
      ComboFix-quarantined-files.txt  2008-06-30 23:31 
       
      Pre-Run: 41.564.692.480 bayt boş 
      Post-Run: 43.790.888.960 bayt boş 
       
      248

    Hijackthis 
    Logfile of Trend Micro HijackThis v2.0.2 
      Scan saved at 02:13:18, on 01.07.2008 
      Platform: Windows XP SP3 (WinNT 5.01.2600) 
      MSIE: Internet Explorer v7.00 (7.00.6000.20935) 
      Boot mode: Normal 
       
      Running processes: 
      C:\WINDOWS\System32\smss.exe 
      C:\WINDOWS\system32\winlogon.exe 
      C:\WINDOWS\system32\services.exe 
      C:\WINDOWS\system32\lsass.exe 
      C:\WINDOWS\system32\svchost.exe 
      C:\WINDOWS\System32\svchost.exe 
      C:\WINDOWS\system32\spoolsv.exe 
      C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe 
      C:\WINDOWS\system32\nvsvc32.exe 
      C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe 
      C:\WINDOWS\Explorer.EXE 
      C:\WINDOWS\system32\RUNDLL32.EXE 
      C:\WINDOWS\system32\mmm.exe 
      C:\Program Files\XPlus Live! 2009\vistart\vistart.exe 
      C:\Program Files\XPlus Live! 2009\VisualTask\VisualTask.exe 
      C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe 
      C:\Program Files\Analog Devices\Core\smax4pnp.exe 
      C:\Program Files\Analog Devices\SoundMAX\Smax4.exe 
      C:\Program Files\RocketDock\RocketDock.exe 
      C:\Program Files\Windows Sidebar\sidebar.exe 
      C:\WINDOWS\system32\ctfmon.exe 
      C:\Programlar\Internet Download Manager\IDMan.exe 
      C:\Program Files\Windows Sidebar\sidebar.exe 
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe 
      C:\Program Files\Windows Live\Contacts\wlcomm.exe 
      C:\Programlar\Mozilla Firefox 3.5 Beta 4\firefox.exe 
      C:\Documents and Settings\XPlus 2009\Desktop\ComboFix.exe 
      C:\Documents and Settings\XPlus 2009\Belgelerim\Downloads\Programs\HiJackThis.exe 
       
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = •·.·´¯`·.·•Windows XPlus Live! 2009•·.·´¯`·.·• by Ultimatefe 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar 
      O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programlar\Internet Download Manager\IDMIECC.dll 
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
      O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll 
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install 
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit 
      O4 - HKLM\..\Run: [RightClick Menu] C:\WINDOWS\system32\mmm.exe 
      O4 - HKLM\..\Run: [Vistart] C:\Program Files\XPlus Live! 2009\vistart\vistart.exe 
      O4 - HKLM\..\Run: [Visual Task] C:\Program Files\XPlus Live! 2009\VisualTask\VisualTask.exe 
      O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe 
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice 
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe 
      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray 
      O4 - HKLM\..\Run: [ParetoLogic Anti-Virus PLUS] "C:\Programlar\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" -NM -hidesplash 
      O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" 
      O4 - HKCU\..\Run: [TransBar] C:\Program Files\XPlus Live! 2009\TransBar\TransBar.exe /s 
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun 
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 
      O4 - HKCU\..\Run: [IDMan] C:\Programlar\Internet Download Manager\IDMan.exe /onboot 
      O4 - HKUS\S-1-5-20\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'NETWORK SERVICE') 
      O4 - HKUS\S-1-5-20\..\Run: [TransBar] C:\Program Files\XPlus Live! 2009\TransBar\TransBar.exe /s (User 'NETWORK SERVICE') 
      O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') 
      O4 - HKUS\S-1-5-18\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'SYSTEM') 
      O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') 
      O4 - HKUS\.DEFAULT\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'Default user') 
      O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') 
      O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Programlar\Internet Download Manager\IEGetAll.htm 
      O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Programlar\Internet Download Manager\IEGetVL.htm 
      O8 - Extra context menu item: IDM ile indir - C:\Programlar\Internet Download Manager\IEExt.htm 
      O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll 
      O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll 
      O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\WINDOWS\reset.exe 
      O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe 
      O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe 
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe 
      O23 - Service: plasservice (ZeppelinService) - ParetoLogic Inc. - C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe 
       
      -- 
      End of file - 5993 bytes




    • 
Sayfa: önceki 380381382383384
Sayfaya Git
Git
sonraki
- x
Bildirim
mesajınız kopyalandı (ctrl+v) yapıştırmak istediğiniz yere yapıştırabilirsiniz.
Hizmet kalitesi için çerezleri kullanabiliriz, DH'yi kullanırken depoladığımız çerezlerle ilgili veri politikamıza gözatın.
Kabul Ediyorum