Üye Girişi
Bağlan Google+ ile Bağlan Facebook ile Bağlan
Yeni Kayıt
Tüm Forumlar
  • Tüm Forumlar
  • İşletim Sistemleri ve Yazılımlar
  • Yazılım Genel
  • Güvenlik Programları
  • Bu Konuda
Şimdi Ara

HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (440. sayfa)

Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Daha Fazla
Bu Konudaki Kullanıcılar: Daha Az
3 Misafir - 3 Masaüstü
5 sn
9.877
Cevap
17
Favori
1.234.522
Tıklama
Daha Fazla
İstatistik
  • Konu İstatistikleri Yükleniyor
Konuya Özel
0 oy
Öne Çıkar
Cevapla
Sayfa: önceki 438439440441442
Sayfaya Git
Git
sonraki
Giriş
Mesaj
  • slm arkadaşlar bilgisayarım ve netim son 1 aydır aşırı yavaş 8mbps kullanmama rağmen ,logu ekledim şimdiden tşkler

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:21:48, on 17.10.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\System Control Manager\MSIService.exe
    C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
    C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
    C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
    C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
    C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
    c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\System Control Manager\MGSysCtrl.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe
    C:\Program Files\Centra\Client\bin\centraSystray.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Documents and Settings\ykbursa\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\GRETECH\GOMPLA~1\GOM.exe
    C:\Documents and Settings\ykbursa\Desktop\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
    O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ykbursa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Web Video Downloader] "C:\Program Files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe"
    O4 - HKCU\..\Run: [Centra Launcher] C:\Program Files\Centra\Client\bin\centraSystray.exe /startup
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.arabaoyunu.gen.tr/oyun/36/BMW--Oyunu.html"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242252667671
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{35E12F78-9EEC-4C04-819F-739E4B7DAABD}: NameServer = 212.175.13.116,212.175.13.114,212.175.13.115
    O17 - HKLM\System\CCS\Services\Tcpip\..\{46DBB272-3AE0-4FAA-ADCF-4BF4D8B58D36}: NameServer = 212.175.13.116,212.175.13.114,212.175.13.115
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F4F92FE0-B672-4610-A24F-8698A625DD02}: NameServer = 4.2.2.2,4.2.2.3
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe
    O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
    O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
    O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
    O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe

    --
    End of file - 11225 bytes




  • Serji selam combofix.txt verileri aşağıda.Benim laptoptaki norton u combofixi calıştırmadan kapatamadım.Norton açık şekilde çalıştı.
    İlgin,alakan için çok teşekkürler.



    ComboFix 09-10-11.03 - user 18.10.2009 0:48.2.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1254.90.1033.18.3069.1728 [GMT 3:00]
    Running from: c:\users\user\Desktop\ComboFix.exe
    AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-2222427517-1823443285-4178692427-1001

    .
    ((((((((((((((((((((((((( Files Created from 2009-09-17 to 2009-10-17 )))))))))))))))))))))))))))))))
    .

    2009-10-17 21:56 . 2009-10-17 21:56 -------- d-----w- c:\users\user\AppData\Local\temp
    2009-10-17 21:56 . 2009-10-17 21:56 -------- d-----w- c:\users\Public\AppData\Local\temp
    2009-10-17 21:56 . 2009-10-17 21:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-10-17 21:56 . 2009-10-17 21:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2009-10-14 17:29 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
    2009-10-14 17:28 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
    2009-10-14 17:28 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2009-10-14 17:17 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
    2009-10-14 17:17 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
    2009-10-14 17:16 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
    2009-10-13 20:32 . 2009-10-13 20:32 -------- d-----w- c:\users\user\AppData\Roaming\Logitech
    2009-10-13 20:29 . 2009-02-18 21:26 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
    2009-10-13 20:29 . 2009-02-18 21:27 84496 ----a-w- c:\windows\system32\KemXML.dll
    2009-10-13 20:29 . 2009-02-18 21:27 117264 ----a-w- c:\windows\system32\KemWnd.dll
    2009-10-13 20:29 . 2009-02-18 21:27 145936 ----a-w- c:\windows\system32\KemUtil.dll
    2009-10-13 20:29 . 2009-02-18 21:27 170512 ----a-w- c:\windows\system32\kemutb.dll
    2009-10-13 20:28 . 2009-10-13 20:28 -------- d-----w- c:\programdata\Logitech
    2009-10-09 19:05 . 2009-10-09 19:05 -------- d-----w- c:\program files\uTorrent
    2009-10-06 20:43 . 2009-10-06 21:53 -------- d-----w- c:\users\user\AppData\Roaming\Move Networks
    2009-09-30 21:21 . 2009-09-30 21:21 -------- d-----w- c:\program files\Microsoft
    2009-09-28 21:14 . 2009-10-17 13:31 -------- d-----w- c:\users\user\AppData\Roaming\uTorrent

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-10-17 13:31 . 2008-05-16 17:34 4760 ----a-w- c:\windows\bthservsdp.dat
    2009-10-17 12:52 . 2008-11-23 19:38 -------- d-----w- c:\programdata\Symantec
    2009-10-14 18:50 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-10-13 20:33 . 2009-10-13 20:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
    2009-10-13 20:28 . 2008-05-16 18:35 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-10-13 20:28 . 2008-08-15 17:06 -------- d-----w- c:\program files\Common Files\LogiShrd
    2009-09-29 03:01 . 2008-11-23 19:38 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2009-09-29 03:01 . 2008-06-07 12:11 -------- d-----w- c:\program files\Common Files\Skype
    2009-09-29 03:01 . 2008-06-07 12:00 -------- d-----w- c:\program files\Picasa2
    2009-09-29 03:01 . 2008-06-07 11:42 -------- d-----w- c:\programdata\Microsoft Help
    2009-09-29 03:01 . 2008-05-16 20:30 -------- d-----w- c:\programdata\FLEXnet
    2009-09-29 03:01 . 2008-05-16 18:05 -------- d-----w- c:\program files\Google
    2009-09-11 15:41 . 2008-08-15 17:06 -------- d-----w- c:\program files\Common Files\Logitech
    2009-08-29 20:41 . 2008-08-15 15:00 108600 ----a-w- c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-08-29 19:37 . 2009-08-28 20:51 -------- d-----w- c:\users\user\AppData\Roaming\Nokia
    2009-08-29 19:34 . 2009-08-29 19:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
    2009-08-29 19:34 . 2009-08-28 20:51 -------- d-----w- c:\users\user\AppData\Roaming\PC Suite
    2009-08-29 19:33 . 2009-08-28 20:51 -------- d-----w- c:\programdata\PC Suite
    2009-08-29 19:33 . 2009-08-29 19:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
    2009-08-29 10:50 . 2009-08-29 10:15 -------- d-----w- c:\programdata\Nokia
    2009-08-29 10:50 . 2009-08-28 20:45 -------- d-----w- c:\program files\Nokia
    2009-08-29 10:38 . 2009-08-29 10:38 -------- d-----w- c:\users\user\AppData\Roaming\AdobeUM
    2009-08-29 10:23 . 2009-08-28 20:44 -------- d-----w- c:\programdata\Installations
    2009-08-29 10:20 . 2009-08-28 20:50 -------- d-----w- c:\program files\Common Files\Nokia
    2009-08-29 00:27 . 2009-09-03 20:02 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2009-08-29 00:14 . 2009-09-03 20:02 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2009-08-28 20:52 . 2009-08-28 20:50 -------- d-----w- c:\program files\DIFX
    2009-08-28 20:50 . 2009-08-28 20:50 -------- d-----w- c:\program files\Common Files\PCSuite
    2009-08-28 20:48 . 2009-08-28 20:48 -------- d-----w- c:\program files\PC Connectivity Solution
    2009-08-27 05:22 . 2009-10-14 17:48 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-08-27 05:17 . 2009-10-14 17:48 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-08-27 05:17 . 2009-10-14 17:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-08-27 03:42 . 2009-10-14 17:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-08-25 20:35 . 2009-08-20 18:36 -------- d-----w- c:\program files\HP
    2009-08-22 17:26 . 2009-08-22 17:24 169109 ----a-w- c:\windows\hpqins00.dat
    2009-08-20 20:05 . 2009-08-20 20:05 -------- d-----w- c:\users\user\AppData\Roaming\HP
    2009-08-20 18:51 . 2009-08-20 18:32 146076 ----a-w- c:\windows\HPHins18.dat
    2009-08-20 18:51 . 2009-08-20 18:51 -------- d-----w- c:\programdata\WEBREG
    2009-08-20 18:44 . 2009-08-20 18:31 -------- d-----w- c:\programdata\HP
    2009-08-20 18:40 . 2009-08-20 18:40 -------- d-----w- c:\programdata\HP Product Assistant
    2009-08-20 18:38 . 2009-08-20 18:38 -------- d-----w- c:\program files\Common Files\HP
    2009-08-20 18:31 . 2009-08-20 18:31 -------- d-----w- c:\programdata\Hewlett-Packard
    2009-08-20 12:09 . 2009-08-20 12:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
    2009-08-14 16:27 . 2009-09-08 17:43 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2009-08-14 15:53 . 2009-09-08 17:43 17920 ----a-w- c:\windows\system32\netevent.dll
    2009-08-14 13:49 . 2009-09-08 17:43 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
    2009-08-14 13:49 . 2009-09-08 17:43 17920 ----a-w- c:\windows\system32\ROUTE.EXE
    2009-08-14 13:49 . 2009-09-08 17:43 11264 ----a-w- c:\windows\system32\MRINFO.EXE
    2009-08-14 13:49 . 2009-09-08 17:43 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
    2009-08-14 13:49 . 2009-09-08 17:43 19968 ----a-w- c:\windows\system32\ARP.EXE
    2009-08-14 13:49 . 2009-09-08 17:43 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
    2009-08-14 13:49 . 2009-09-08 17:43 10240 ----a-w- c:\windows\system32\finger.exe
    2009-08-14 13:48 . 2009-09-08 17:43 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2009-08-14 13:48 . 2009-09-08 17:43 105984 ----a-w- c:\windows\system32\netiohlp.dll
    2009-08-03 16:07 . 2009-08-03 16:07 38448 ----a-w- c:\windows\system32\drivers\symndisv.sys
    2009-08-03 16:07 . 2009-08-03 16:07 39856 ----a-w- c:\windows\system32\drivers\symids.sys
    2009-08-03 16:07 . 2009-08-03 16:07 26416 ----a-w- c:\windows\system32\drivers\symredrv.sys
    2009-08-03 16:07 . 2009-08-03 16:07 188080 ----a-w- c:\windows\system32\drivers\symtdi.sys
    2009-08-03 16:07 . 2009-08-03 16:07 145968 ----a-w- c:\windows\system32\drivers\symfw.sys
    2009-08-03 16:07 . 2009-08-03 16:07 12720 ----a-w- c:\windows\system32\drivers\symdns.sys
    2009-07-26 13:44 . 2009-07-26 13:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-10-15_23.08.40 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-21 01:58 . 2009-10-17 21:38 65160 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-08-15 15:02 . 2009-10-17 21:38 12530 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-218453308-1134928092-3396836873-1000_UserData.bin
    - 2008-08-15 15:02 . 2009-10-15 16:27 12530 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-218453308-1134928092-3396836873-1000_UserData.bin
    + 2008-08-15 15:00 . 2009-10-17 21:50 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-08-15 15:00 . 2009-10-15 21:41 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-08-15 15:00 . 2009-10-17 21:50 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-08-15 15:00 . 2009-10-15 21:41 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-15 15:00 . 2009-10-17 21:50 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-08-15 15:00 . 2009-10-15 21:41 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-10-17 21:35 . 2009-10-17 21:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-10-15 16:24 . 2009-10-15 16:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-10-15 16:24 . 2009-10-15 16:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-10-17 21:35 . 2009-10-17 21:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-08-15 15:18 . 2009-10-17 10:49 481616 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2006-11-02 13:05 . 2009-10-17 21:38 111158 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-08-15 15:09 . 2009-10-14 22:25 3986904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2008-08-15 15:09 . 2009-10-17 13:31 3986904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-11-05 262144]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-03-26 1093632]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-29 6111232]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2008-05-13 06:45 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):f7,0e,c3,cd,0f,df,c9,01

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-218453308-1134928092-3396836873-1000]
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{3B3C0637-4556-4103-BF35-9FFAA6D23898}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
    "{9D29EB86-3827-44DA-AEA7-A9BFCA2CC425}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
    "{C781E395-459D-4FA1-85F4-0CB0F261A6C9}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
    "{E19D5164-DBA1-4D8C-8126-3B75153D9C61}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
    "{0D026182-102B-4E31-9E67-4942A68DA68B}"= UDP:c:\program files\Sony\VAIO Media plus\VMp.exe:VAIO Media plus
    "{37817CC8-1C16-4A7C-99D9-BA79CD456CA6}"= TCP:c:\program files\Sony\VAIO Media plus\VMp.exe:VAIO Media plus
    "{B902B57D-B9C4-46B0-B8FB-85CE492BF2A3}"= UDP:c:\program files\Sony\VAIO Media plus\SOHDms.exe:VAIO Media plus Digital Media Server
    "{637FD1DA-FD2C-4209-8CE7-8B368C77B8C7}"= TCP:c:\program files\Sony\VAIO Media plus\SOHDms.exe:VAIO Media plus Digital Media Server
    "{F0C2CAAB-34F5-470A-B248-AD934EF67111}"= UDP:c:\program files\Sony\VAIO Media plus\SOHCImp.exe:VAIO Media plus Content Importer
    "{EEEE0DDA-9670-4479-9BC1-DB421BF12E99}"= TCP:c:\program files\Sony\VAIO Media plus\SOHCImp.exe:VAIO Media plus Content Importer
    "{9BF8B7CC-A289-44ED-904F-5F8C30252924}"= UDP:c:\program files\Sony\VAIO Media plus\SOHDs.exe:VAIO Media plus Device Searcher
    "{DD66235E-CF71-46E4-BB1C-79702C008CDF}"= TCP:c:\program files\Sony\VAIO Media plus\SOHDs.exe:VAIO Media plus Device Searcher
    "{63D216C9-D64A-433B-8E00-C0E27C4E2AC0}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{A543F0AC-F6BC-49F1-AE54-60A4732C19B9}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{6AE833AF-8BFD-48F0-A485-5895E5E2ADE0}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{28C47B28-4196-43A1-B35C-2FC67A678018}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{7ACB07A1-D3A7-410E-AFFC-0CFF333B7C9D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{B479B9B4-A3E9-49F6-976D-2CFAEB35B820}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20091006.001\IDSvix86.sys [14.10.2009 00:59 272432]
    R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [07.06.2008 15:17 299008]
    R2 regi;regi;c:\windows\System32\drivers\regi.sys [18.04.2007 06:09 11032]
    R2 RtkHDMIService;RtkHDMIService;c:\windows\RTKAUDIOSERVICE.EXE [16.05.2008 21:43 98304]
    R2 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [07.06.2008 15:15 104288]
    R2 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [07.06.2008 15:15 350048]
    R2 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [07.06.2008 15:15 63328]
    R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [07.06.2008 15:06 104960]
    R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [21.01.2009 00:35 411488]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\System32\drivers\ArcSoftKsUFilter.sys [07.06.2008 15:06 17408]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [16.05.2008 21:45 28464]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27.08.2009 21:13 102448]
    R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [28.04.2008 16:29 3658752]
    R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [17.12.2007 04:57 9344]
    R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [03.08.2009 19:07 38448]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [07.06.2008 15:13 333088]
    S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11.09.2007 10:45 124832]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [07.06.2008 15:13 87328]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - COMHOST

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-10-12 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - user.job
    - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 10:09]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: {C4933189-0D2C-4F3F-B6F6-34828CD37E91} = 208.67.222.222,208.67.220.220
    FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\lkmb2pds.default\
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\users\user\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\users\user\AppData\Roaming\Move Networks\plugins\npqmp071504000001.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-AirTies ADSL Hizmet Programy_is1 - c:\program files\AirTies\unins000.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
    Rootkit scan 2009-10-18 00:56
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b4

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(6024)
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\windows\system32\btmmhook.dll
    .
    Completion time: 2009-10-17 0:58
    ComboFix-quarantined-files.txt 2009-10-17 21:58
    ComboFix2.txt 2009-10-15 23:11

    Pre-Run: 34.687.619.072 bytes free
    Post-Run: 34.574.352.384 bytes free

    283 --- E O F --- 2009-10-14 18:02




  • quote:

    Orijinalden alıntı: dezz
    işte böle bir sonuç çıktı ee sorun neymiş?

    Malwarebytes Antimalware adlı programı indirin.

    http://www.buraksonmez.com/dosyalar/mbam-setup.exe

    * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
    * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
    * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
    * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
    * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
    * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
    * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
    * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
    * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

    NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.




  • quote:

    Orijinalden alıntı: No62

    Buyur hocam ;)

    Çok sorun gözükmüyor. 

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://hcbo.roleplaylife.net/forum.htm 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =  
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =  
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll



    quote:

    Orijinalden alıntı: BabyIcey

    Verdiğiniz program sayesinde başaralı bir şekilde kaldırdım.

    Ve Yeni ComboFix Sonuçları :

    The Avenger adlı programı masaüstünüze indirin.

    http://www.buraksonmez.com/dosyalar/avenger.exe

    1. Aşağıda renkli yazılmış olan yazıların tamamını seçip CTRL+C basın ve kopyalayın. 

    Drivers to disable: 
      npggsvc 
       
      Drivers to delete: 
      npggsvc


    2. Program ikonunun üzerine çift tıklayarak programı çalıştırın.

    * Load Script altında Paste from Clipboard seçin.
    * Execute butonuna basın.
    * Program soru sorarsa Evet tıklayın.

    3. bilgisayarınız yeniden başlayacak. (2 kez yeniden başlayabilir) Daha sonra bir takım işlemler yapılacaktır.
    4. Tarama işlemi bittikten sonra C:\avenger.txt olarak bir log dosyası yaratılacaktır. (Yedekleriniz C:\avenger\backup.zip dizininde olacaktır.)
    5. C:\avenger.txt dosyasını mesajınıza ekleyerek bize gönderin. [code][/code]

    Malwarebytes Antimalware adlı programı indirin.

    http://www.buraksonmez.com/dosyalar/mbam-setup.exe

    * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
    * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
    * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
    * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
    * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
    * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
    * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
    * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
    * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

    NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.




  • quote:

    Orijinalden alıntı: ozzyouz

    combofix açılırken ;
    HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+


    Windows7'de bazen sorun cikartiyor. Uyumluluk modunu deneyin.


    quote:

    Orijinalden alıntı: baba_muhtar

    Önemli dosyalarınız varsa yedek alın.

    The Avenger adlı programı masaüstünüze indirin.

    http://www.buraksonmez.com/dosyalar/avenger.exe

    1. Aşağıda renkli yazılmış olan yazıların tamamını seçip CTRL+C basın ve kopyalayın. 

    Drivers to disable: 
      WIN32X 
      ndlchqadv 
       
      Drivers to delete: 
      WIN32X 
      ndlchqadv


    2. Program ikonunun üzerine çift tıklayarak programı çalıştırın.

    * Load Script altında Paste from Clipboard seçin.
    * Execute butonuna basın.
    * Program soru sorarsa Evet tıklayın.

    3. bilgisayarınız yeniden başlayacak. (2 kez yeniden başlayabilir) Daha sonra bir takım işlemler yapılacaktır.
    4. Tarama işlemi bittikten sonra C:\avenger.txt olarak bir log dosyası yaratılacaktır. (Yedekleriniz C:\avenger\backup.zip dizininde olacaktır.)
    5. C:\avenger.txt dosyasını mesajınıza ekleyerek bize gönderin. [code][/code]

    Malwarebytes Antimalware adlı programı indirin.

    http://www.buraksonmez.com/dosyalar/mbam-setup.exe

    * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
    * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
    * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
    * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
    * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
    * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
    * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
    * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
    * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

    NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.




  • quote:

    Orijinalden alıntı: ahmet_166

    slm arkadaşlar bilgisayarım ve netim son 1 aydır aşırı yavaş 8mbps kullanmama rağmen ,logu ekledim şimdiden tşkler 

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks= 
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com, 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar 
      O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll 
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll 
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll 
      O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll  
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"  
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k  
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background  
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') 
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') 
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present 
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present  
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    ComboFix adlı programı masaüstünüze indirin.

    http://www.buraksonmez.com/dosyalar/ComboFix.exe

    1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
    2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
    3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
    4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
    5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
    6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
    7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
    8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
    9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.


    quote:

    Orijinalden alıntı: huso11

    Serji selam combofix.txt verileri aşağıda.Benim laptoptaki norton u combofixi calıştırmadan kapatamadım.Norton açık şekilde çalıştı.
    İlgin,alakan için çok teşekkürler.

    Malwarebytes Antimalware adlı programı indirin.

    http://www.buraksonmez.com/dosyalar/mbam-setup.exe

    * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
    * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
    * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
    * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
    * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
    * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
    * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
    * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
    * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

    NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.




  • Teşekkürler hocam. Önerdiğiniz antispyware var mı onguard özelliği olacak

    Avg antispyware memnun kaldım fakat güncelleme servisine bir türlü bağlanamadı o yüzden sildim
    Spybot s&d on guard özelliği yok
    Spyware doctor 7 yi denedim paralı lisans almama rağmen lisansımı yerleştiremedim direk smart updateye bağlanıyor oda abonelik durumunuz aktif değil diyor programın içine giremiyorum ki abone durumumu aktif edeyim. Bu yüzden bu programda yattı...
    Superantispyware işime yaramadı cookie den başka birşey bulmuyor...

    Şimdiden Teşekkürler
    Spyware doctor a bir çözüm yolu varsa çok iyi olur yok ise önerdiğiniz programı satın alabilirim ;)



    < Bu mesaj bu kişi tarafından değiştirildi No62 -- 18 Ekim 2009; 12:56:48 >
  • The Avenger Sonuçları : 
    ////////////////////////////////////////// 
        Avenger Pre-Processor log 
      ////////////////////////////////////////// 
       
      Platform: Windows XP (build 2600, Service Pack 3) 
      Sun Oct 18 12:23:34 2009 
       
      12:23:34: Error: Invalid script.  A valid script must begin with a command directive. 
      Aborting execution! 
       
       
      ////////////////////////////////////////// 
       
       
      ////////////////////////////////////////// 
        Avenger Pre-Processor log 
      ////////////////////////////////////////// 
       
      Platform: Windows XP (build 2600, Service Pack 3) 
      Sun Oct 18 12:26:16 2009 
       
      12:26:16: Error: Invalid script.  A valid script must begin with a command directive. 
      Aborting execution! 
       
       
      ////////////////////////////////////////// 
       
       
      ////////////////////////////////////////// 
        Avenger Pre-Processor log 
      ////////////////////////////////////////// 
       
      Platform: Windows XP (build 2600, Service Pack 3) 
      Sun Oct 18 12:26:28 2009 
       
      12:26:28: Error: Invalid script.  A valid script must begin with a command directive. 
      Aborting execution! 
       
       
      ////////////////////////////////////////// 
       
       
      Logfile of The Avenger Version 2.0, (c) by Swandog46 
     http://swandog46.geekstogo.com 
       
      Platform:  Windows XP 
       
      ******************* 
       
      Script file opened successfully. 
      Script file read successfully. 
       
      Backups directory opened successfully at C:\Avenger 
       
      ******************* 
       
      Beginning to process script file: 
       
      Rootkit scan active. 
      No rootkits found! 
       
      Driver "npggsvc" disabled successfully. 
      Driver "npggsvc" deleted successfully. 
       
      Completed script processing. 
       
      ******************* 
       
      Finished!  Terminate.

    Malwarebytes' Anti-Malware Sonuçları : 
    Malwarebytes' Anti-Malware 1.40 
      Veritabanı sürümü: 2551 
      Windows 5.1.2600 Service Pack 3 
       
      18.10.2009 13:32:48 
      mbam-log-2009-10-18 (13-32-48).txt 
       
      Tarama biçimi: Gelişmiş Tarama (C:\|D:\|E:\|) 
      Taranan öğeler: 199944 
      Geçen süre: 50 minute(s), 56 second(s) 
       
      Etkilenmiş Hafıza İşlemleri: 0 
      Etkilenmiş Hafıza Modülleri: 0 
      Etkilenmiş Kayıt Anahtarları: 0 
      Etkilenmiş Kayıt Değerleri: 0 
      Etkilenmiş Kayıt Verisi Öğeleri: 0 
      Etkilenmiş Klasörler: 0 
      Etkilenmiş Dosyalar: 0 
       
      Etkilenmiş Hafıza İşlemleri: 
      (Herhangi bir tehlikeli öğe bulunmadı) 
       
      Etkilenmiş Hafıza Modülleri: 
      (Herhangi bir tehlikeli öğe bulunmadı) 
       
      Etkilenmiş Kayıt Anahtarları: 
      (Herhangi bir tehlikeli öğe bulunmadı) 
       
      Etkilenmiş Kayıt Değerleri: 
      (Herhangi bir tehlikeli öğe bulunmadı) 
       
      Etkilenmiş Kayıt Verisi Öğeleri: 
      (Herhangi bir tehlikeli öğe bulunmadı) 
       
      Etkilenmiş Klasörler: 
      (Herhangi bir tehlikeli öğe bulunmadı) 
       
      Etkilenmiş Dosyalar: 
      (Herhangi bir tehlikeli öğe bulunmadı)




  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:40:39, on 15.11.2002
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Administrator\Belgelerim\Alınan Dosyalarım\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://go.microsoft.com/fwlink/?LinkId=74005
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5863 bytes





    Serji ,kardeş pc ye yeniş format attım ilgilenirsen sevinirim.

    (Pc ye yeni format atmama rağmen internetexplorerda örneğin facebooka bağlanamıyorum.Bu web sitesinin güvenlik sertifikasında sorun var. diye ibare çıkıyor.vb....



    < Bu mesaj bu kişi tarafından değiştirildi KIZILÖTESİİ -- 18 Ekim 2009; 14:42:18 >




  • quote:

    Orijinalden alıntı: serji
    The Avenger adlı programı masaüstünüze indirin.

    Malwarebytes Antimalware adlı programı indirin.


    the avenger sonuçları 
    ////////////////////////////////////////// 
        Avenger Pre-Processor log 
      ////////////////////////////////////////// 
       
      Platform: Windows XP (build 2600, Service Pack 3) 
      Sun Oct 18 14:46:59 2009 
       
      14:46:59: Error: Could not register cleanup. 
      Aborting execution! (error 0: ??lem ba?ar?yla tamamland?.) 
       
       
      ////////////////////////////////////////// 
       
       
      Logfile of The Avenger Version 2.0, (c) by Swandog46 
     http://swandog46.geekstogo.com 
       
      Platform:  Windows XP 
       
      ******************* 
       
      Script file opened successfully. 
      Script file read successfully. 
       
      Backups directory opened successfully at C:\Avenger 
       
      ******************* 
       
      Beginning to process script file: 
       
      Rootkit scan active. 
      No rootkits found! 
       
       
      Error:  could not open driver "WIN32X" 
      Disablement of driver "WIN32X" failed! 
      Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) 
        --> the object does not exist 
       
       
      Error:  could not open driver "ndlchqadv" 
      Disablement of driver "ndlchqadv" failed! 
      Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) 
        --> the object does not exist 
       
       
      Error:  registry key "\Registry\Machine\System\CurrentControlSet\Services\WIN32X" not found! 
      Deletion of driver "WIN32X" failed! 
      Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) 
        --> the object does not exist 
       
       
      Error:  registry key "\Registry\Machine\System\CurrentControlSet\Services\ndlchqadv" not found! 
      Deletion of driver "ndlchqadv" failed! 
      Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) 
        --> the object does not exist 
       
       
      Completed script processing. 
       
      ******************* 
       
      Finished!  Terminate.

    Malwarebytes Antimalware sonuçları 
    Malwarebytes' Anti-Malware 1.41 
      Veritabanı sürümü: 2979 
      Windows 5.1.2600 Service Pack 3 
       
      18.10.2009 16:39:42 
      mbam-log-2009-10-18 (16-39-42).txt 
       
      Tarama biçimi: Gelişmiş Tarama (A:\|C:\|D:\|E:\|F:\|) 
      Taranan öğeler: 188898 
      Geçen süre: 1 hour(s), 2 minute(s), 22 second(s) 
       
      Etkilenmiş Hafıza İşlemleri: 0 
      Etkilenmiş Hafıza Modülleri: 0 
      Etkilenmiş Kayıt Anahtarları: 0 
      Etkilenmiş Kayıt Değerleri: 0 
      Etkilenmiş Kayıt Verisi Öğeleri: 1 
      Etkilenmiş Klasörler: 0 
      Etkilenmiş Dosyalar: 0 
       
      Etkilenmiş Hafıza İşlemleri: 
      (Herhangi bir tehlikeli öğe bulunmadı) 
       
      Etkilenmiş Hafıza Modülleri: 
      (Herhangi bir tehlikeli öğe bulunmadı) 
       
      Etkilenmiş Kayıt Anahtarları: 
      (Herhangi bir tehlikeli öğe bulunmadı) 
       
      Etkilenmiş Kayıt Değerleri: 
      (Herhangi bir tehlikeli öğe bulunmadı) 
       
      Etkilenmiş Kayıt Verisi Öğeleri: 
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. 
       
      Etkilenmiş Klasörler: 
      (Herhangi bir tehlikeli öğe bulunmadı) 
       
      Etkilenmiş Dosyalar: 
      (Herhangi bir tehlikeli öğe bulunmadı)




  • quote:

    Orijinalden alıntı: No62

    Teşekkürler hocam. Önerdiğiniz antispyware var mı onguard özelliği olacak

    Avg antispyware memnun kaldım fakat güncelleme servisine bir türlü bağlanamadı o yüzden sildim
    Spybot s&d on guard özelliği yok
    Spyware doctor 7 yi denedim paralı lisans almama rağmen lisansımı yerleştiremedim direk smart updateye bağlanıyor oda abonelik durumunuz aktif değil diyor programın içine giremiyorum ki abone durumumu aktif edeyim. Bu yüzden bu programda yattı...
    Superantispyware işime yaramadı cookie den başka birşey bulmuyor...

    Şimdiden Teşekkürler
    Spyware doctor a bir çözüm yolu varsa çok iyi olur yok ise önerdiğiniz programı satın alabilirim ;)

    WebRoot Spysweeper denemeni öneririm. Bir dene eğer memnun kalmazsan o zaman Doctor için bakarız.




  • quote:

    Orijinalden alıntı: BabyIcey

    The Avenger Sonuçları :

    Şimdi tekrar ComboFix logu alabilr miyim?


    quote:

    Orijinalden alıntı: KIZILÖTESİİ
    Serji ,kardeş pc ye yeniş format attım ilgilenirsen sevinirim.

    (Pc ye yeni format atmama rağmen internetexplorerda örneğin facebooka bağlanamıyorum.Bu web sitesinin güvenlik sertifikasında sorun var. diye ibare çıkıyor.vb....

    * HijackThis adlı programı açın.
    * Do a system scan only seçeneğine tıklayın.
    * Aşağıdaki satırları işaretleyin. 


    R1 - HKC 
      U\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://go.microsoft.com/fwlink/?LinkId=74005 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar 
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll 
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll 
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll 
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll 
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll  
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" 
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe 
      O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe  
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll 
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll 
      O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL  
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. (Yalnızca kullanıcı adınızın karşısındaki işlemleri sonlandırın. Local Service, network, system olanlara dokunmayın). HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.

    ComboFix adlı programı masaüstünüze indirin.

    http://www.buraksonmez.com/dosyalar/ComboFix.exe

    1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
    2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
    3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
    4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
    5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
    6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
    7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
    8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
    9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.




  • quote:

    Orijinalden alıntı: baba_muhtar

    ComboFix ile tekrar taratip log atar misin?
  • Spysweeper tam sürümüne satın almadan nasıl ulaşabilirim. Elinizde şerbeti var ise pmden gönderirseniz sevinirim. Güncelleme yapmıyor da :)
  • Buyrun yeni ComboFix sonuçları : 

    ComboFix 09-10-17.01 - Gorkemay 18.10.2009 20:49.3.2 - NTFSx86 
      Microsoft Windows XP Professional  5.1.2600.3.1254.90.1055.18.2046.1466 [GMT 3:00] 
      Running from: d:\program setupları\AntiVirus Programları\ComboFix\ComboFix.exe 
      AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} 
      FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} 
       
      WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! 
      . 
       
      (((((((((((((((((((((((((   Files Created from 2009-09-18 to 2009-10-18  ))))))))))))))))))))))))))))))) 
      . 
       
      2009-10-17 17:13 . 2009-10-17 17:26	--------	d-----w-	c:\documents and settings\Gorkemay\Application Data\BSplayer PRO 
      2009-10-17 17:13 . 2009-10-17 17:13	--------	d-----w-	c:\program files\Webteh 
      2009-10-17 12:10 . 2009-08-03 10:36	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys 
      2009-10-17 12:10 . 2009-10-17 12:11	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware 
      2009-10-17 12:10 . 2009-08-03 10:36	19096	----a-w-	c:\windows\system32\drivers\mbam.sys 
      2009-10-17 12:06 . 2009-10-17 12:06	--------	d-----w-	c:\program files\ESET 
      2009-10-15 16:28 . 2009-10-15 16:28	--------	d-----w-	c:\program files\MSECache 
      2009-10-15 16:26 . 2009-10-15 16:27	--------	d-----w-	c:\windows\SHELLNEW 
      2009-10-15 16:26 . 2009-10-15 16:26	--------	d-----w-	c:\program files\Microsoft.NET 
      2009-10-15 16:25 . 2009-10-15 16:25	--------	d-----r-	C:\MSOCache 
      2009-10-13 19:22 . 2009-10-13 19:22	--------	d-----w-	c:\documents and settings\Gorkemay\Local Settings\Application Data\O&O 
      2009-10-12 15:59 . 2009-10-13 16:14	--------	d-----w-	c:\program files\Ontrack 
      2009-10-08 17:30 . 2009-10-17 18:57	--------	d---a-w-	c:\program files\JDownloader 0.8 
      2009-10-07 20:10 . 2009-10-07 20:40	--------	d-----w-	c:\program files\Rainmeter 
      2009-10-07 19:55 . 2009-10-07 19:55	--------	d-----w-	c:\documents and settings\Gorkemay\Local Settings\Application Data\Stardock 
      2009-10-07 19:54 . 2009-10-07 19:54	--------	d-----w-	c:\program files\Common Files\Stardock 
      2009-10-06 21:12 . 2005-01-22 16:05	20480	----a-w-	c:\windows\system32\wbload.dll 
      2009-10-06 21:12 . 2009-10-07 19:54	--------	d-----w-	c:\program files\Stardock 
      2009-10-06 21:07 . 2009-10-06 21:07	--------	d-----w-	c:\program files\P2PFilter 
      2009-10-06 20:57 . 2009-10-06 20:57	--------	d-----w-	c:\documents and settings\Gorkemay\Local Settings\Application Data\Readon_Technology 
      2009-10-06 20:54 . 2009-10-06 20:54	--------	d-----w-	c:\documents and settings\Gorkemay\Local Settings\Application Data\TVU Networks 
      2009-10-06 20:54 . 2009-10-06 20:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\TVU Networks 
      2009-10-06 20:52 . 2009-10-06 20:52	--------	d-----w-	c:\documents and settings\Gorkemay\LocalLow 
      2009-10-03 11:22 . 2009-10-03 11:22	--------	d-----w-	c:\documents and settings\Gorkemay\Application Data\Office Genuine Advantage 
      2009-10-03 11:00 . 2009-10-03 11:01	--------	d-----w-	c:\documents and settings\Gorkemay\Local Settings\Application Data\RcIncidents 
      2009-10-03 10:50 . 2009-10-03 10:50	--------	d-----w-	c:\documents and settings\All Users\Application Data\Office Genuine Advantage 
      2009-10-02 20:13 . 2009-10-02 20:13	--------	d-----w-	c:\program files\Microsoft Silverlight 
      2009-10-02 20:12 . 2009-10-02 20:12	--------	d-----w-	c:\program files\Microsoft 
      2009-10-01 19:18 . 2009-10-01 19:18	--------	dc-h--w-	c:\windows\ie8 
      2009-09-29 21:22 . 2001-08-17 17:57	16128	-c--a-w-	c:\windows\system32\dllcache\modemcsa.sys 
      2009-09-29 21:22 . 2001-08-17 17:57	16128	----a-w-	c:\windows\system32\drivers\MODEMCSA.sys 
      2009-09-29 21:19 . 2009-09-29 21:19	364544	----a-w-	c:\windows\system32\sm56co81.dll 
      2009-09-29 21:17 . 2009-09-29 21:17	9728	----a-w-	c:\windows\system32\RtNicProp32.dll 
       
      . 
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) 
      . 
      2009-10-18 17:47 . 2008-06-22 19:51	--------	d-----w-	c:\documents and settings\Gorkemay\Application Data\DMCache 
      2009-10-18 14:32 . 2008-06-22 19:51	--------	d-----w-	c:\documents and settings\Gorkemay\Application Data\IDM 
      2009-10-17 23:02 . 2008-06-23 19:51	--------	d-----w-	c:\program files\Proxy Switcher Standard 
      2009-10-17 15:38 . 2008-06-22 20:59	5	-c--a-w-	c:\windows\system32\SySMP3CutJoin.dat 
      2009-10-17 10:18 . 2008-06-22 20:58	--------	d-----w-	c:\program files\FlashGet 
      2009-10-15 17:04 . 2008-06-21 17:07	48200	----a-w-	c:\documents and settings\Gorkemay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 
      2009-10-13 16:14 . 2008-06-21 17:36	--------	d--h--w-	c:\program files\InstallShield Installation Information 
      2009-10-10 20:29 . 2009-09-26 13:34	--------	d-----w-	c:\program files\Opera 
      2009-10-10 18:43 . 2009-07-04 18:03	--------	d-----w-	c:\documents and settings\Gorkemay\Application Data\Uniblue 
      2009-10-10 18:43 . 2009-07-04 18:03	--------	d-----w-	c:\documents and settings\All Users\Application Data\DriverScanner 
      2009-10-10 18:34 . 2009-09-29 19:45	--------	d-----w-	c:\program files\Driver Checker 
      2009-10-09 20:47 . 2008-04-15 09:30	82184	----a-w-	c:\windows\system32\perfc01F.dat 
      2009-10-09 20:47 . 2008-04-15 09:30	430412	----a-w-	c:\windows\system32\perfh01F.dat 
      2009-10-04 17:23 . 2009-07-05 16:12	--------	d-----w-	c:\program files\Messenger Plus! Live 
      2009-09-29 21:19 . 2008-06-21 17:49	1090304	----a-w-	c:\windows\system32\drivers\smserial.sys 
      2009-09-29 21:18 . 2006-05-12 10:13	156816	----a-w-	c:\windows\system32\drivers\btwdndis.sys 
      2009-09-29 21:18 . 2008-06-22 21:12	4202496	----a-w-	c:\windows\system32\drivers\NETw5x32.sys 
      2009-09-29 21:17 . 2008-06-21 17:36	117888	----a-w-	c:\windows\system32\drivers\Rtenicxp.sys 
      2009-09-29 21:17 . 2006-05-12 10:21	534568	----a-w-	c:\windows\system32\drivers\btaudio.sys 
      2009-09-29 21:17 . 2008-06-21 17:44	77824	----a-w-	c:\windows\SOUNDMAN.EXE 
      2009-09-29 21:17 . 2008-06-21 17:44	1206816	----a-w-	c:\windows\RtlUpd.exe 
      2009-09-29 21:17 . 2008-06-21 17:44	9715200	----a-w-	c:\windows\RTLCPL.EXE 
      2009-09-29 21:17 . 2008-06-21 17:44	5029376	----a-w-	c:\windows\system32\drivers\RtkHDAud.sys 
      2009-09-29 21:17 . 2008-06-21 17:44	17508864	----a-w-	c:\windows\RTHDCPL.EXE 
      2009-09-29 21:17 . 2009-07-11 23:01	57344	----a-w-	c:\windows\ALCMTR.EXE 
      2009-09-29 21:17 . 2008-06-21 17:44	2808832	----a-w-	c:\windows\ALCWZRD.EXE 
      2009-09-29 21:17 . 2008-06-21 17:44	2168320	----a-w-	c:\windows\MicCal.exe 
      2009-09-29 21:14 . 2006-05-12 10:17	37160	----a-w-	c:\windows\system32\drivers\btport.sys 
      2009-09-29 19:47 . 2008-06-22 19:59	--------	d-----w-	c:\documents and settings\All Users\Application Data\ESET 
      2009-09-29 19:32 . 2009-09-29 19:32	--------	d-----w-	c:\documents and settings\Gorkemay\Application Data\Thinstall 
      2009-09-27 16:57 . 2009-09-26 23:15	--------	d-----w-	c:\documents and settings\Gorkemay\Application Data\Ventrilo 
      2009-09-26 22:54 . 2009-09-26 22:54	--------	d-----w-	c:\program files\Softnyx 
      2009-09-18 21:40 . 2009-07-04 18:13	--------	d-----w-	c:\program files\AGEIA Technologies 
      2009-09-15 20:34 . 2009-09-15 20:34	131	----a-w-	c:\documents and settings\Gorkemay\Local Settings\Application Data\fusioncache.dat 
      2009-09-12 22:34 . 2009-09-12 22:34	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple Computer 
      2009-09-12 22:29 . 2009-09-12 22:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 
      2009-09-12 21:10 . 2009-09-12 21:10	--------	d-----w-	c:\program files\ImTOO 
      2009-08-25 20:19 . 2009-08-25 20:19	117008	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 
      2009-08-20 17:36 . 2009-08-20 17:35	--------	d-----w-	c:\program files\VDOWNLOADER 
      2009-08-05 09:00 . 2008-04-15 09:30	204800	----a-w-	c:\windows\system32\mswebdvd.dll 
      2009-08-03 12:07 . 2009-08-03 12:07	403816	----a-w-	c:\windows\system32\OGACheckControl.dll 
      2009-08-03 12:07 . 2009-08-03 12:07	322928	----a-w-	c:\windows\system32\OGAAddin.dll 
      2009-08-03 12:07 . 2009-08-03 12:07	230768	----a-w-	c:\windows\system32\OGAEXEC.exe 
      2009-07-26 13:44 . 2009-07-26 13:44	48448	----a-w-	c:\windows\system32\sirenacm.dll 
      2009-07-25 02:23 . 2008-06-22 19:31	411368	-c--a-w-	c:\windows\system32\deploytk.dll 
      2009-07-21 16:46 . 2009-07-19 16:43	81984	----a-w-	c:\windows\system32\bdod.bin 
      . 
       
      ------- Sigcheck ------- 
       
      [-] 2009-06-22 . E47D77A2F5D64974D9B6724552EB44AD . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll 
      . 
      (((((((((((((((((((((((((((((   SnapShot@2009-10-17_10.39.14   ))))))))))))))))))))))))))))))))))))))))) 
      . 
      + 2008-03-01 01:56 . 2008-03-01 01:56	54280              c:\windows\system32\drivers\epfwtdi.sys 
      + 2008-03-01 01:56 . 2008-03-01 01:56	30728              c:\windows\system32\drivers\epfwndis.sys 
      + 2008-03-01 01:56 . 2008-03-01 01:56	71176              c:\windows\system32\drivers\epfw.sys 
      + 2008-03-01 01:53 . 2008-03-01 01:53	29704              c:\windows\system32\drivers\easdrv.sys 
      + 2008-03-01 01:52 . 2008-03-01 01:52	39944              c:\windows\system32\drivers\eamon.sys 
      + 2009-10-17 12:06 . 2009-10-17 12:06	10134              c:\windows\Installer\{6ECB944F-D027-4E8A-9906-70E77C005AD5}\callmsi.exe 
      + 2009-10-17 12:06 . 2009-10-17 12:06	826368              c:\windows\Installer\3964c.msi 
      + 2009-10-17 12:06 . 2009-10-17 12:06	140544              c:\windows\Installer\{6ECB944F-D027-4E8A-9906-70E77C005AD5}\egui.exe 
      . 
      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) 
      . 
      . 
      *Note* empty entries & legit default entries are not shown  
      REGEDIT4 
       
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-10-02 3883856] 
      "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-07-28 1360304] 
      "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] 
      "PSwitch"="c:\program files\Proxy Switcher Standard\ProxySwitcher.exe" [2007-01-17 1302528] 
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] 
      "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744] 
      "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-09-29 1208320] 
      "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384] 
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] 
      "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] 
      "CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920] 
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] 
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] 
      "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072] 
      "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-08-03 419088] 
      "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208] 
      "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-09-29 17508864] 
       
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] 
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] 
       
      c:\documents and settings\Gorkemay\Start Menu\Programlar\BaŸlang‡\ 
      Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] 
      Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2006-1-21 118784] 
      Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-10-7 3450608] 
       
      c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\ 
      Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693] 
       
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 
      2006-10-09 17:38	69120	----a-r-	c:\program files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll 
       
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] 
      Notification Packages	REG_MULTI_SZ   	scecli ASWLNPkg 
       
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] 
      "EnableFirewall"= 0 (0x0) 
       
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] 
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"= 
      "%windir%\\system32\\sessmgr.exe"= 
      "c:\\Program Files\\FlashGet\\FlashGet.exe"= 
      "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= 
      "c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= 
      "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= 
      "c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"= 
      "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= 
      "c:\\Program Files\\Team JPN\\Race Driver GRID\\GRID.exe"= 
      "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"= 
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= 
      "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= 
      "c:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe"= 
       
      R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [15.04.2008 12:30 14336] 
      R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [15.04.2008 12:30 14336] 
      R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 08:21 468224] 
      R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17.10.2009 15:11 232720] 
      R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17.10.2009 15:10 19096] 
       
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] 
      Cognizance	REG_MULTI_SZ   	ASBroker ASChannel 
      . 
      Contents of the 'Scheduled Tasks' folder 
       
      2009-10-18 c:\windows\Tasks\OGALogon.job 
      - c:\windows\system32\OGAEXEC.exe [2009-08-03 12:07] 
      . 
      . 
      ------- Supplementary Scan ------- 
      . 
      uStart Page = hxxp://www.google.com.tr/ 
      uInternet Settings,ProxyOverride = <local> 
      IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm 
      IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm 
      IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm 
      IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm 
      IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm 
      IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
      IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm 
      TCP: {357112BE-786F-4BC2-9942-2D4C8DDED86F} = 4.2.2.2,4.2.2.3 
      FF - ProfilePath - c:\documents and settings\Gorkemay\Application Data\Mozilla\Firefox\Profiles\zred58hv.default\ 
      FF - component: c:\documents and settings\Gorkemay\Application Data\IDM\idmmzcc2\components\idmmzcc.dll 
      FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ 
      . 
       
      ************************************************************************** 
       
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net 
      Rootkit scan 2009-10-18 20:54 
      Windows 5.1.2600 Service Pack 3 NTFS 
       
      scanning hidden processes ...   
       
      scanning hidden autostart entries ...  
       
      scanning hidden files ...   
       
      scan completed successfully 
      hidden files: 0 
       
      ************************************************************************** 
      . 
      --------------------- LOCKED REGISTRY KEYS --------------------- 
       
      [HKEY_USERS\S-1-5-21-1417001333-1993962763-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] 
      @Denied: (Full) (LocalSystem) 
       
      [HKEY_USERS\S-1-5-21-1417001333-1993962763-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{810294B6-9041-2C80-EEA9-851D36E93224}*] 
      @Allowed: (Read) (RestrictedCode) 
      @Allowed: (Read) (RestrictedCode) 
      "abhefdeoippggmfokmghlncohkoidpgpmo"=hex:69,61,69,66,6b,6f,67,65,6b,6e,69,64, 
         64,69,6f,64,6d,6f,00,00 
      "makeiaghikenkkcjddehjfidjp"=hex:6f,61,68,67,70,6c,6c,61,6d,65,63,6c,62,6e,6d, 
         6a,6e,68,69,6b,6b,66,68,6c,6f,70,64,6f,61,68,00,00 
       
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] 
      @Denied: (Full) (Everyone) 
      "scansk"=hex(0):c6,06,fa,f1,c6,91,29,b6,62,62,68,2c,12,ec,74,8e,90,0f,71,5a,8c, 
         27,f1,a0,93,89,ef,a4,65,4c,db,e4,b8,e0,35,32,4e,99,03,5e,00,00,00,00,00,00,\ 
       
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c2a65f5a-5faa-4510-9f79-4e0c4922a511}] 
      @Denied: (Full) (Everyone) 
      "Model"=dword:000000c0 
      "Therad"=dword:0000000f 
       
      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] 
      "OODEFRAG12.00.00.01PROFESSIONAL"="5EC2ACEE88C1CA7646AEB73495639CD43F434549B9EDA4113EB86CB7F9F7440F5EE0BDA0E77C81E5767472C47D4A2D52FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34528EDD5E5BE2F6E6678EDD5E5BE2F6E667C03B0990E99516C62102B7524C4AE40C5593CA635132D294EA5746894CF80701C05C106642342DF017979D874D5BA5702F08A6C2FE03493D0596E9DE61EEAF610A508B937BF2140F7D71EF5574A23F5AC93F3D71B2D00ABC7BA85A7B1FE3EA6943488986EC7290F104A48E3772331639FAD0E09917453DBBEE4EF8D54933BF20F3C6A1A20EE12C1DBC195F1B9836D4AEFE2B69D6759ACC1A63192E54434FFB420AA5693CFE89B44A9D8C4C65DF646990731132B740A269E9C0EF665715BCAE3D570F011E00433AE5820EC36CE18E87675E1797C189C006F0D28D902DED942C3691848686F77C9210288336FA5D18237026A77EEB8A6ED82B4C81A01C1D040C05D0D79EA6F039D59C322619CFB576761E957F4BA39EB65CC4BFAD0FDC18CD2C3394307325170EE295A582689F713882165C31EA4844BA51A3A749D51D77C5AB82BC8CB11BBE26D8376E789E8FBB7906310FA24AAC22AE3B5B5D5F74FCF755EDE58DB90898DCBF1FEF5A3E40BCE2EE89FD238D5D1B7EDA5FB7234E7091FB7A9B83335E2D1E8A2C5DE69B5BD033DA6056BC74009ACDC51BCA379C49D0638646A238B96F582286D30173C7ACDAF7BA28796343DA7B75075FCA0CD3562071C05E301392B9C68EB2AEBA235B64EB03BB35C69B33D480B5F6AC741D33506F2BF77ABAD8925C3A41944C81B4B30516BDBD8B54434AF62A27EC1B1E058CE652751EE8797FF34D750CD64F0C1E92E96E074443FA6B759F015566576291131CDEAA460BE732D352413646ECD9861FBD0FB2F4855A59027F0EC001A121466047B1172BD647D1B3876B78D46F2A4C630294871C935308269E615D81CC7C596F92EAFAA8541C71785DC481193682FE4F0C22C028408C2277548C135142DCB4227D2E8C3EA02DD86C97A072CDB22D6332045C8C2A71700DF14FA73E797E6CF7BCD9A27493ED07823D4CD862CEEAB6F0C4666D8EDB242DDA73124CADAC129B74664FF34F7082FA9F7AE9C9DB207A6FD5A184035E17E6B4D6C1F119A6BCA09B31AC57512EC1B41C929A2ED3DA668DEDF145844E865A5D3D7E039831E0A2E165687F43EF1797744273F72EDAD2EAE80AD8145C0586C8BE410343033A887AA3340A33B2850228C18A8C4FD0C8A91D60E154D2D9E15029557D4AF004603D04C485B6809E4FDC4B32D3DEC0518AB90E60D561AD1F20CB6601F5ECE041511321BA1E4783D10D087EEEC31D53C10F50F3E58B2E321F05D28FB56FB8C8344013DC0C83C2BCE901D762354230" 
      . 
      --------------------- DLLs Loaded Under Running Processes --------------------- 
       
      - - - - - - - > 'winlogon.exe'(1536) 
      c:\program files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll 
      c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll 
       
      - - - - - - - > 'lsass.exe'(1592) 
      c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll 
      c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll 
       
      - - - - - - - > 'explorer.exe'(3244) 
      c:\windows\system32\WININET.dll 
      c:\program files\Stardock\ObjectDock\DockShellHook.dll 
      c:\windows\system32\APSHook.dll 
      c:\progra~1\WINDOW~2\wmpband.dll 
      c:\windows\system32\webcheck.dll 
      c:\windows\system32\WPDShServiceObj.dll 
      c:\windows\system32\PortableDeviceTypes.dll 
      c:\windows\system32\PortableDeviceApi.dll 
      . 
      Completion time: 2009-10-18 20:57 
      ComboFix-quarantined-files.txt  2009-10-18 17:57 
      ComboFix2.txt  2009-10-17 10:41 
       
      Pre-Run: 47.362.256.896 bayt boş 
      Post-Run: 47.414.734.848 bayt boş 
       
      241	--- E O F ---	2009-06-28 08:15




  • quote:

    Orijinalden alıntı: BabyIcey

    Buyrun yeni ComboFix sonuçları :


    Tamamdir su anda bir sorun gozukmuyor.
  • Sorun olmamasına sevindim. Herşey için Teşekkürler.
  • @serji bir problem varmı, sana zahmet bakarmısın? 

    ComboFix 09-10-18.04 - GTR2 19.10.2009 16:23.12.2 - NTFSx86 
      Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1254.90.1055.18.3066.2311 [GMT 3:00] 
      Running from: c:\users\GTR2\Desktop\ComboFix.exe 
      SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} 
       * Created a new restore point 
      . 
       
      (((((((((((((((((((((((((   Files Created from 2009-09-19 to 2009-10-19  ))))))))))))))))))))))))))))))) 
      . 
       
      2009-10-19 13:27 . 2009-10-19 13:27	--------	d-----w-	c:\users\GTR2\AppData\Local\temp 
      2009-10-19 13:27 . 2009-10-19 13:27	--------	d-----w-	c:\users\Public\AppData\Local\temp 
      2009-10-19 13:27 . 2009-10-19 13:27	--------	d-----w-	c:\users\Default\AppData\Local\temp 
      2009-10-19 10:42 . 2009-10-19 10:42	--------	d-----w-	c:\program files\uTorrent 
      2009-10-19 10:41 . 2009-10-19 13:15	--------	d-----w-	c:\users\GTR2\AppData\Roaming\uTorrent 
      2009-10-17 18:26 . 2009-10-17 18:38	--------	d-----w-	c:\program files\RACE 07 Offline 
      2009-10-17 17:06 . 2009-10-17 17:06	--------	d-----w-	c:\program files\Microsoft Silverlight 
      2009-10-17 16:37 . 2009-10-17 16:37	--------	d-----w-	c:\programdata\Codemasters 
      2009-10-17 15:49 . 2009-10-17 15:49	444952	----a-w-	c:\windows\system32\wrap_oal.dll 
      2009-10-17 15:49 . 2009-10-17 15:49	109080	----a-w-	c:\windows\system32\OpenAL32.dll 
      2009-10-17 15:49 . 2009-10-17 15:49	--------	d-----w-	c:\program files\OpenAL 
      2009-10-17 15:27 . 2009-10-17 15:27	--------	d-----w-	c:\program files\Codemasters 
      2009-10-17 11:29 . 2009-10-17 11:30	--------	d-----w-	c:\program files\Valve 
      2009-10-17 11:26 . 2009-10-18 12:12	--------	d-----w-	c:\program files\Counter Strike 1.6 
      2009-10-15 07:49 . 2009-10-15 07:49	--------	d-----w-	c:\program files\Trend Micro 
      2009-10-11 20:12 . 2009-10-14 09:57	--------	d-----w-	c:\programdata\Kaspersky Lab Setup Files 
      2009-10-09 20:13 . 2009-10-09 20:13	--------	d-----w-	c:\program files\AGEIA Technologies 
      2009-10-09 20:13 . 2009-10-09 20:13	--------	d-----w-	c:\windows\system32\AGEIA 
      2009-10-09 11:01 . 2009-10-09 11:01	--------	d-----w-	c:\users\GTR2\AppData\Roaming\Design Science 
      2009-10-09 11:01 . 2009-10-09 11:01	--------	d-----w-	c:\program files\MathType 
      2009-10-08 20:28 . 2009-10-19 12:12	12	----a-w-	c:\windows\bthservsdp.dat 
      2009-10-08 20:26 . 2009-10-08 20:30	--------	d-----w-	c:\users\GTR2\AppData\Roaming\Nokia 
      2009-10-08 20:26 . 2009-10-08 20:29	--------	d-----w-	c:\users\GTR2\AppData\Roaming\PC Suite 
      2009-10-08 20:26 . 2009-10-08 20:29	--------	d-----w-	c:\programdata\PC Suite 
      2009-10-08 20:25 . 2009-10-08 20:25	--------	d-----w-	c:\program files\Common Files\PCSuite 
      2009-10-08 20:25 . 2009-10-08 20:25	--------	d-----w-	c:\program files\Common Files\Nokia 
      2009-10-08 20:25 . 2009-10-08 20:25	--------	d-----w-	c:\program files\DIFX 
      2009-10-08 20:25 . 2007-09-17 12:53	21632	----a-w-	c:\windows\system32\drivers\pccsmcfd.sys 
      2009-10-08 20:24 . 2009-10-08 20:25	--------	dc----w-	c:\windows\system32\DRVSTORE 
      2009-10-08 20:24 . 2009-10-08 20:24	--------	d-----w-	c:\program files\PC Connectivity Solution 
      2009-10-08 20:23 . 2008-05-07 04:38	90624	----a-w-	c:\windows\system32\nmwcdcls.dll 
      2009-10-08 20:23 . 2009-10-08 20:25	--------	d-----w-	c:\program files\Nokia 
      2009-10-08 20:22 . 2009-10-08 20:22	--------	d-----w-	c:\programdata\Installations 
      2009-10-05 20:23 . 2009-10-05 20:31	--------	d-----w-	c:\program files\Electronic Arts 
      2009-10-03 13:49 . 2009-10-03 13:49	--------	d-----w-	c:\programdata\Zbshareware Lab 
      2009-10-03 13:43 . 2009-10-07 23:55	--------	d-----w-	c:\program files\USB Disk Security 
      2009-10-02 17:23 . 2009-09-27 13:12	170600	----a-w-	c:\windows\system32\nvcod167.dll 
      2009-10-02 14:56 . 2009-10-02 14:56	--------	d-----w-	c:\programdata\Messenger Plus! 
      2009-10-02 14:54 . 2009-10-02 14:54	--------	d-----w-	c:\program files\Messenger Plus! Live 
      2009-09-30 19:35 . 2009-09-30 19:35	--------	d-----w-	c:\programdata\KONAMI 
      2009-09-30 19:29 . 2009-09-30 19:29	--------	d-----w-	c:\program files\KONAMI 
      2009-09-29 01:19 . 2009-09-29 01:19	--------	d-----w-	c:\users\GTR2\AppData\Roaming\Malwarebytes 
      2009-09-29 01:19 . 2009-09-10 11:53	19160	----a-w-	c:\windows\system32\drivers\mbam.sys 
      2009-09-29 01:19 . 2009-09-10 11:54	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys 
      2009-09-29 01:19 . 2009-09-29 01:20	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware 
      2009-09-29 01:19 . 2009-09-29 01:19	--------	d-----w-	c:\programdata\Malwarebytes 
      2009-09-29 01:05 . 2009-08-16 15:08	178176	----a-w-	c:\windows\system32\unrar.dll 
      2009-09-29 01:05 . 2009-05-29 21:37	205824	----a-w-	c:\windows\system32\xvidvfw.dll 
      2009-09-29 01:05 . 2009-05-29 21:31	881664	----a-w-	c:\windows\system32\xvidcore.dll 
      2009-09-29 01:05 . 2004-01-25 16:18	217088	----a-w-	c:\windows\system32\yv12vfw.dll 
      2009-09-29 01:05 . 2009-06-02 16:11	85504	----a-w-	c:\windows\system32\ff_vfw.dll 
      2009-09-29 01:05 . 2009-09-29 20:37	--------	d-----w-	c:\program files\K-Lite Codec Pack 
      2009-09-29 00:47 . 2009-09-29 00:47	--------	d-----w-	c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP 
      2009-09-28 21:02 . 2009-10-09 20:12	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard 
      2009-09-28 20:56 . 2009-06-04 15:43	330264	----a-w-	c:\windows\system32\drivers\iaStor.sys 
      2009-09-25 22:37 . 2009-09-25 22:37	--------	d-----w-	c:\users\GTR2\AppData\Local\NVIDIA Corporation 
      2009-09-25 22:36 . 2009-09-28 21:01	--------	d-----w-	c:\program files\NVIDIA Corporation 
      2009-09-25 22:16 . 2009-10-08 21:36	--------	d-----w-	c:\programdata\Electronic Arts 
      2009-09-24 18:57 . 2009-09-24 18:57	--------	d-----w-	c:\programdata\pdf995 
      2009-09-24 18:57 . 2009-09-24 19:02	51716	----a-w-	c:\windows\system32\pdf995mon.dll 
      2009-09-24 18:57 . 2009-09-24 19:02	249856	----a-w-	c:\windows\system32\pdfmona.dll 
      2009-09-24 18:57 . 2009-09-24 18:57	--------	d-----w-	c:\program files\pdf995 
      2009-09-24 07:38 . 2009-10-09 18:04	103128	----a-w-	c:\users\GTR2\AppData\Local\GDIPFONTCACHEV1.DAT 
      2009-09-22 20:32 . 2009-09-22 20:32	--------	d-----w-	c:\users\GTR2\AppData\Roaming\Media Player Classic 
      2009-09-22 20:31 . 2004-01-11 22:00	348160	----a-w-	c:\windows\system32\msvcr71.dll 
      2009-09-22 20:31 . 2003-03-19 03:14	499712	----a-w-	c:\windows\system32\msvcp71.dll 
      2009-09-19 22:39 . 2009-09-19 22:39	--------	d-----w-	c:\users\GTR2\AppData\Roaming\Thinstall 
      2009-09-19 22:39 . 2009-09-19 22:39	--------	d-----w-	c:\users\GTR2\AppData\Local\Thinstall 
       
      . 
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) 
      . 
      2009-10-19 13:17 . 2008-04-24 01:32	590098	----a-w-	c:\windows\system32\perfh01F.dat 
      2009-10-19 13:17 . 2008-04-24 01:32	115340	----a-w-	c:\windows\system32\perfc01F.dat 
      2009-10-19 13:11 . 2009-09-15 22:19	190118	----a-w-	c:\programdata\nvModes.dat 
      2009-10-17 15:27 . 2009-09-15 16:19	--------	d--h--w-	c:\program files\InstallShield Installation Information 
      2009-10-08 21:39 . 2009-09-18 17:10	--------	d-----w-	c:\program files\Ubisoft 
      2009-10-08 21:37 . 2009-09-18 17:19	--------	d-----w-	c:\programdata\Media Center Programs 
      2009-10-08 21:35 . 2009-09-15 22:19	--------	d-----w-	c:\programdata\NVIDIA 
      2009-10-08 20:29 . 2009-10-08 20:29	0	---ha-w-	c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf 
      2009-09-19 12:31 . 2009-09-19 12:31	--------	d-----w-	c:\program files\DK 
      2009-09-19 12:29 . 2009-09-15 16:20	--------	d-----w-	c:\program files\Common Files\InstallShield 
      2009-09-19 00:01 . 2009-09-19 00:01	163840	----a-w-	c:\windows\system32\nvcod165.dll 
      2009-09-18 19:50 . 2009-09-18 19:50	--------	d-----w-	c:\users\GTR2\AppData\Roaming\Ubisoft 
      2009-09-18 17:20 . 2009-09-18 17:20	108144	----a-w-	c:\windows\system32\CmdLineExt.dll 
      2009-09-18 17:20 . 2009-09-18 17:20	--------	d--h--r-	c:\users\GTR2\AppData\Roaming\SecuROM 
      2009-09-17 11:50 . 2009-09-15 22:14	485992	----a-w-	c:\windows\system32\NVUNINST.EXE 
      2009-09-16 00:55 . 2009-09-15 23:07	--------	d-----w-	c:\program files\The KMPlayer 
      2009-09-16 00:45 . 2009-09-16 00:29	--------	d-----w-	c:\program files\GTR2 
      2009-09-16 00:29 . 2009-09-15 23:21	--------	d-----w-	c:\users\GTR2\AppData\Roaming\DAEMON Tools Lite 
      2009-09-16 00:25 . 2009-09-16 00:25	--------	d-----w-	c:\programdata\DAEMON Tools Lite 
      2009-09-16 00:25 . 2009-09-16 00:25	--------	d-----w-	c:\program files\DAEMON Tools Toolbar 
      2009-09-16 00:25 . 2009-09-16 00:25	--------	d-----w-	c:\program files\DAEMON Tools Lite 
      2009-09-15 23:37 . 2009-09-15 23:37	411368	----a-w-	c:\windows\system32\deploytk.dll 
      2009-09-15 23:37 . 2009-09-15 23:37	--------	d-----w-	c:\program files\Java 
      2009-09-15 23:32 . 2009-09-15 23:32	--------	d-----w-	c:\program files\Microsoft 
      2009-09-15 23:32 . 2009-09-15 23:31	--------	d-----w-	c:\program files\Windows Live 
      2009-09-15 23:31 . 2009-09-15 23:31	--------	d-----w-	c:\program files\Windows Live SkyDrive 
      2009-09-15 23:24 . 2009-09-15 23:24	--------	d-----w-	c:\program files\Common Files\Windows Live 
      2009-09-15 23:21 . 2009-09-15 23:21	721904	----a-w-	c:\windows\system32\drivers\sptd.sys 
      2009-09-15 22:48 . 2009-09-15 22:48	--------	d-----w-	c:\program files\Nero 
      2009-09-15 22:48 . 2009-09-15 22:48	--------	d-----w-	c:\program files\Common Files\Nero 
      2009-09-15 22:48 . 2009-09-15 22:48	--------	d-----w-	c:\programdata\Nero 
      2009-09-15 22:41 . 2009-09-15 22:41	--------	d-----w-	c:\program files\Common Files\Adobe 
      2009-09-15 22:26 . 2009-09-15 22:26	--------	d-----w-	c:\program files\Microsoft Works 
      2009-09-15 22:26 . 2009-09-15 22:26	--------	d-----w-	c:\program files\Microsoft.NET 
      2009-09-15 22:07 . 2009-09-15 22:07	--------	d-----w-	c:\program files\Winbond Electronics Corporation 
      2009-09-15 22:06 . 2009-09-15 22:06	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf 
      2009-09-15 22:06 . 2009-09-15 22:06	--------	d-----w-	c:\program files\Synaptics 
      2009-09-15 16:22 . 2009-09-15 16:22	--------	d-----w-	c:\program files\CONEXANT 
      2009-09-15 16:20 . 2009-09-15 16:20	319456	----a-w-	c:\windows\DIFxAPI.dll 
      2009-09-15 16:20 . 2009-09-15 16:20	--------	d-----w-	c:\program files\Realtek 
      2009-09-15 16:20 . 2009-09-15 16:20	315392	----a-w-	c:\windows\HideWin.exe 
      2009-09-15 16:19 . 2009-09-15 16:18	--------	d-----w-	c:\program files\Intel 
      2009-09-15 16:19 . 2009-09-15 16:19	--------	d-----w-	c:\users\GTR2\AppData\Roaming\InstallShield 
      2009-09-15 16:14 . 2009-09-15 16:14	--------	d-sh--we	c:\programdata\Templates 
      2009-09-15 16:14 . 2009-09-15 16:14	--------	d-sh--we	c:\programdata\Start Menu 
      2009-09-15 16:14 . 2009-09-15 16:14	--------	d-sh--we	c:\programdata\Sık Kullanılanlar 
      2009-09-15 16:14 . 2009-09-15 16:14	--------	d-sh--we	c:\programdata\Desktop 
      2009-09-15 16:14 . 2009-09-15 16:14	--------	d-sh--we	c:\programdata\Belgeler 
      2009-09-15 16:11 . 2009-09-15 16:11	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 
      2009-08-19 10:35 . 2009-08-19 10:35	991744	----a-w-	c:\windows\system32\nvapi.dll 
      2009-08-19 10:35 . 2009-08-19 10:35	9787488	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys 
      2009-08-19 10:35 . 2009-08-19 10:35	795104	----a-w-	c:\windows\system32\dpinst.exe 
      2009-08-19 10:35 . 2009-08-19 10:35	7660544	----a-w-	c:\windows\system32\nvd3dum.dll 
      2009-08-19 10:35 . 2009-08-19 10:35	678432	----a-w-	c:\windows\system32\nvcuvid.dll 
      2009-08-19 10:35 . 2009-08-19 10:35	485920	----a-w-	c:\windows\system32\nvudisp.exe 
      2009-08-19 10:35 . 2009-08-19 10:35	3197952	----a-w-	c:\windows\system32\nvwgf2um.dll 
      2009-08-19 10:35 . 2009-08-19 10:35	1740800	----a-w-	c:\windows\system32\nvcuda.dll 
      2009-08-19 10:35 . 2009-08-19 10:35	155648	----a-w-	c:\windows\system32\nvcod163.dll 
      2009-08-19 10:35 . 2009-08-19 10:35	155648	----a-w-	c:\windows\system32\nvcod.dll 
      2009-08-19 10:35 . 2009-08-19 10:35	1317408	----a-w-	c:\windows\system32\nvcuvenc.dll 
      2009-08-19 10:35 . 2009-08-19 10:35	10420224	----a-w-	c:\windows\system32\nvoglv32.dll 
      2009-08-18 10:44 . 2009-09-15 16:18	53248	----a-w-	c:\windows\system32\CSVer.dll 
      2009-08-16 21:57 . 2009-08-16 21:57	155648	----a-w-	c:\windows\system32\nvcod162.dll 
      2009-08-14 10:36 . 2009-08-14 10:36	70936	----a-w-	c:\windows\system32\PhysXLoader.dll 
      2009-07-28 13:33 . 2009-09-18 00:56	55656	----a-w-	c:\windows\system32\drivers\avgntflt.sys 
      2009-07-26 13:44 . 2009-07-26 13:44	48448	----a-w-	c:\windows\system32\sirenacm.dll 
      . 
       
      (((((((((((((((((((((((((((((   SnapShot_2009-10-08_22.09.53   ))))))))))))))))))))))))))))))))))))))))) 
      . 
      + 2008-01-21 01:58 . 2009-10-19 13:13	32162              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin 
      + 2006-11-02 13:05 . 2009-10-19 13:13	84132              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin 
      + 2009-09-15 16:17 . 2009-10-19 13:13	10316              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3649195448-3628354541-1046172480-1000_UserData.bin 
      + 2009-08-02 21:21 . 2009-08-02 21:21	23320              c:\windows\System32\PhysXDevice.dll 
      - 2009-09-15 16:15 . 2009-09-20 15:07	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 
      + 2009-09-15 16:15 . 2009-10-10 20:37	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 
      - 2009-09-15 16:15 . 2009-09-20 15:07	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 
      + 2009-09-15 16:15 . 2009-10-10 20:37	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 
      + 2009-09-15 16:15 . 2009-10-10 20:37	16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 
      - 2009-09-15 16:15 . 2009-09-20 15:07	16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 
      + 2009-08-02 21:21 . 2009-08-02 21:21	58648              c:\windows\System32\AgCPanelTraditionalChinese.dll 
      + 2009-08-02 21:21 . 2009-08-02 21:21	58648              c:\windows\System32\AgCPanelSwedish.dll 
      + 2009-08-02 21:21 . 2009-08-02 21:21	58648              c:\windows\System32\AgCPanelSpanish.dll 
      + 2009-08-02 21:21 . 2009-08-02 21:21	58648              c:\windows\System32\AgCPanelSimplifiedChinese.dll 
      + 2009-08-02 21:21 . 2009-08-02 21:21	58648              c:\windows\System32\AgCPanelPortugese.dll 
      + 2009-08-02 21:21 . 2009-08-02 21:21	58648              c:\windows\System32\AgCPanelKorean.dll 
      + 2009-08-02 21:21 . 2009-08-02 21:21	58648              c:\windows\System32\AgCPanelJapanese.dll 
      + 2009-08-02 21:21 . 2009-08-02 21:21	58648              c:\windows\System32\AgCPanelGerman.dll 
      + 2009-08-02 21:21 . 2009-08-02 21:21	58648              c:\windows\System32\AgCPanelFrench.dll 
      + 2009-10-17 17:06 . 2009-10-17 17:06	49664              c:\windows\Installer\7b4800.msi 
      - 2006-11-02 10:25 . 2009-10-08 21:34	86016              c:\windows\inf\infstor.dat 
      + 2006-11-02 10:25 . 2009-10-14 09:57	86016              c:\windows\inf\infstor.dat 
      - 2006-11-02 10:25 . 2009-10-08 21:34	51200              c:\windows\inf\infpub.dat 
      + 2006-11-02 10:25 . 2009-10-14 09:57	51200              c:\windows\inf\infpub.dat 
      - 2009-10-05 20:23 . 2009-10-05 20:23	12800              c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll 
      + 2009-10-17 18:26 . 2009-10-17 18:26	12800              c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll 
      + 2009-10-17 18:26 . 2009-10-17 18:26	53248              c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll 
      - 2009-10-05 20:23 . 2009-10-05 20:23	53248              c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll 
      + 2009-09-17 08:53 . 2009-10-18 16:12	2894              c:\windows\System32\WDI\ERCQueuedResolutions.dat 
      + 2009-10-19 13:11 . 2009-10-19 13:11	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat 
      - 2009-10-08 21:42 . 2009-10-08 21:42	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat 
      - 2009-10-08 21:42 . 2009-10-08 21:42	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat 
      + 2009-10-19 13:11 . 2009-10-19 13:11	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat 
      + 2009-09-21 20:22 . 2009-10-18 12:10	134388              c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin 
      + 2009-09-16 01:09 . 2009-10-09 10:51	223202              c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin 
      + 2009-08-02 21:21 . 2009-08-02 21:21	197912              c:\windows\System32\physxcudart_20.dll 
      + 2009-08-02 21:21 . 2009-08-02 21:21	288024              c:\windows\System32\PhysXCplUI.exe 
      + 2009-08-02 21:21 . 2009-08-02 21:21	288024              c:\windows\System32\PhysXCompatCplUI.exe 
      - 2006-11-02 10:33 . 2009-10-08 21:49	587178              c:\windows\System32\perfh009.dat 
      + 2006-11-02 10:33 . 2009-10-19 13:17	587178              c:\windows\System32\perfh009.dat 
      + 2006-11-02 10:33 . 2009-10-19 13:17	101250              c:\windows\System32\perfc009.dat 
      - 2006-11-02 10:33 . 2009-10-08 21:49	101250              c:\windows\System32\perfc009.dat 
      + 2006-11-02 12:47 . 2009-10-09 18:00	383160              c:\windows\System32\FNTCACHE.DAT 
      + 2009-08-02 21:21 . 2009-08-02 21:21	116977              c:\windows\System32\AGEIA\AG1021\diag.bin 
      + 2009-08-02 21:21 . 2009-08-02 21:21	214629              c:\windows\System32\AGEIA\AG1021\app.bin 
      + 2009-08-02 21:21 . 2009-08-02 21:21	119473              c:\windows\System32\AGEIA\AG1011\diag.bin 
      + 2009-08-02 21:21 . 2009-08-02 21:21	199885              c:\windows\System32\AGEIA\AG1011\app.bin 
      + 2006-11-02 10:25 . 2009-10-14 09:57	143360              c:\windows\inf\infstrng.dat 
      - 2006-11-02 10:25 . 2009-10-08 21:34	143360              c:\windows\inf\infstrng.dat 
      - 2009-10-05 20:23 . 2009-10-05 20:23	223232              c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll 
      + 2009-10-17 18:26 . 2009-10-17 18:26	223232              c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll 
      - 2009-10-05 20:23 . 2009-10-05 20:23	178176              c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll 
      + 2009-10-17 18:26 . 2009-10-17 18:26	178176              c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll 
      - 2009-10-05 20:23 . 2009-10-05 20:23	364544              c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll 
      + 2009-10-17 18:26 . 2009-10-17 18:26	364544              c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll 
      + 2009-10-17 18:26 . 2009-10-17 18:26	159232              c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll 
      - 2009-10-05 20:23 . 2009-10-05 20:23	159232              c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll 
      + 2009-10-17 18:26 . 2009-10-17 18:26	145920              c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll 
      - 2009-10-05 20:23 . 2009-10-05 20:23	145920              c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll 
      - 2009-10-05 20:23 . 2009-10-05 20:23	578560              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll 
      + 2009-10-17 18:26 . 2009-10-17 18:26	578560              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll 
      - 2009-10-05 20:23 . 2009-10-05 20:23	578560              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll 
      + 2009-10-17 18:26 . 2009-10-17 18:26	578560              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll 
      - 2009-10-05 20:23 . 2009-10-05 20:23	577536              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll 
      + 2009-10-17 18:26 . 2009-10-17 18:26	577536              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll 
      - 2009-10-05 20:23 . 2009-10-05 20:23	577536              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll 
      + 2009-10-17 18:26 . 2009-10-17 18:26	577536              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll 
      + 2009-10-17 18:26 . 2009-10-17 18:26	577024              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll 
      - 2009-10-05 20:23 . 2009-10-05 20:23	577024              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll 
      - 2009-10-05 20:23 . 2009-10-05 20:23	576000              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll 
      + 2009-10-17 18:26 . 2009-10-17 18:26	576000              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll 
      - 2009-10-05 20:23 . 2009-10-05 20:23	567296              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll 
      + 2009-10-17 18:26 . 2009-10-17 18:26	567296              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll 
      + 2009-10-17 18:26 . 2009-10-17 18:26	563712              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll 
      - 2009-10-05 20:23 . 2009-10-05 20:23	563712              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll 
      + 2009-10-17 18:26 . 2009-10-17 18:26	473600              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll 
      - 2009-10-05 20:23 . 2009-10-05 20:23	473600              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll 
      + 2009-10-09 20:13 . 2009-10-09 20:13	1500160              c:\windows\Installer\17de5.msi 
      + 2009-10-17 18:26 . 2009-10-17 18:26	2846720              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll 
      - 2009-10-05 20:23 . 2009-10-05 20:23	2846720              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll 
      - 2009-10-05 20:22 . 2009-10-05 20:22	2676224              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll 
      + 2009-10-17 18:26 . 2009-10-17 18:26	2676224              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll 
      + 2009-10-17 17:06 . 2009-10-17 17:06	15709696              c:\windows\Installer\7b4808.msp 
      . 
      -- Snapshot reset to current date -- 
      . 
      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) 
      . 
      . 
      *Note* empty entries & legit default entries are not shown  
      REGEDIT4 
       
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
      "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-10-19 289072] 
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824] 
      "USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2009-10-03 815104] 
      "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-07 6139904] 
       
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] 
      "EnableLUA"= 0 (0x0) 
      "EnableUIADesktopToggle"= 0 (0x0) 
       
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] 
      BootExecute	REG_MULTI_SZ   	autocheck autochk /r \??\I:\0autocheck autochk * 
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] 
      @="Service" 
       
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3649195448-3628354541-1046172480-1000] 
      "EnableNotificationsRef"=dword:00000001 
       
      R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [15.09.2009 19:23 47104] 
      R3 NETw5v32;Windows Vista 32 Bit için Intel(R) Wireless WiFi Link Bağdaştırıcı Sürücüsü ;c:\windows\System32\drivers\NETw5v32.sys [15.09.2009 19:23 3658752] 
      R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [11.05.2009 11:49 64544] 
      R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28.03.2007 07:51 43008] 
      S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [27.09.2009 16:48 240232] 
       
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] 
      bthsvcs	REG_MULTI_SZ   	BthServ 
      . 
      . 
      ------- Supplementary Scan ------- 
      . 
      TCP: {C7168626-1CE3-4412-B94E-762D34289EEA} = 4.2.2.3,4.2.2.4 
      FF - ProfilePath - c:\users\GTR2\AppData\Roaming\Mozilla\Firefox\Profiles\ksv23xc4.default\ 
      FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll 
      . 
       
      ************************************************************************** 
       
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net 
      Rootkit scan 2009-10-19 16:27 
      Windows 6.0.6001 Service Pack 1 NTFS 
       
      scanning hidden processes ...   
       
      scanning hidden autostart entries ...  
       
      scanning hidden files ...   
       
      scan completed successfully 
      hidden files: 0 
       
      ************************************************************************** 
      . 
      --------------------- LOCKED REGISTRY KEYS --------------------- 
       
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] 
      @Denied: (A) (Users) 
      @Denied: (A) (Everyone) 
      @Allowed: (B 1 2 3 4 5) (S-1-5-20) 
      "BlindDial"=dword:00000000 
       
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] 
      @Denied: (A) (Users) 
      @Denied: (A) (Everyone) 
      @Allowed: (B 1 2 3 4 5) (S-1-5-20) 
      "BlindDial"=dword:00000000 
       
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] 
      @Denied: (A) (Users) 
      @Denied: (A) (Everyone) 
      @Allowed: (B 1 2 3 4 5) (S-1-5-20) 
      "BlindDial"=dword:00000000 
      . 
      Completion time: 2009-10-19 16:28 
      ComboFix-quarantined-files.txt  2009-10-19 13:28 
      ComboFix2.txt  2009-10-11 11:07 
      ComboFix3.txt  2009-10-11 10:55 
      ComboFix4.txt  2009-10-10 19:01 
      ComboFix5.txt  2009-10-19 13:23 
       
      Pre-Run: 66.140.078.080 bayt boş 
      Post-Run: 66.222.899.200 bayt boş 
       
      - - End Of File - - 7E8B0C8F286D9025FE5FBCBC181CF2B4




  • Öncelikle iyi forumlar.Gerçekden çok yararlı bir iş yapıyorsunuz sizi can-ı gönülden kutluyorum.Benim Loglarada bir sorun var mı diye bir göz atarsanız sevinirim.
    Ayrıca şöyle bir virüs problemim var;
    HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+

    Teşekkürler. 

     
      Logfile of Trend Micro HijackThis v2.0.2 
      Scan saved at 18:43:09, on 19.10.2009 
      Platform: Windows XP SP3 (WinNT 5.01.2600) 
      MSIE: Internet Explorer v7.00 (7.00.6000.20772) 
      Boot mode: Normal 
       
      Running processes: 
      C:\WINDOWS\System32\smss.exe 
      C:\WINDOWS\system32\winlogon.exe 
      C:\WINDOWS\system32\services.exe 
      C:\WINDOWS\system32\lsass.exe 
      C:\WINDOWS\system32\Ati2evxx.exe 
      C:\WINDOWS\system32\svchost.exe 
      C:\WINDOWS\System32\svchost.exe 
      C:\WINDOWS\system32\Ati2evxx.exe 
      C:\WINDOWS\Explorer.EXE 
      C:\WINDOWS\system32\spoolsv.exe 
      C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe 
      C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe 
      C:\Program Files\Java\jre6\bin\jqs.exe 
      C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe 
      C:\WINDOWS\system32\PnkBstrA.exe 
      C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe 
      C:\WINDOWS\VistaDrive\VistaDrive.exe 
      C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe 
      C:\WINDOWS\SOUNDMAN.EXE 
      C:\Program Files\Java\jre6\bin\jusched.exe 
      C:\WINDOWS\system32\ctfmon.exe 
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE 
      C:\WINDOWS\system32\ctfmon.exe 
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe 
      C:\Documents and Settings\Administrator\Application Data\Thinstall\Registry Repair Wizard\4000001ea00002i\RCHelper.exe 
      C:\Program Files\Java\jre6\bin\javaw.exe 
      C:\Program Files\Windows Live\Messenger\usnsvc.exe 
      D:\x-Fire\Xfire\xfire.exe 
      C:\Program Files\Mozilla Firefox\firefox.exe 
      C:\Program Files\VideoLAN\VLC\vlc.exe 
      C:\Program Files\GRETECH\GomPlayer\GOM.exe 
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c.exe 
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe 
       
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://dt-updates.com/activate?query=suepdxstkEueTWdkMMgUApgTj8J5wc9dIdYJdp3YgP2olZ5yvPKGA4%2fglpvcmHU1%2bSVOMGhwm29Jt9GB4xCArY%2b8jbyNX8NjKD9XgzKH%2fzonNSIVCX5MLWeUHifD8XRvArsrFNw3TKTKvnXjHFlz5oCxz5bgVWZ0hopit4bqX8QcL0acpq%2b1hfK4bjs%2fyu9XvvQ8y5OvDLzHVeBL3rtHGoeOEJAVqL9x1UN2w0K16fruGzq6JWelTMteXHs9xmGdNG6GsKXArzFWlqZ8Z9q3ROV%2fHw3IF3jZ3CIDimI6Vew%3d 
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = PERFECT XP SP3 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar 
      O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll 
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll 
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll 
      O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll 
      O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe 
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice 
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" 
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE 
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" 
      O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto 
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 
      O4 - HKCU\..\Run: [PopRock] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c.exe 
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') 
      O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') 
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
      O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') 
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
      O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') 
      O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe 
      O8 - Extra context menu item: &FlashGet ile indir - C:\Program Files\FlashGet\jc_link.htm 
      O8 - Extra context menu item: &Tümünü FlashGet ile indir - C:\Program Files\FlashGet\jc_all.htm 
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe 
      O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe 
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
      O17 - HKLM\System\CCS\Services\Tcpip\..\{425E52E0-BBB5-428C-ACD2-46F0FE0E1648}: NameServer = 4.2.2.2,4.2.2.4 
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe 
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe 
      O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe 
      O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe 
      O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe 
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe 
      O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe 
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe 
       
      -- 
      End of file - 6920 bytes



    < Bu mesaj bu kişi tarafından değiştirildi Juvixted -- 19 Ekim 2009; 18:46:58 >




  • quote:

    Orijinalden alıntı: serji


    quote:

    Orijinalden alıntı: baba_muhtar

    ComboFix ile tekrar taratip log atar misin?

    yeni combo fix sonuçları 
    ComboFix 09-10-18.06 - @ 19.10.2009 18:15.2.2 - NTFSx86 
      Microsoft Windows XP Home Edition  5.1.2600.3.1254.90.1055.18.511.189 [GMT 3:00] 
      Running from: c:\documents and settings\@\Desktop\ComboFix.exe 
      FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} 
       
      WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! 
      . 
       
      (((((((((((((((((((((((((   Files Created from 2009-09-19 to 2009-10-19  ))))))))))))))))))))))))))))))) 
      . 
       
      2009-10-16 21:17 . 2009-10-16 21:17	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 
      2009-10-16 18:25 . 2009-10-16 18:25	--------	d-----w-	c:\program files\Trend Micro 
      2009-10-14 06:32 . 2009-10-14 06:32	--------	d-----w-	c:\documents and settings\@\Application Data\CheckPoint 
      2009-10-14 06:30 . 2009-10-14 06:30	--------	d-----w-	c:\program files\CheckPoint 
      2009-10-14 06:30 . 2009-10-19 14:51	4212	---ha-w-	c:\windows\system32\zllictbl.dat 
      2009-10-14 06:29 . 2009-10-10 19:42	69000	----a-w-	c:\windows\system32\zlcomm.dll 
      2009-10-14 06:29 . 2009-10-10 19:42	103816	----a-w-	c:\windows\system32\zlcommdb.dll 
      2009-10-14 06:29 . 2009-10-10 19:42	1238408	----a-w-	c:\windows\system32\zpeng25.dll 
      2009-10-14 06:29 . 2009-10-14 06:30	--------	d-----w-	c:\windows\system32\ZoneLabs 
      2009-10-14 06:29 . 2009-10-14 06:29	--------	d-----w-	c:\program files\Zone Labs 
      2009-10-14 06:28 . 2009-10-19 14:54	--------	d-----w-	c:\windows\Internet Logs 
      2009-10-05 18:59 . 2009-10-01 07:29	195440	------w-	c:\windows\system32\MpSigStub.exe 
      2009-10-05 18:46 . 2009-10-05 18:46	--------	d-----w-	c:\documents and settings\@\Local Settings\Application Data\PCHealth 
      2009-10-05 18:46 . 2009-10-05 18:46	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth 
      2009-09-28 08:26 . 2009-09-28 08:29	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\Temp 
      2009-09-24 15:40 . 2009-09-24 15:04	--------	d-----w-	C:\ubuntu 
      2009-09-21 10:25 . 2009-09-21 10:25	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Symantec 
       
      . 
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) 
      . 
      2009-10-18 14:30 . 2009-10-18 14:30	--------	d-----w-	c:\documents and settings\@\Application Data\#ISW.FS# 
      2009-10-18 12:02 . 2009-10-18 11:58	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware 
      2009-10-18 11:58 . 2009-10-18 11:58	--------	d-----w-	c:\documents and settings\@\Application Data\Malwarebytes 
      2009-10-18 11:58 . 2009-10-18 11:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes 
      2009-10-17 13:36 . 2001-11-22 12:00	77968	----a-w-	c:\windows\system32\perfc01F.dat 
      2009-10-17 13:36 . 2001-11-22 12:00	422664	----a-w-	c:\windows\system32\perfh01F.dat 
      2009-10-14 06:17 . 2009-02-27 21:35	--------	d-----w-	c:\program files\FlashGet 
      2009-10-11 15:02 . 2009-04-06 16:16	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple Computer 
      2009-10-11 14:57 . 2009-08-02 15:44	59876	---ha-w-	c:\windows\system32\mlfcache.dat 
      2009-10-10 18:23 . 2009-01-27 14:51	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP 
      2009-10-05 18:43 . 2009-09-16 10:24	--------	d-----w-	c:\documents and settings\All Users\Application Data\Norton 
      2009-09-28 08:30 . 2008-11-15 14:44	--------	d-----w-	c:\program files\Google 
      2009-09-19 12:39 . 2009-09-19 12:39	--------	d-----w-	c:\program files\Wondershare 
      2009-09-18 16:20 . 2008-12-10 19:59	--------	d-----w-	c:\program files\Rockstar Games 
      2009-09-18 16:20 . 2008-11-15 13:18	--------	d--h--w-	c:\program files\InstallShield Installation Information 
      2009-09-17 20:16 . 2009-09-16 10:24	--------	d-----w-	c:\documents and settings\All Users\Application Data\Symantec 
      2009-09-16 10:23 . 2009-09-16 10:23	--------	d-----w-	c:\documents and settings\All Users\Application Data\NortonInstaller 
      2009-09-14 20:01 . 2009-08-13 18:54	--------	d-----w-	c:\program files\TrackMania Nations ESWC Special Edition 
      2009-09-11 20:02 . 2008-11-15 14:55	--------	d-----w-	c:\program files\Microsoft.NET 
      2009-09-11 14:18 . 2001-11-22 12:00	136192	----a-w-	c:\windows\system32\msv1_0.dll 
      2009-09-10 22:43 . 2009-05-26 14:03	--------	d-----w-	c:\program files\Microsoft Silverlight 
      2009-09-10 11:54 . 2009-10-18 11:58	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys 
      2009-09-10 11:53 . 2009-10-18 11:58	19160	----a-w-	c:\windows\system32\drivers\mbam.sys 
      2009-09-09 14:21 . 2009-08-02 13:22	--------	d-----w-	c:\program files\Opera 
      2009-09-08 15:31 . 2009-09-08 14:24	--------	d-----w-	c:\program files\Icons from File 
      2009-09-07 19:33 . 2009-09-07 19:33	--------	d-----w-	c:\program files\Resco 
      2009-09-07 19:32 . 2008-11-21 18:06	--------	d-----w-	c:\program files\Microsoft ActiveSync 
      2009-09-05 17:04 . 2009-09-05 17:04	--------	d-----w-	c:\documents and settings\@\Application Data\Uniblue 
      2009-09-05 14:41 . 2008-11-15 15:09	--------	d-----w-	c:\documents and settings\@\Application Data\Skype 
      2009-09-04 21:04 . 2001-11-22 12:00	58880	----a-w-	c:\windows\system32\msasn1.dll 
      2009-09-03 22:56 . 2009-06-19 14:00	--------	d-----w-	c:\program files\Extra Screen Capture Pro 
      2009-09-02 14:04 . 2009-09-02 14:01	--------	d-----w-	c:\program files\MagicISO 
      2009-09-01 15:57 . 2009-04-10 19:32	--------	d-----w-	c:\documents and settings\All Users\Application Data\Zoom Player 
      2009-09-01 15:56 . 2008-11-15 14:42	--------	d-----w-	c:\documents and settings\@\Application Data\BSplayer Pro 
      2009-09-01 13:30 . 2009-06-20 11:59	--------	d-----w-	c:\program files\3D Image Commander 
      2009-09-01 12:46 . 2009-09-01 12:46	--------	d-----w-	c:\program files\AVG 
      2009-08-30 16:28 . 2009-02-21 20:50	--------	d-----w-	c:\documents and settings\@\Application Data\Audacity 
      2009-08-30 14:16 . 2009-08-30 14:16	--------	d-----w-	c:\program files\Foto-Mosaik-Edda 
      2009-08-30 14:05 . 2009-08-30 13:57	--------	d-----w-	c:\program files\Darkest of Days 
      2009-08-30 14:02 . 2009-08-30 13:47	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard 
      2009-08-30 14:01 . 2009-08-30 13:47	--------	d-----w-	c:\program files\AGEIA Technologies 
      2009-08-30 13:59 . 2009-08-30 13:59	--------	d-----w-	c:\program files\OpenAL 
      2009-08-30 13:59 . 2009-08-30 13:59	444952	----a-w-	c:\windows\system32\wrap_oal.dll 
      2009-08-30 13:59 . 2009-08-30 13:59	109080	----a-w-	c:\windows\system32\OpenAL32.dll 
      2009-08-29 18:39 . 2009-08-13 19:32	--------	d-----w-	c:\documents and settings\All Users\Application Data\nView_Profiles 
      2009-08-29 18:32 . 2008-11-15 14:08	77104	----a-w-	c:\documents and settings\@\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 
      2009-08-29 17:56 . 2009-08-29 17:56	--------	d-----w-	c:\program files\A4Tech 
      2009-08-29 07:56 . 2001-11-22 12:00	916480	------w-	c:\windows\system32\wininet.dll 
      2009-08-26 08:01 . 2001-11-22 12:00	247326	----a-w-	c:\windows\system32\strmdll.dll 
      2009-08-23 20:40 . 2009-05-27 09:05	--------	d-----w-	c:\program files\Falco Watcher 
      2009-08-23 16:28 . 2009-04-10 19:30	--------	d-----w-	c:\program files\Quintessential Media Player 
      2009-08-23 14:19 . 2009-08-21 12:37	--------	d-----w-	c:\documents and settings\@\Application Data\Gold Audio Suite 
      2009-08-22 16:28 . 2009-08-22 16:28	--------	d-----w-	c:\documents and settings\@\Application Data\Audio Extractor 
      2009-08-22 14:52 . 2009-08-22 14:52	--------	d-----w-	c:\program files\Pointstone 
      2009-08-21 12:37 . 2009-08-21 12:37	--------	d-----w-	c:\program files\Gold Audio Suite 
      2009-08-06 16:24 . 2008-11-15 13:34	327896	----a-w-	c:\windows\system32\wucltui.dll 
      2009-08-06 16:24 . 2007-07-30 17:19	209632	----a-w-	c:\windows\system32\wuweb.dll 
      2009-08-06 16:24 . 2008-11-15 13:34	44768	----a-w-	c:\windows\system32\wups2.dll 
      2009-08-06 16:24 . 2008-11-15 13:34	35552	----a-w-	c:\windows\system32\wups.dll 
      2009-08-06 16:24 . 2008-11-15 13:07	53472	------w-	c:\windows\system32\wuauclt.exe 
      2009-08-06 16:24 . 2001-11-22 12:00	96480	----a-w-	c:\windows\system32\cdm.dll 
      2009-08-06 16:23 . 2008-11-15 13:34	575704	----a-w-	c:\windows\system32\wuapi.dll 
      2009-08-06 16:23 . 2009-04-29 15:18	274288	----a-w-	c:\windows\system32\mucltui.dll 
      2009-08-06 16:23 . 2009-04-29 15:18	215920	----a-w-	c:\windows\system32\muweb.dll 
      2009-08-06 16:23 . 2008-11-15 13:07	1929952	----a-w-	c:\windows\system32\wuaueng.dll 
      2009-08-05 09:00 . 2001-11-22 12:00	204800	----a-w-	c:\windows\system32\mswebdvd.dll 
      2009-08-04 17:27 . 2001-11-22 12:00	2147328	------w-	c:\windows\system32\ntoskrnl.exe 
      2009-08-04 17:27 . 2001-11-21 20:00	2025984	------w-	c:\windows\system32\ntkrnlpa.exe 
      2009-08-04 16:52 . 2009-08-04 16:52	1193832	----a-w-	c:\windows\system32\FM20.DLL 
      . 
       
      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) 
      . 
      . 
      *Note* empty entries & legit default entries are not shown  
      REGEDIT4 
       
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
      "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1211176] 
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] 
      "USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-05-28 81920] 
      "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] 
      "WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 241664] 
      "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496] 
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] 
      "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-10 1037192] 
      "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-09 730480] 
      "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] 
      "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824] 
      "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208] 
      "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] 
       
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] 
      "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] 
       
      c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\ 
      AirTies ADSL Hizmet Program.lnk - c:\program files\AirTies\ADSL Hizmet Program\AirTies_util3.exe [2008-11-15 3655168] 
       
      [HKLM\~\startupfolder\C:^Documents and Settings^@^Start Menu^Programlar^Başlangıç^Hava Cıva!.lnk] 
      path=c:\documents and settings\@\Start Menu\Programlar\Başlangıç\Hava Cıva!.lnk 
      backup=c:\windows\pss\Hava Cıva!.lnkStartup 
       
      [HKLM\~\startupfolder\C:^Documents and Settings^@^Start Menu^Programlar^Başlangıç^HayatSu.lnk] 
      path=c:\documents and settings\@\Start Menu\Programlar\Başlangıç\HayatSu.lnk 
      backup=c:\windows\pss\HayatSu.lnkStartup 
       
      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^InterVideo WinCinema Manager.lnk] 
      path=c:\documents and settings\All Users\Start Menu\Programlar\Başlangıç\InterVideo WinCinema Manager.lnk 
      backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup 
       
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] 
      "AcrSch2Svc"=2 (0x2) 
      "UleadBurningHelper"=2 (0x2) 
      "idsvc"=3 (0x3) 
      "gupdate1c9864c77218cf6"=2 (0x2) 
       
      [HKEY_LOCAL_MACHINE\software\microsoft\security center] 
      "FirewallOverride"=dword:00000001 
       
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] 
      "DisableMonitoring"=dword:00000001 
       
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] 
      "%windir%\\system32\\sessmgr.exe"= 
      "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager 
      "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager 
      "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application 
      "c:\\Program Files\\TOSHIBA\\Teleport\\Rkb.exe"= 
      "c:\\Program Files\\TOSHIBA\\Teleport\\Rsc.exe"= 
      "c:\\Program Files\\TOSHIBA\\SIPServer\\sipprx.exe"= 
      "c:\\Program Files\\FlashGet\\flashget.exe"= 
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"= 
      "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= 
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= 
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= 
      "c:\\Program Files\\Skype\\Phone\\Skype.exe"= 
      "c:\\Program Files\\AirTies\\ADSL Hizmet Programı\\AirTies_util3.exe"= 
      "c:\\Program Files\\Rockstar Games\\Midnight Club II\\mc2.exe"= 
       
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] 
      "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service 
      "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 
      "2371:TCP"= 2371:TCP:etpnsfno 
       
      R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [28.04.2009 18:59 55152] 
      R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [09.10.2009 15:23 25208] 
      R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [09.10.2009 15:23 476528] 
      R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [10.02.2007 05:04 14336] 
      R3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [22.07.2009 18:25 23096] 
      R3 PhTVTune;LifeView FlyVideo WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [15.11.2008 16:28 19616] 
      R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [19.09.2009 15:40 16640] 
      S3 fsssvc;Windows Live Aile Koruması;c:\program files\Windows Live\Family Safety\fsssvc.exe [06.02.2009 18:08 533360] 
      S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [22.07.2009 18:25 245760] 
      S3 tsusbser;Toshiba TS705 Serial Port;c:\windows\system32\drivers\tsusbser.sys [28.01.2009 20:04 89728] 
      S4 gupdate1c9864c77218cf6;Google Update Service (gupdate1c9864c77218cf6);c:\program files\Google\Update\GoogleUpdate.exe [04.02.2009 01:12 133104] 
       
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs 
      ndlchqadv 
      . 
      . 
      ------- Supplementary Scan ------- 
      . 
      IE: &FlashGet ile indir - c:\program files\FlashGet\jc_link.htm 
      IE: &Tümünü FlashGet ile indir - c:\program files\FlashGet\jc_all.htm 
      IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
      IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm 
      TCP: {CD496969-9A2F-40C6-AA46-D95F7BE2A71D} = 208.67.222.222,208.67.220.220 
      FF - ProfilePath - c:\documents and settings\@\Application Data\Mozilla\Firefox\Profiles\glcijlxt.default\ 
      FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tr/ 
      FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=tr&q= 
      FF - component: c:\documents and settings\@\Application Data\Mozilla\Firefox\Profiles\glcijlxt.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll 
      FF - plugin: c:\documents and settings\@\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll 
      FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll 
      FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll 
      FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll 
      FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll 
      FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll 
      FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll 
      FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll 
      FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ 
      . 
       
      ************************************************************************** 
       
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net 
      Rootkit scan 2009-10-19 18:23 
      Windows 5.1.2600 Service Pack 3 NTFS 
       
      scanning hidden processes ...   
       
      scanning hidden autostart entries ...  
       
      scanning hidden files ...   
       
      scan completed successfully 
      hidden files: 0 
       
      ************************************************************************** 
      . 
      --------------------- LOCKED REGISTRY KEYS --------------------- 
       
      [HKEY_USERS\S-1-5-21-583907252-1425521274-1801674531-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync] 
      "Name"="ActiveSync" 
      "DisplayName"="Microsoft ActiveSync" 
      "Param1"="ActiveSync" 
      "Param2"="" 
      "Type"="wellknown" 
      "Order"=dword:00000000 
      "State"=dword:0000000b 
       
      [HKEY_USERS\S-1-5-21-583907252-1425521274-1801674531-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\DesktopAppInstall\oemDesktop2] 
      "Name"="oemDesktop2" 
      "DisplayName"="GoldKey" 
      "Param1"="EXTRAS\\DESKTOP\\TOSHIBA GoldKey\\setup.exe" 
      "Param2"="" 
      "Type"="createprocess" 
      "Order"=dword:00000000 
      "State"=dword:0000000b 
       
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0FE9758D-999D-5364-A982D9FF5B788FED}\{C0BD10EF-72B8-B20F-55BDE04C7FD39C0B}\{292331AE-173A-E499-B30D8FE5870ABBF2}*] 
      "XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81, 
         12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 
       
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5EB4415E-B969-2C69-DD874BCF6C12CC68}\{3E489D97-A265-F92B-B062A61AC9296970}\{9D75BF9D-92B8-985A-711124B44CF5D523}*] 
      "XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81, 
         12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 
      . 
      --------------------- DLLs Loaded Under Running Processes --------------------- 
       
      - - - - - - - > 'winlogon.exe'(696) 
      c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll 
       
      - - - - - - - > 'lsass.exe'(752) 
      c:\windows\system32\relog_ap.dll 
      c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll 
       
      - - - - - - - > 'explorer.exe'(3732) 
      c:\windows\system32\WININET.dll 
      c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll 
      c:\progra~1\WINDOW~3\wmpband.dll 
      c:\windows\system32\webcheck.dll 
      c:\windows\system32\WPDShServiceObj.dll 
      c:\windows\system32\PortableDeviceTypes.dll 
      c:\windows\system32\PortableDeviceApi.dll 
      . 
      Completion time: 2009-10-19 18:25 
      ComboFix-quarantined-files.txt  2009-10-19 15:25 
      ComboFix2.txt  2009-10-17 14:15 
       
      Pre-Run: 9.150.357.504 bayt boş 
      Post-Run: 9.141.682.176 bayt boş 
       
      - - End Of File - - 63B3E6F9EA88732F0DE3E356D503EF10




    • 
Sayfa: önceki 438439440441442
Sayfaya Git
Git
sonraki
- x
Bildirim
mesajınız kopyalandı (ctrl+v) yapıştırmak istediğiniz yere yapıştırabilirsiniz.
Hizmet kalitesi için çerezleri kullanabiliriz. DH’ye girerek kullanım izni vermiş sayılırsınız.
Anladım Veri Politikamız