Yeni Kayıt
Konudaki Resimler
önceki
|
Hızlı 
Bildirim
HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (442. sayfa)
Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Daha Fazla 
Bu Konudaki Kullanıcılar:
Daha Az 
2 Misafir - 2 Masaüstü
Giriş
Mesaj
-
-
Görev Yöneticisi ve Kayıt defteri açılmıyor ve virüs programı kuramıyorum programı kurduğum anda kapanıyor virüs
ayrıca internete girdiğimde bir süre sonra hata veriyor runtime error gibi bişeydi sanırım tamam dedikten sonra hata raporu veriyor tam bunu yollamıştımki hata verdi aynen yazıyorum Runtime Error! program:c:\programfiles\internet explorer\ixplore.exe R6025 pure virtuel function call
Logfile Trend Micro HijackThis v2.0.2 ile
Tarama 10:26:51 at 23.10.2009 kaydedilmiş
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot modu: Normal
Çalışan süreçleri:
C: \ Windows \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Windows \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ VTTimer.exe
C: \ WINDOWS \ system32 \ VTtrayp.exe
C: \ Windows \ ehtray.exe
C: \ Program Files \ VIA \ RAID \ raid_tool.exe
C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Windows \ PixArt \ PAC7302 \ Monitor.exe
C: \ Program Files \ jre6 \ bin \ jusched.exe
C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe
C: \ Program Files \ Messenger \ msnmsgr.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNotifier.exe
C: \ Windows \ System32 \ ctfmon.exe
C: \ Program Files \ Shenturk \ Mini Hava \ minihava.exe
C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Program Files \ AirTies \ ADSL Hizmet Programı \ AirTies_util3.exe
C: \ Program Files \ Shenturk \ Mini Hava \ minihava.exe
C: \ Program Files \ jre6 \ bin \ jqs.exe
C: \ Program Files \ Microsoft \ Search Enhancement Pack \ Seaport \ SeaPort.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe
C: \ Program Files \ Windows Live \ Contacts \ wlcomm.exe
C: \ Program Files \ Windows Live \ Toolbar \ wltuser.exe
C: \ DOCUME ~ 1 \ SAVA ~ 1 \ LOCALS ~ 1 \ Temp \ wincash.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ jre6 \ bin \ jucheck.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ DOCUME ~ 1 \ SAVA ~ 1 \ LOCALS ~ 1 \ Temp \ winqiicm.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, SearchAssistant =http://www.crawler.com/search/ie.aspx?tb_id=66031
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, CustomizeSearch =http://dnl.crawler.com/support/sa_customize.aspx?TbId=66031
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page =http://home.sweetim.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ arayın, CustomizeSearch =http://dnl.crawler.com/support/sa_customize.aspx?TbId=66031
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = Bağlantılar
R3 - URLSearchHook: AVG Security Toolbar BHO - (A3BC75A2-1F87-4686-AA43-5347D756017C) - C: \ Program Files \ AVG \ AVG8 \ Toolbar \ IEToolbar.dll
R3 - URLSearchHook: (no name) - * (CFBFAE00-17A6-11D0-99CB-00C04FD64497) - (no file)
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Program Files \ \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll
O2 - BHO: Media Access Başlangıç - (25B8D58C-B0CB-46b0-BA64-05B3804E4E86) - C: \ Program Files \ Media Access Başlangıç \ 1.5.0.850 \ HPIEAddOn.dll
O2 - BHO: NP Helper Class - (35B8D58C-B0CB-46b0-BA64-05B3804E4E86) - C: \ Program Files \ Internet Tasarruf Doktoru \ 3.4.0.4340 \ NPIEAddOn.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Program Files \ AVG \ AVG8 \ (dosya eksik) avgssie.dll
O2 - BHO: (no name) - (5C255C8A-E604-49b4-9D64-90988571CECB) - (no file)
O2 - BHO: Symantec Astsubay BHO - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - (no file)
O2 - BHO: Symantec Intrusion Prevention - (6D53EC84-6AAE-4787-aeee-F4628F01010C) - (no file)
O2 - BHO: Arama Yardımcısı - (6EBF7485-159F-4bff-A14F-B9E3AAC4465B) - C: \ Program Files \ Microsoft \ Search Enhancement Pack \ Arama Yardımcı \ SEPsearchhelperie.dll
O2 - BHO: Windows Oturum Açma Yardım Aracı - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll Canlı
O2 - BHO: AVG Security Toolbar BHO - (A3BC75A2-1F87-4686-AA43-5347D756017C) - C: \ Program Files \ AVG \ AVG8 \ Toolbar \ IEToolbar.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ Google Araç Çubuğu \ GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 5.3.4501.1418 \ swg.dll
O2 - BHO: Google Sözlüğü Sıkıştırma sdch - (C84D72FE-E17D-4195-BB24-76C02E2E7C4E) - C: \ Program Files \ Google \ Google Araç Çubuğu \ Bileşen \ fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Sistem Ara Dispatcher - (CDBFB47B-58A8-4111-BF95-06178DCE326D) - C: \ Program Files \ System ara Dispatcher \ 1.3.0.840 \ ssd.dll
O2 - BHO: Java (tm) Plug-2 SSV Helper - (DBC80044-A445-435b In-BC74-9C25C1C588A9) - C: \ Program Files \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: Windows - (E15A8DC0-8516-42A1-81EA-DC94EC1ACF10) - C: \ Program Files \ Windows Live \ Toolbar \ wltcore.dll Live Toolbar Helper
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Program Files \ jre6 \ lib \ dağıtmak \ JQS \ ie \ jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - (21FA44EF-376D-4D53-9B0F-8A89D3229068) - C: \ Program Files \ Windows Live \ Toolbar \ wltcore.dll
O3 - Toolbar: (no name) - (7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - (no file)
O3 - Toolbar: AVG Security Toolbar - (CCC7A320-B3CA-4199-B1A6-9F516DD69829) - C: \ Program Files \ AVG \ AVG8 \ Toolbar \ IEToolbar.dll
O3 - Toolbar: Google Toolbar - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ Google Araç Çubuğu \ GoogleToolbar_32.dll
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE "/ Spoil / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [VTTimer] VTTimer.exe
O4 - HKLM \ .. \ Run: [VTTrayp] VTtrayp.exe
O4 - HKLM \ .. \ Run: [ehTray] ehtray.exe
O4 - HKLM \ .. \ Run: [RaidTool] C: \ Program Files \ VIA \ RAID \ raid_tool.exe
O4 - HKLM \ .. \ Run: [Google Desktop Search] C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe "/ başlangıç
O4 - HKLM \ .. \ Run: [PAC7302_Monitor] C: \ Windows \ PixArt \ PAC7302 \ Monitor.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ \ Reader 9.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [SoundMAX] "C: \ Program Files \ \ jre6 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ \ qttask.exe"-NvTaskbarInit
O4 - HKLM \ .. \ Run: [Google Çabuk Arama Kutusu] C: \ Program Files \ Google \ Çabuk Arama Kutusu \ GoogleQuickSearchBox.exe "/ autorun
O4 - HKLM \ .. \ Run: [msnmsgr] "C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe" / background
O4 - HKLM \ .. \ Run: [msnmsgr] "C: \ Program Files \ Messenger \ msnmsgr.exe" / background
O4 - HKLM \ .. \ Run: [Google Update] C: \ Documents and Settings \ Savaş \ Local Settings \ Application Data \ Google \ Update \ googleupdate.exe "/ c
O4 - HKLM \ .. \ Run: [CTFMON.EXE] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNotifier.exe "
O4 - HKLM \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKLM \ .. \ Run: [minihava] C: \ Program Files \ Shenturk \ Mini Hava \ minihava.exe "
O4 - HKLM \ .. \ Run: [Shockwave Updater] C: \ WINDOWS \ system32 \ Adobe \ Shockwave 11 \ SwHelper_1150596.exe-Güncelleme -1.150.596 - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB0;. NET CLR 2.0.50727; OfficeLiveConnector.1.3; OfficeLivePatch.0.0;. NET CLR 3.0.4506.2152;. NET CLR 3.5.30729) "-"http://www.miniclip.com/games/verti-golf-2/en / "
O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User '')
O4 - Startup: AirTies ADSL Hizmet Programı.lnk =?
O7 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System, DisableRegedit = 1
O8 - Extra context menu item: Google Fotoğraf Screensa & ver için - res: / / C: \ WINDOWS \ system32 \ GPhotos.scr/200 ekle
O8 - Extra context menu item: Microsoft Excel'e Gö & nder - res: / / C: \ Program ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: Bunu Bloga Al - (219C3416-8CB2-491a-A3C7-D9FCDDC9D600) - C: \ Program Files \ Windows Live \ Writer \ WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Writer içinde & Bunu Web günlüğüne Aksoy Live - (219C3416-8CB2-491a-A3C7-D9FCDDC9D600) - C: \ Program Files \ Windows Live \ Writer \ WriterBrowserExtension.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20.001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msnmsgr.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msnmsgr.exe
O16 - DPF: (02BF25D5-8C17-4B23-BC80-D3488ABDDC6B) (QuickTime Plugin Kontrolü) -http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: (474F00F5-3853-492C-AC3A-476512BBC336) (UploadListView Class) -http://picasaweb.google.com/s/v/51.26/uploader2.cab
O16 - DPF: (5ED80217-570B-4DA9-BF44-BE107C0EC166) (Windows Live Safety Center Base Module) -http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234890976609
O16 - DPF: (8100D56A-5661-482C-BEE8-AFECE305D968) (Facebook Photo Uploader 5 Kontrolü) -http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: (917623D1-D8E5-11D2-BE8B-00104B06BDE3) (CamImage Class) -http://www.opentopia.com/support/activex/AxisCamControl.cab
O18 - Protocol: LinkScanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C: \ Program Files \ AVG \ AVG8 \ (dosya eksik) avgpp.dll
O20 - AppInit_DLLs: C: \ Program ~ 1 \ Google \ GOOGLE ~ 3 \ GOEC62 ~ 1.DLL
O23 - Service: Norton2009 sıfırlayın (. Norton2009Reset) - Unknown owner - C: \ Program Files \ Norton2009Reset.exe
O23 - Service: GoogleDesktopManager - Google - C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe
O23 - Service: Google Güncelleme Hizmeti (gupdate1c9a08f6ed5a052) (gupdate1c9a08f6ed5a052) - Google Inc - C: \ Program Files \ Google \ Update \ googleupdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: Java Hızlı Başlangıç (JavaQuickStarterService) - Sun Microsystems, Inc - C: \ Program Files \ jre6 \ bin \ jqs.exe
O23 - Service: Norton Internet Security - Unknown owner - C: \ Program Files \ Norton Internet Security \ Motor \ 16.0.0.125 \ (dosya eksik) ccSvcHst.exe
--
Dosya sonu - 11.139 bayt
< Bu mesaj bu kişi tarafından değiştirildi satore -- 23 Ekim 2009; 11:35:59 >
-
quote:
ComboFix 09-10-22.01 - Administrator 23.10.2009 13:05.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.2046.1590 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Belgelerim\İndirilenler\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.
2009-10-22 15:26 . 2009-10-22 15:26 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-10-22 15:21 . 2009-10-22 15:47 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-22 15:21 . 2009-10-22 15:47 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-19 15:01 . 2009-10-19 15:01 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-19 15:00 . 2009-10-19 15:00 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-19 15:00 . 2009-10-19 15:00 -------- d-----w- c:\windows\system32\AGEIA
2009-10-19 15:00 . 2009-10-19 15:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-19 15:00 . 2009-10-19 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-10-19 14:59 . 2009-10-22 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-10-19 14:59 . 2009-10-19 14:59 -------- d-----w- c:\program files\Kaspersky Lab
2009-10-19 14:56 . 2009-10-19 14:59 -------- d-----w- c:\program files\ATI Technologies
2009-10-19 14:56 . 2009-10-19 14:56 -------- d-----w- C:\ATI
2009-10-19 14:38 . 2009-10-19 14:53 -------- d-----w- c:\program files\ATI(2)
2009-10-19 14:04 . 2009-10-19 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI(3)
2009-10-19 14:01 . 2009-10-19 14:55 -------- d-----w- c:\program files\ATI Technologies(3)
2009-10-19 14:00 . 2009-10-19 14:55 -------- d-----w- C:\ATI(3)
2009-10-19 13:57 . 2009-10-19 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI(2)
2009-10-19 13:54 . 2009-10-19 14:56 -------- d-----w- c:\program files\ATI Technologies(2)
2009-10-19 13:54 . 2009-10-19 14:56 -------- d-----w- C:\ATI(2)
2009-10-14 17:48 . 2009-10-14 17:48 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-14 15:49 . 2009-10-14 15:49 -------- d-----w- c:\windows\CatRoot
2009-10-14 15:49 . 2005-02-06 08:44 93664 ----a-w- c:\windows\system32\drivers\usbVM31b.sys
2009-10-14 15:49 . 2004-12-15 16:01 40960 ----a-w- c:\windows\VM_STI.EXE
2009-10-14 15:49 . 2004-12-10 11:30 61440 ----a-w- c:\windows\system32\VM31bSTI.dll
2009-10-14 15:49 . 2004-12-10 07:07 94208 ----a-w- c:\windows\VMCap.exe
2009-10-14 15:49 . 2004-12-09 12:41 57344 ----a-w- c:\windows\StillCap.exe
2009-10-14 15:49 . 2002-10-16 06:29 49152 ----a-w- c:\windows\amcap.exe
2009-10-14 15:49 . 2000-10-31 09:00 307200 ----a-w- c:\windows\vidcap32.Exe
2009-10-14 15:49 . 2009-10-14 15:49 -------- d-----w- c:\program files\Vimicro
2009-10-02 23:13 . 2009-10-23 10:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2009-10-02 23:12 . 2009-10-02 23:12 -------- d-----w- c:\program files\LimeWire
2009-09-26 21:37 . 2008-07-31 07:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2009-09-26 21:37 . 2008-07-31 07:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-09-26 21:37 . 2008-07-31 07:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-09-26 21:37 . 2008-07-12 05:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-09-26 21:37 . 2008-07-12 05:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2009-09-26 21:37 . 2008-07-12 05:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-09-26 21:36 . 2009-09-26 21:36 -------- d-----w- c:\windows\Logs
2009-09-26 21:23 . 2009-09-26 21:23 -------- d-----w- c:\program files\Activision
2009-09-26 21:20 . 2009-09-26 21:20 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-09-26 21:20 . 2009-09-26 21:20 -------- d-----w- c:\program files\UltraISO
2009-09-26 20:02 . 2009-08-13 18:05 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-09-25 20:47 . 2009-09-25 20:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\Sony Ericsson
2009-09-25 01:56 . 2009-10-19 15:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-25 01:56 . 2009-10-19 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-25 01:45 . 2009-09-25 01:45 -------- d-----w- c:\windows\system32\xircom
2009-09-25 01:45 . 2009-09-25 01:45 -------- d-----w- c:\windows\system32\wbem\snmp
2009-09-25 01:45 . 2009-09-25 01:45 -------- d-----w- c:\program files\microsoft frontpage
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 09:46 . 2009-09-10 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-22 20:23 . 2009-09-20 10:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-22 20:22 . 2009-09-20 10:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\MyPhoneExplorer
2009-10-22 16:02 . 2009-09-11 07:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2009-10-19 15:02 . 2009-09-13 14:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 15:01 . 2009-09-11 09:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Azureus
2009-10-15 19:16 . 2009-09-17 21:03 -------- d-----w- c:\program files\Vuze
2009-10-14 15:49 . 2009-09-10 20:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-14 15:49 . 2009-09-10 20:19 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-07 20:44 . 2009-09-10 21:36 -------- d-----w- c:\program files\The KMPlayer
2009-09-28 20:57 . 2009-09-14 23:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
2009-09-26 12:28 . 2009-09-15 18:52 -------- d-----w- c:\program files\cFosSpeed
2009-09-25 22:48 . 2008-04-15 12:00 81332 ----a-w- c:\windows\system32\perfc01F.dat
2009-09-25 22:48 . 2008-04-15 12:00 427962 ----a-w- c:\windows\system32\perfh01F.dat
2009-09-25 22:30 . 2009-09-20 01:24 -------- d-----w- c:\program files\ApexDC++
2009-09-20 10:07 . 2009-09-20 10:06 -------- d-----w- c:\program files\MyPhoneExplorer
2009-09-18 07:56 . 2009-09-18 07:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Foxit
2009-09-18 07:55 . 2009-09-18 07:55 -------- d-----w- c:\program files\Foxit Software
2009-09-17 20:36 . 2009-09-10 20:22 15408 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-17 16:43 . 2009-09-17 16:43 67568 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-16 17:09 . 2009-09-16 17:09 -------- d-----w- c:\program files\Zoom
2009-09-15 23:25 . 2009-09-10 22:29 -------- d-----w- c:\program files\MSN Messenger
2009-09-15 23:25 . 2009-09-15 23:25 -------- d-----w- c:\program files\Microsoft
2009-09-15 23:25 . 2009-09-10 22:30 -------- d-----w- c:\program files\Windows Live
2009-09-15 23:25 . 2009-09-15 23:25 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-15 18:05 . 2009-09-15 18:05 -------- d-----w- c:\program files\FileZilla FTP Client
2009-09-15 13:48 . 2009-09-15 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\GlobalSCAPE
2009-09-15 13:44 . 2009-09-15 13:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\GlobalSCAPE
2009-09-15 13:44 . 2009-09-15 13:44 -------- d-----w- c:\program files\GlobalSCAPE
2009-09-13 23:32 . 2009-09-13 23:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-09-13 15:22 . 2009-09-13 15:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-13 15:22 . 2009-09-13 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-13 11:32 . 2009-09-13 11:32 -------- d-----w- c:\program files\ConvertHelper
2009-09-11 11:54 . 2009-09-11 11:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Teleca
2009-09-11 11:52 . 2009-09-11 11:48 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-09-11 11:48 . 2009-09-11 11:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sony Ericsson
2009-09-11 11:48 . 2009-09-11 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca
2009-09-11 11:48 . 2009-09-11 11:48 -------- d-----w- c:\program files\Common Files\Sony Ericsson Shared
2009-09-11 11:48 . 2009-09-11 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2009-09-11 11:48 . 2009-09-11 11:48 -------- d-----w- c:\program files\Sony Ericsson
2009-09-11 09:06 . 2009-09-11 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-09-11 07:56 . 2009-09-11 07:55 -------- d-----w- c:\program files\Winamp
2009-09-11 00:32 . 2009-09-11 00:32 -------- d-----w- c:\program files\MSXML 4.0
2009-09-11 00:29 . 2009-09-11 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-09-11 00:10 . 2009-09-11 00:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 00:10 . 2009-09-11 00:10 -------- d-----w- c:\program files\Java
2009-09-10 23:56 . 2009-09-10 23:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero
2009-09-10 23:55 . 2009-09-10 23:20 -------- d-----w- c:\program files\Nero
2009-09-10 23:21 . 2009-09-10 23:21 -------- d-----w- c:\program files\Common Files\Nero
2009-09-10 23:21 . 2009-09-10 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-09-10 22:54 . 2009-09-10 22:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Vso
2009-09-10 22:54 . 2009-09-10 22:52 81920 ----a-w- c:\documents and settings\Administrator\Application Data\ezpinst.exe
2009-09-10 22:54 . 2009-09-10 22:52 47360 ----a-w- c:\documents and settings\Administrator\Application Data\pcouffin.sys
2009-09-10 22:52 . 2009-09-10 22:52 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-09-10 22:37 . 2009-09-10 22:37 0 ----a-w- c:\windows\nsreg.dat
2009-09-10 22:30 . 2009-09-10 22:30 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-10 22:28 . 2009-09-10 22:28 0 ----a-w- c:\windows\ativpsrm.bin
2009-09-10 21:47 . 2009-09-10 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-09-10 21:31 . 2009-09-10 21:18 -------- d-----w- c:\program files\GRETECH
2009-09-10 21:19 . 2009-09-10 21:19 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-10 20:50 . 2009-09-10 20:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI
2009-09-10 20:42 . 2009-09-10 20:42 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-09-10 19:38 . 2009-09-10 19:38 -------- d-----w- c:\program files\MSBuild
2009-09-10 19:38 . 2009-09-10 19:38 -------- d-----w- c:\program files\Reference Assemblies
2009-09-10 19:33 . 2009-09-10 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\GroupPolicy
2009-09-10 19:33 . 2009-09-10 19:33 21736 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-10 19:32 . 2009-09-10 19:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 19:31 . 2009-09-10 19:31 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-10 19:31 . 2009-09-10 19:31 -------- d-----w- c:\program files\LiraConv
2009-09-10 11:54 . 2009-09-13 15:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 11:53 . 2009-09-13 14:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-16 15:08 . 2009-09-13 23:32 178176 ----a-w- c:\windows\system32\unrar.dll
2009-08-14 04:27 . 2009-07-15 04:20 4485632 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-08-14 02:28 . 2009-08-14 02:28 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-08-14 02:27 . 2009-09-26 19:26 345600 ----a-w- c:\windows\system32\ati2dvag.dll
2009-08-14 02:27 . 2009-09-26 19:26 345600 ----a-w- c:\windows\system32\ati2dvag(6).dll
2009-08-14 02:27 . 2009-09-26 19:26 345600 ----a-w- c:\windows\system32\ati2dvag(5).dll
2009-08-14 02:27 . 2009-09-26 19:26 345600 ----a-w- c:\windows\system32\ati2dvag(4).dll
2009-08-14 02:27 . 2009-09-26 19:26 345600 ----a-w- c:\windows\system32\ati2dvag(3).dll
2009-08-14 02:27 . 2009-09-26 19:26 345600 ----a-w- c:\windows\system32\ati2dvag(2).dll
2009-08-14 02:10 . 2009-08-14 02:10 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-08-14 02:10 . 2009-08-14 02:10 204800 ----a-w- c:\windows\system32\atipdlxx(6).dll
2009-08-14 02:10 . 2009-08-14 02:10 204800 ----a-w- c:\windows\system32\atipdlxx(5).dll
2009-08-14 02:10 . 2009-08-14 02:10 204800 ----a-w- c:\windows\system32\atipdlxx(4).dll
2009-08-14 02:10 . 2009-08-14 02:10 204800 ----a-w- c:\windows\system32\atipdlxx(3).dll
2009-08-14 02:10 . 2009-08-14 02:10 204800 ----a-w- c:\windows\system32\atipdlxx(2).dll
2009-08-14 02:10 . 2009-08-14 02:10 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-08-14 02:08 . 2009-08-14 02:08 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-08-14 02:08 . 2009-08-14 02:08 602112 ----a-w- c:\windows\system32\ati2evxx(6).exe
2009-08-14 02:08 . 2009-08-14 02:08 602112 ----a-w- c:\windows\system32\ati2evxx(5).exe
2009-08-14 02:08 . 2009-08-14 02:08 602112 ----a-w- c:\windows\system32\ati2evxx(4).exe
2009-08-14 02:08 . 2009-08-14 02:08 602112 ----a-w- c:\windows\system32\ati2evxx(3).exe
2009-08-14 02:08 . 2009-08-14 02:08 602112 ----a-w- c:\windows\system32\ati2evxx(2).exe
2009-08-14 02:06 . 2009-08-14 02:06 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-08-14 02:00 . 2009-08-14 02:00 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-08-14 01:58 . 2009-09-26 19:26 3492576 ----a-w- c:\windows\system32\ati3duag.dll
2009-08-14 01:58 . 2009-09-26 19:26 3492576 ----a-w- c:\windows\system32\ati3duag(6).dll
2009-08-14 01:58 . 2009-09-26 19:26 3492576 ----a-w- c:\windows\system32\ati3duag(5).dll
2009-08-14 01:58 . 2009-09-26 19:26 3492576 ----a-w- c:\windows\system32\ati3duag(4).dll
2009-08-14 01:58 . 2009-09-26 19:26 3492576 ----a-w- c:\windows\system32\ati3duag(3).dll
.
------- Sigcheck -------
[-] 2008-05-20 . 356A9AA52B02AF8C6E0E2CC4B6C73998 . 1139200 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-10-22_16.19.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-23 10:09 . 2009-10-23 10:09 16384 c:\windows\temp\Perflib_Perfdata_148.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-21 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-04-10 16861184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]
c:\documents and settings\Administrator\Start Menu\Programlar\BaŸlang‡\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Activision\\X-Men Origins - Wolverine(TM)\\Binaries\\Wolverine.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15.12.2008 20:41 33808]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13.09.2009 18:22 269648]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.05.2009 17:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16.05.2009 20:59 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.09.2009 17:57 19160]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.tr/
TCP: {795225C6-3E09-4565-BEA6-72D42631A926} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\emu4q7zj.default\
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-10-23 13:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1390067357-861567501-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,65,1e,44,87,a0,eb,45,ac,45,ac,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,65,1e,44,87,a0,eb,45,ac,45,ac,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1064)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3072)
c:\windows\system32\WININET.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\combofix\CF3874.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-23 13:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-23 10:12
ComboFix2.txt 2009-10-22 16:21
ComboFix3.txt 2009-10-02 22:13
ComboFix4.txt 2009-09-25 01:48
Pre-Run: 82.117.935.104 bayt boş
Post-Run: 87.376.637.952 bayt boş
- - End Of File - - 1B6D44460D54B5292AA0D4D2A4C22DB8
dediklerini fixledim sonrada combofixle tarama yaptım log yukarda.
-
quote:
Orijinalden alıntı: satore
Görev Yöneticisi ve Kayıt defteri açılmıyor ve virüs programı kuramıyorum programı kurduğum anda kapanıyor virüs
ayrıca internete girdiğimde bir süre sonra hata veriyor runtime error gibi bişeydi sanırım tamam dedikten sonra hata raporu veriyor tam bunu yollamıştımki hata verdi aynen yazıyorum Runtime Error! program:c:\programfiles\internet explorer\ixplore.exe R6025 pure virtuel function call
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, SearchAssistant =http://www.crawler.com/search/ie.aspx?tb_id=66031
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, CustomizeSearch =http://dnl.crawler.com/support/sa_customize.aspx?TbId=66031
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page =http://home.sweetim.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ arayın, CustomizeSearch =http://dnl.crawler.com/support/sa_customize.aspx?TbId=66031
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = Bağlantılar
R3 - URLSearchHook: (no name) - * (CFBFAE00-17A6-11D0-99CB-00C04FD64497) - (no file)
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Program Files \ \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll
O2 - BHO: Media Access Başlangıç - (25B8D58C-B0CB-46b0-BA64-05B3804E4E86) - C: \ Program Files \ Media Access Başlangıç \ 1.5.0.850 \ HPIEAddOn.dll
O2 - BHO: NP Helper Class - (35B8D58C-B0CB-46b0-BA64-05B3804E4E86) - C: \ Program Files \ Internet Tasarruf Doktoru \ 3.4.0.4340 \ NPIEAddOn.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Program Files \ AVG \ AVG8 \ (dosya eksik) avgssie.dll
O2 - BHO: (no name) - (5C255C8A-E604-49b4-9D64-90988571CECB) - (no file)
O2 - BHO: Arama Yardımcısı - (6EBF7485-159F-4bff-A14F-B9E3AAC4465B) - C: \ Program Files \ Microsoft \ Search Enhancement Pack \ Arama Yardımcı \ SEPsearchhelperie.dll
O2 - BHO: Windows Oturum Açma Yardım Aracı - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll Canlı
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ Google Araç Çubuğu \ GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 5.3.4501.1418 \ swg.dll
O2 - BHO: Google Sözlüğü Sıkıştırma sdch - (C84D72FE-E17D-4195-BB24-76C02E2E7C4E) - C: \ Program Files \ Google \ Google Araç Çubuğu \ Bileşen \ fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Sistem Ara Dispatcher - (CDBFB47B-58A8-4111-BF95-06178DCE326D) - C: \ Program Files \ System ara Dispatcher \ 1.3.0.840 \ ssd.dll
O2 - BHO: Java (tm) Plug-2 SSV Helper - (DBC80044-A445-435b In-BC74-9C25C1C588A9) - C: \ Program Files \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: Windows - (E15A8DC0-8516-42A1-81EA-DC94EC1ACF10) - C: \ Program Files \ Windows Live \ Toolbar \ wltcore.dll Live Toolbar Helper
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Program Files \ jre6 \ lib \ dağıtmak \ JQS \ ie \ jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - (21FA44EF-376D-4D53-9B0F-8A89D3229068) - C: \ Program Files \ Windows Live \ Toolbar \ wltcore.dll
O3 - Toolbar: (no name) - (7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - (no file)
O3 - Toolbar: Google Toolbar - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ Google Araç Çubuğu \ GoogleToolbar_32.dll
ComboFix adlı programı masaüstünüze indirin.
http://www.buraksonmez.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
-
quote:
Orijinalden alıntı: drakin
dediklerini fixledim sonrada combofixle tarama yaptım log yukarda.
Malwarebytes Antimalware adlı programı indirin.
http://www.buraksonmez.com/dosyalar/mbam-setup.exe
* Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
* Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
* Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
* Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
* Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
* Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
* Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
* Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (bilgisayarınızı yeniden başlatmanız gerekebilir.)
* Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.
NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.
-
Bilgisayarda messenger bazan açılıyor bazen açılırken kitlenip kalıyor.
ComboFix 09-10-08.04 - Ayhan Yılmaz 09.10.2009 18:13.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1254.90.1055.18.447.113 [GMT 3:00]
Running from: c:\documents and settings\Ayhan Yılmaz\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-09-09 to 2009-10-09 )))))))))))))))))))))))))))))))
.
2009-10-08 12:26 . 2009-09-10 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-08 12:26 . 2009-10-08 12:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-08 12:26 . 2009-09-10 11:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-07 20:37 . 2009-10-07 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Zbshareware Lab
2009-10-07 20:34 . 2009-10-07 20:37 -------- d-----w- c:\program files\USB Disk Security
2009-10-07 20:25 . 2009-10-07 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-10-07 19:09 . 2009-10-07 19:09 -------- d-----w- c:\program files\Trend Micro
2009-10-07 13:57 . 2009-10-07 13:57 -------- d-----w- c:\documents and settings\Ayhan Yılmaz\Application Data\Malwarebytes
2009-10-07 13:57 . 2009-10-07 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-07 13:51 . 2008-10-16 11:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-10-07 13:51 . 2008-10-16 11:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-30 08:40 . 2009-09-30 08:40 -------- d-----w- c:\program files\Common Files\Windows Live
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 15:10 . 2001-11-22 12:00 45784 ----a-w- c:\windows\system32\perfc01F.dat
2009-10-09 15:10 . 2001-11-22 12:00 300326 ----a-w- c:\windows\system32\perfh01F.dat
2009-10-09 13:42 . 2007-10-02 10:17 -------- d-----w- c:\program files\Microsoft Works
2009-10-07 19:10 . 2009-05-11 15:06 -------- d-----w- c:\program files\QuickTime
2009-10-07 19:04 . 2007-11-05 16:50 -------- d-----w- c:\program files\Google
2009-08-05 09:06 . 2004-08-03 21:45 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:56 . 2004-08-03 21:45 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 20:43 . 2004-08-03 21:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.
------- Sigcheck -------
[-] 2008-04-14 . 043873D830016BB0F1E7759F7BCEDE81 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\232cad025a4de3b5651532234015bf6b\sfcfiles.dll
[-] 2007-10-01 . 866FE42A091BF1BABDCC2E078B09D8A9 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-08_12.22.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-09 15:11 . 2009-10-09 15:11 16384 c:\windows\temp\Perflib_Perfdata_348.dat
+ 2007-10-02 10:19 . 2007-04-09 10:23 28552 c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2007-10-02 10:19 . 2007-04-09 10:23 46472 c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2007-10-02 10:19 . 2007-04-09 10:23 46472 c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2001-11-22 12:00 . 2009-10-09 15:10 39992 c:\windows\system32\perfc009.dat
- 2001-11-22 12:00 . 2009-04-20 14:07 39992 c:\windows\system32\perfc009.dat
+ 2007-10-02 10:19 . 2007-04-09 10:23 28040 c:\windows\system32\mdimon.dll
+ 2007-03-22 16:17 . 2007-03-22 16:17 35440 c:\windows\system32\FM20ENU.DLL
+ 2007-10-02 10:19 . 2009-10-09 13:47 23040 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-10-02 10:19 . 2007-10-02 10:19 23040 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-10-02 10:19 . 2009-10-09 13:47 61440 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-10-02 10:19 . 2007-10-02 10:19 61440 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-10-02 10:19 . 2007-10-02 10:19 27136 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-10-02 10:19 . 2009-10-09 13:47 27136 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-10-02 10:19 . 2009-10-09 13:47 11264 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-10-02 10:19 . 2007-10-02 10:19 11264 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-10-02 10:19 . 2007-10-02 10:19 86016 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-10-02 10:19 . 2009-10-09 13:47 86016 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-10-02 10:19 . 2009-10-09 13:47 12288 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-10-02 10:19 . 2007-10-02 10:19 12288 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2001-06-05 13:13 . 2001-06-05 13:13 40972 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.8173\OCRVC.DAT
+ 2001-10-23 05:13 . 2001-10-23 05:13 53260 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.8173\OCRHC.DAT
+ 2001-06-05 13:13 . 2001-06-05 13:13 65536 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.8173\LOOKUP.DAT
+ 2001-06-05 13:13 . 2001-06-05 13:13 18844 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.8173\JFONT.DAT
+ 2001-06-05 13:13 . 2001-06-05 13:13 34168 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.8173\ENGIDX.DAT
+ 2003-01-17 19:03 . 2003-01-17 19:03 59466 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\XSCAN32.DAT
+ 2003-07-15 03:57 . 2003-07-15 03:57 59960 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\UNBIND.EXE
+ 2002-10-07 14:49 . 2002-10-07 14:49 81983 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\TWRECS.DLL
+ 2003-07-15 04:00 . 2003-07-15 04:00 99904 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\TRANSMGR.DLL
+ 2003-07-15 03:53 . 2003-07-15 03:53 11848 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2003-07-14 19:57 . 2003-07-14 19:57 58944 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-15 03:44 . 2003-07-15 03:44 66616 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-15 03:43 . 2003-07-15 03:43 74288 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\RM.DLL
+ 2002-10-07 14:49 . 2002-10-07 14:49 81984 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\REVERSE.DLL
+ 2003-07-15 03:57 . 2003-07-15 03:57 40512 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2003-05-09 02:54 . 2003-05-09 02:54 77824 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 03:42 . 2003-07-15 03:42 37432 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\RECALL.DLL
+ 2003-07-15 03:40 . 2003-07-15 03:40 51256 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\PUBTRAP.DLL
+ 2003-07-15 08:18 . 2003-07-15 08:18 93752 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2003-07-15 03:43 . 2003-07-15 03:43 49208 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2003-07-15 03:43 . 2003-07-15 03:43 64056 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\OUTLRPC.DLL
+ 2003-07-15 03:44 . 2003-07-15 03:44 88128 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\OUTLMIME.DLL
+ 2003-07-15 03:41 . 2003-07-15 03:41 24640 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\OUTLACCT.DLL
+ 2003-07-14 19:53 . 2003-07-14 19:53 95792 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\OSA.EXE
+ 2003-07-15 08:14 . 2003-07-15 08:14 27192 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
+ 2003-07-15 03:56 . 2003-07-15 03:56 13888 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2003-07-15 03:57 . 2003-07-15 03:57 56888 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-15 03:52 . 2003-07-15 03:52 41528 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-06-18 22:31 . 2003-06-18 22:31 16384 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-07-15 03:45 . 2003-07-15 03:45 39488 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-07-15 03:45 . 2003-07-15 03:45 55360 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 03:46 . 2003-07-15 03:46 42040 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 03:53 . 2003-07-15 03:53 39488 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-15 03:53 . 2003-07-15 03:53 55872 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSOSVABW.DLL
+ 2003-07-15 03:52 . 2003-07-15 03:52 35896 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-14 19:52 . 2003-07-14 19:52 28224 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 03:56 . 2003-07-15 03:56 54328 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSOMSE.DLL
+ 2003-07-15 03:52 . 2003-07-15 03:52 55360 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2003-07-15 03:44 . 2003-07-15 03:44 25144 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2003-07-15 03:52 . 2003-07-15 03:52 27704 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 03:52 . 2003-07-15 03:52 17464 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-07-15 03:51 . 2003-07-15 03:51 87104 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-07-15 03:56 . 2003-07-15 03:56 40504 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSE7.EXE
+ 2003-07-15 04:12 . 2003-07-15 04:12 47872 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSB1XTOR.DLL
+ 2003-06-18 22:31 . 2003-06-18 22:31 35328 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL
+ 2003-06-18 22:31 . 2003-06-18 22:31 18944 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL
+ 2003-06-18 22:31 . 2003-06-18 22:31 17920 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL
+ 2003-07-15 03:45 . 2003-07-15 03:45 58944 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\INLAUNCH.DLL
+ 2003-07-14 19:57 . 2003-07-14 19:57 87096 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
+ 2003-07-15 03:41 . 2003-07-15 03:41 13368 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2003-07-15 03:57 . 2003-07-15 03:57 98360 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-15 03:56 . 2003-07-15 03:56 14904 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-25 23:57 . 2003-07-25 23:57 75832 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\DLGSETP.DLL
+ 2003-07-15 08:18 . 2003-07-15 08:18 47160 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE
+ 2003-07-14 19:53 . 2003-07-14 19:53 46144 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL
+ 2003-07-14 19:53 . 2003-07-14 19:53 60984 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\BLNMGR.DLL
+ 2003-07-15 03:53 . 2003-07-15 03:53 94768 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 03:57 . 2003-07-15 03:57 38968 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-15 03:43 . 2003-07-15 03:43 87616 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\ADDRPARS.DLL
- 2007-10-02 10:19 . 2007-10-02 10:19 4096 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-10-02 10:19 . 2009-10-09 13:47 4096 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2003-06-18 22:31 . 2003-06-18 22:31 6144 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\OCRPS.DLL
+ 2007-10-02 10:19 . 2007-04-09 10:24 758664 c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2007-10-02 10:19 . 2007-04-09 10:24 758664 c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
- 2001-11-22 12:00 . 2009-04-20 14:07 311604 c:\windows\system32\perfh009.dat
+ 2001-11-22 12:00 . 2009-10-09 15:10 311604 c:\windows\system32\perfh009.dat
+ 2007-10-02 12:30 . 2009-10-09 13:50 240736 c:\windows\system32\FNTCACHE.DAT
- 2007-10-02 12:30 . 2009-06-23 11:42 240736 c:\windows\system32\FNTCACHE.DAT
+ 2008-11-05 09:02 . 2008-11-05 09:02 119296 c:\windows\Installer\18e34.msp
- 2007-10-02 10:19 . 2007-10-02 10:19 409600 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-10-02 10:19 . 2009-10-09 13:47 409600 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-10-02 10:19 . 2007-10-02 10:19 286720 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-10-02 10:19 . 2009-10-09 13:47 286720 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-10-02 10:19 . 2009-10-09 13:47 249856 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-10-02 10:19 . 2007-10-02 10:19 249856 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-10-02 10:19 . 2009-10-09 13:47 794624 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-10-02 10:19 . 2007-10-02 10:19 794624 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-10-02 10:19 . 2009-10-09 13:47 135168 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-10-02 10:19 . 2007-10-02 10:19 135168 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-10-02 10:19 . 2009-10-09 13:47 593920 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-10-02 10:19 . 2007-10-02 10:19 593920 c:\windows\Installer\{9011041F-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2001-06-05 13:13 . 2001-06-05 13:13 289926 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.8173\ENGDIC.DAT
+ 2002-10-07 14:51 . 2002-10-07 14:51 221252 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\TWSTRUCT.DLL
+ 2002-10-07 14:50 . 2002-10-07 14:50 118847 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\TWRECE.DLL
+ 2002-10-07 14:51 . 2002-10-07 14:51 102467 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\TWORIENT.DLL
+ 2002-10-07 14:51 . 2002-10-07 14:51 147520 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\TWLAY32.DLL
+ 2002-10-07 14:51 . 2002-10-07 14:51 180289 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\TWCUTLIN.DLL
+ 2002-10-07 14:50 . 2002-10-07 14:50 241729 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\TWCUTCHR.DLL
+ 2002-10-07 14:53 . 2002-10-07 14:53 106561 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\THOCRAPI.DLL
+ 2003-08-06 18:26 . 2003-08-06 18:26 445488 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\SOA.DLL
+ 2003-08-06 18:31 . 2003-08-06 18:31 362552 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\SETLANG.EXE
+ 2003-07-15 03:57 . 2003-07-15 03:57 349248 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\SELFCERT.EXE
+ 2003-07-21 16:46 . 2003-07-21 16:46 390712 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2003-07-15 03:50 . 2003-07-15 03:50 551480 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\PUBCONV.DLL
+ 2003-07-15 03:51 . 2003-07-15 03:51 604728 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\PTXT9.DLL
+ 2002-10-07 15:11 . 2002-10-07 15:11 167997 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\PSOM.DLL
+ 2003-07-15 03:40 . 2003-07-15 03:40 130104 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\PRTF9.DLL
+ 2003-07-15 08:18 . 2003-07-15 08:18 430136 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL
+ 2003-07-15 03:43 . 2003-07-15 03:43 139320 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\OUTLPH.DLL
+ 2003-07-15 03:45 . 2003-07-15 03:45 196152 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\OUTLOOK.EXE
+ 2003-07-08 16:48 . 2003-07-08 16:48 115288 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DLL
+ 2003-07-15 03:44 . 2003-07-15 03:44 102968 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-07-15 08:14 . 2003-07-15 08:14 242240 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-15 08:14 . 2003-07-15 08:14 828472 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
+ 2003-07-15 08:14 . 2003-07-15 08:14 283696 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\OIS.EXE
+ 2003-07-15 04:00 . 2003-07-15 04:00 145984 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-24 03:40 . 2003-07-24 03:40 482872 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
+ 2003-07-15 03:56 . 2003-07-15 03:56 124984 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
+ 2003-07-15 04:02 . 2003-07-15 04:02 627256 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
+ 2003-07-15 04:02 . 2003-07-15 04:02 637496 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSQRY32.EXE
+ 2003-06-19 21:05 . 2003-06-19 21:05 364648 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-06-19 21:05 . 2003-06-19 21:05 128104 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSPSCAN.EXE
+ 2003-06-18 22:31 . 2003-06-18 22:31 788480 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSPFILT.DLL
+ 2003-07-15 08:18 . 2003-07-15 08:18 376888 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-23 19:35 . 2003-07-23 19:35 127032 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
+ 2003-07-15 00:14 . 2003-07-15 00:14 106552 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
+ 2003-07-14 19:57 . 2003-07-14 19:57 120888 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2002-04-09 17:14 . 2002-04-09 17:14 187560 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL
+ 2003-07-15 08:14 . 2003-07-15 08:14 139328 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSJSPP40.DLL
+ 2002-12-17 16:08 . 2002-12-17 16:08 359600 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL
+ 2003-07-15 03:51 . 2003-07-15 03:51 116288 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSCONV97.DLL
+ 2003-07-14 19:58 . 2003-07-14 19:58 230968 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL
+ 2003-07-15 03:57 . 2003-07-15 03:57 124480 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSB1CORE.DLL
+ 2003-07-15 08:13 . 2003-07-15 08:13 130112 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSAEXP30.DLL
+ 2003-07-15 04:01 . 2003-07-15 04:01 445496 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MODHELP.DLL
+ 2003-07-15 03:46 . 2003-07-15 03:46 176696 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL
+ 2003-05-28 20:42 . 2003-05-28 20:42 342616 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\METCONV.DLL
+ 2003-06-18 22:31 . 2003-06-18 22:31 443904 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL
+ 2003-06-18 22:31 . 2003-06-18 22:31 252928 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-06-18 22:31 . 2003-06-18 22:31 758784 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL
+ 2003-05-28 20:42 . 2003-05-28 20:42 514680 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\INTLNAME.DLL
+ 2003-07-24 03:32 . 2003-07-24 03:32 121400 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL
+ 2003-07-15 03:53 . 2003-07-15 03:53 161336 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\IETAG.DLL
+ 2003-07-26 00:14 . 2003-07-26 00:14 799288 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL
+ 2003-07-15 03:40 . 2003-07-15 03:40 179768 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-15 04:36 . 2003-07-15 04:36 186424 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
+ 2002-10-07 14:49 . 2002-10-07 14:49 192573 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\FORM.DLL
+ 2003-07-31 20:19 . 2003-07-31 20:19 131648 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\ENVELOPE.DLL
+ 2003-07-15 00:14 . 2003-07-15 00:14 350264 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
+ 2003-07-15 08:13 . 2003-07-15 08:13 166456 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\ACCWIZ.DLL
+ 2007-06-06 07:53 . 2007-06-06 07:53 1195888 c:\windows\system32\FM20.DLL
+ 2005-10-26 11:59 . 2005-10-26 11:59 2883072 c:\windows\Installer\18ff3.msp
+ 2009-08-25 11:57 . 2009-08-25 11:57 5518336 c:\windows\Installer\18fdd.msp
+ 2003-04-30 16:52 . 2003-04-30 16:52 1581120 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\XPAGE3C.DLL
+ 2002-10-07 15:03 . 2002-10-07 15:03 1794113 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\XIMAGE3B.DLL
+ 2003-07-03 20:19 . 2003-07-03 20:19 2502656 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\VBE6.DLL
+ 2003-08-03 15:52 . 2003-08-03 15:52 2808376 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
+ 2003-07-31 20:21 . 2003-07-31 20:21 1782840 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE
+ 2003-07-30 17:40 . 2003-07-30 17:40 6133312 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE
+ 2003-08-01 20:09 . 2003-08-01 20:09 8086072 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
+ 2003-08-04 18:19 . 2003-08-04 18:19 7330360 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\OWC10.DLL
+ 2003-08-10 04:06 . 2003-08-10 04:06 7522360 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL
+ 2003-07-07 18:36 . 2003-07-07 18:36 2058343 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DAT
+ 2003-07-15 04:05 . 2003-07-15 04:05 1054264 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-07-28 17:24 . 2003-07-28 17:24 5677112 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSPUB.EXE
+ 2003-06-18 22:31 . 2003-06-18 22:31 1033216 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
+ 2003-07-11 07:15 . 2003-07-11 07:15 1292872 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2002-12-17 16:09 . 2002-12-17 16:09 2071752 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL
+ 2002-12-17 16:08 . 2002-12-17 16:08 1383592 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL
+ 2003-08-15 05:54 . 2003-08-15 05:54 6627392 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSACCESS.EXE
+ 2003-08-01 20:07 . 2003-08-01 20:07 4815424 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\INFOPATH.EXE
+ 2003-07-15 04:11 . 2003-07-15 04:11 2139192 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
+ 2003-07-26 00:00 . 2003-07-26 00:00 1157696 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL
+ 2003-07-24 04:01 . 2003-07-24 04:01 1949240 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
+ 2003-08-03 15:56 . 2003-08-03 15:56 1146184 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\FM20.DLL
+ 2003-08-06 18:24 . 2003-08-06 18:24 12037688 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE
+ 2003-08-08 05:23 . 2003-08-08 05:23 12172336 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\MSO.DLL
+ 2003-08-13 07:34 . 2003-08-13 07:34 10073144 c:\windows\Installer\$PatchCache$\Managed\F140110900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE
+ 2007-07-27 06:50 . 2007-07-27 06:50 117563392 c:\windows\Installer\18fc6.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2009-10-07 815104]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-08 53248]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-03-01 577536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"gusvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25.01.2008 12:12 25088]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {4FF30B94-BD69-4F5D-BA94-F9B130E37E44} = 192.168.119.2
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-10-09 18:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1820)
c:\windows\system32\WININET.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-09 18:20
ComboFix-quarantined-files.txt 2009-10-09 15:20
ComboFix2.txt 2009-10-08 12:24
ComboFix3.txt 2009-10-07 13:54
Pre-Run: 34.974.818.304 bayt boş
Post-Run: 34.961.141.760 bayt boş
286 --- E O F --- 2009-10-09 13:47
-
combo fix raporu
ComboFix 09-10-24.01 - savaş 25.10.2009 14:00.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1254.90.1055.18.446.101 [GMT 2:00]
Running from: c:\documents and settings\savaş\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
c:\program files\Media Access Startup\1.5.0.850\Data\config.md
c:\program files\Media Access Startup\1.5.0.850\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.0.850\FF\install.rdf
c:\program files\Media Access Startup\1.5.0.850\HPCommon.dll
c:\program files\Media Access Startup\1.5.0.850\HPIEaddon.dll
c:\program files\Media Access Startup\1.5.0.850\hppx.exe
c:\program files\Media Access Startup\1.5.0.850\MAHelper.exe
c:\program files\Media Access Startup\1.5.0.850\unins000.dat
c:\program files\Media Access Startup\1.5.0.850\unins000.exe
c:\program files\Norton2009Reset.exe
c:\program files\System Search Dispatcher\1.3.0.840\ssD.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\scrrntr.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_.norton2009Reset
((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.
2009-10-24 21:35 . 2009-10-24 21:52 -------- d-----w- c:\program files\LimeWire
2009-10-23 06:53 . 2009-10-23 06:53 -------- d-----w- c:\program files\Trend Micro
2009-10-22 21:24 . 2009-10-22 21:24 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-18 06:05 . 2009-10-22 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8ls
2009-10-12 19:01 . 2009-06-25 08:26 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-10-12 19:01 . 2009-09-11 14:18 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-10-12 19:01 . 2009-06-25 08:26 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-10-12 19:01 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-10-08 14:06 . 2008-05-30 11:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2009-10-08 14:06 . 2009-10-08 14:06 -------- d-----w- c:\windows\Logs
2009-10-08 11:21 . 2006-09-14 14:45 -------- d-----w- c:\program files\Ruya Tabirleri v.1.1
2009-10-08 09:15 . 2009-10-08 10:03 286720 ------w- c:\windows\Setup1.exe
2009-10-08 09:15 . 2009-10-08 10:03 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-10-08 09:05 . 2009-10-08 09:05 -------- d-----w- c:\program files\Shenturk
2009-10-08 08:17 . 2009-10-19 12:56 -------- d-----w- c:\program files\GCH Guitar academy
2009-10-08 08:04 . 2009-10-08 08:04 -------- d-----w- c:\program files\Webteh
2009-10-06 13:27 . 2009-10-08 08:04 -------- d-----w- c:\program files\BS_Player
2009-10-06 13:27 . 2009-10-06 13:27 -------- d-----w- c:\program files\Webteh(2)
2009-10-06 12:49 . 2009-10-08 08:04 -------- d-----w- c:\program files\GCH Guitar academy(2)
2009-10-06 10:00 . 2009-10-06 10:01 -------- d-----w- c:\program files\Guitar Pro 5
2009-10-05 12:15 . 2009-10-05 12:15 -------- d-----w- c:\program files\Audio Phonics, Inc
2009-10-05 12:14 . 1998-02-06 19:37 299520 ----a-w- c:\windows\uninst.exe
2009-10-05 09:41 . 2009-10-05 09:44 -------- d-----w- c:\program files\AP Tuner
2009-10-03 09:00 . 2009-10-03 09:00 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-10-03 08:48 . 2009-10-03 08:48 -------- d-----w- c:\program files\TryMedia
2009-10-03 08:30 . 2000-07-08 12:06 87040 ----a-w- c:\windows\UnGins.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 12:00 . 2006-03-02 12:00 84628 ----a-w- c:\windows\system32\perfc01F.dat
2009-10-25 12:00 . 2006-03-02 12:00 435992 ----a-w- c:\windows\system32\perfh01F.dat
2009-10-24 21:48 . 2009-05-28 13:40 -------- d-----w- c:\program files\Norton Internet Security
2009-10-24 17:26 . 2009-06-09 19:16 41 ----a-w- c:\windows\popcinfo.dat
2009-10-22 21:23 . 2009-02-17 21:02 -------- d-----w- c:\program files\Windows Live
2009-10-22 21:23 . 2009-09-14 14:17 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-22 21:22 . 2009-02-17 19:42 -------- d-----w- c:\program files\Google
2009-10-22 06:50 . 2009-03-09 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-18 04:59 . 2009-02-17 19:56 -------- d-----w- c:\program files\Java
2009-10-08 16:00 . 2009-02-17 17:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-08 08:01 . 2009-09-14 15:53 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-02 18:18 . 2009-07-30 15:27 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-25 16:32 . 2009-09-25 16:32 8 ----a-w- c:\documents and settings\All Users\Application Data\VGANGMJYMWPP.SYS
2009-09-25 16:30 . 2009-09-25 16:30 8 ----a-w- c:\documents and settings\All Users\Application Data\TYRCPHJYWWPP.SYS
2009-09-20 05:42 . 2009-09-16 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-20 05:22 . 2009-09-20 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-16 16:22 . 2009-09-16 16:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-16 16:22 . 2009-09-16 16:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-16 16:22 . 2009-07-04 18:38 -------- d-----w- c:\program files\mIRCTR Script v6.35
2009-09-16 16:22 . 2009-09-16 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Google(2)
2009-09-16 16:22 . 2009-09-16 07:37 -------- d-----w- c:\program files\Search Guard PlusU
2009-09-16 16:22 . 2009-09-16 07:37 -------- d-----w- c:\program files\Search Guard Plus
2009-09-16 12:53 . 2009-09-16 07:37 8192 ----a-w- C:\mtwb.dat
2009-09-11 14:18 . 2009-09-11 14:18 136192 ----a-w- c:\windows\system32\SETA4.tmp
2009-09-11 14:18 . 2006-03-02 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:27 . 2006-03-02 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:27 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:27 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-27 11:03 . 2009-08-27 11:02 -------- d-----w- c:\program files\VDOWNLOADER
2009-08-27 07:52 . 2009-06-21 19:04 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-08-26 08:01 . 2006-03-02 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 16:24 . 2009-02-17 16:54 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 16:24 . 2009-02-17 16:54 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 16:24 . 2009-02-17 16:54 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 16:24 . 2009-02-17 16:54 35552 ----a-w- c:\windows\system32\wups(2)(2).dll
2009-08-06 16:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 16:24 . 2009-02-17 16:54 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 16:24 . 2006-03-02 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 16:23 . 2009-02-17 16:54 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 16:23 . 2009-02-18 12:35 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 16:23 . 2009-02-18 12:35 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 16:23 . 2009-02-17 16:54 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:00 . 2006-03-02 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:27 . 2006-03-02 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:27 . 2004-08-04 00:40 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 16:52 . 2009-08-04 16:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
.
((((((((((((((((((((((((((((( SnapShot@2009-10-23_16.41.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-03-02 12:00 . 2009-10-25 12:00 74120 c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2009-10-25 12:00 448418 c:\windows\system32\perfh009.dat
+ 2009-05-01 18:30 . 2009-05-01 18:30 3448832 c:\windows\system32\GPhotos.scr
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-03-01 4192608]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1768960]
"Google Update"="c:\documents and settings\savaş\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-21 206832]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-22 39408]
"minihava"="c:\program files\Shenturk\Mini Hava\minihava.exe" [2009-09-16 399360]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2004-10-11 659456]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-06 1920512]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 393216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 117616]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 218520]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-07-14 413696]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-16 122368]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-08 229376]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-11-01 233472]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 753664]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
AirTies ADSL Hizmet Program.lnk - c:\program files\AirTies\ADSL Hizmet Program\AirTies_util3.exe [2009-6-8 2452992]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=
"c:\\WINDOWS\\system32\\VTTimer.exe"=
"c:\\Program Files\\VIA\\RAID\\raid_tool.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Documents and Settings\\savaş\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Documents and Settings\\savaş\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\savaş\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\PixArt\\PAC7302\\Monitor.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"c:\\WINDOWS\\system32\\VTtrayp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\ntvdm.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Windows Live\\Toolbar\\wltuser.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Google\\Picasa3\\Picasa3.exe"=
"c:\\Program Files\\AirTies\\ADSL Hizmet Programı\\AirTies_util3.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jucheck.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\Program Files\\Shenturk\\Mini Hava\\minihava.exe"=
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [17.02.2009 23:10 55152]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\nlpjtn.sys --> c:\windows\system32\drivers\nlpjtn.sys [?]
S2 gupdate1c9a08f6ed5a052;Google Güncelleme Hizmeti (gupdate1c9a08f6ed5a052);c:\program files\Google\Update\GoogleUpdate.exe [09.03.2009 10:16 309232]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [28.05.2009 15:41 254512]
S3 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1000000.07D\ccHPx86.sys [28.05.2009 15:41 362544]
S3 fsssvc;Windows Live Aile Koruması;c:\program files\Windows Live\Family Safety\fsssvc.exe [06.02.2009 18:08 533360]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [28.05.2009 15:41 274808]
S3 PAC7302;PC VGA Camer@ Plus;c:\windows\system32\drivers\PAC7302.SYS [10.09.2007 08:50 457984]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1000000.07D\SymEFA.sys [28.05.2009 15:41 309296]
.
Contents of the 'Scheduled Tasks' folder
2009-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-09 08:16]
2009-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-09 08:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.tr/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
AddRemove-AP Guitar Tuner 1.02 - c:\program files\Audio Phonics
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.5.0.850\unins000.exe
AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-10-25 14:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-796845957-1004336348-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2984)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-25 14:11
ComboFix-quarantined-files.txt 2009-10-25 12:11
Pre-Run: 50.825.596.928 bayt boş
Post-Run: 50.931.265.536 bayt boş
- - End Of File - - C2CFC47F10C013F3C982AF70C0F4F698
şimdi ne yapmalıyım
< Bu mesaj bu kişi tarafından değiştirildi satore -- 25 Ekim 2009; 14:14:12 >
-
Bunada bakabilir misiniz??
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:52:42, on 25.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\IE Accelerator\IEAccelerator.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Copy Handler\Copy Handler.exe
C:\WINDOWS\PLFSetL.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Shenturk\Ey DSL! 3\EyDSL.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O1 - Hosts: s127.0.0.1 localhost
O1 - Hosts: Youtube Jacker 4 :)
O1 - Hosts: 209.85.229.100www.youtube.com
O1 - Hosts: 209.85.229.100 youtube.com
O1 - Hosts: 209.85.229.100 tr.youtube.com
O1 - Hosts: 209.85.229.100 fr.youtube.com
O1 - Hosts: 209.85.229.100 au.youtube.com
O1 - Hosts: 209.85.229.100 ca.youtube.com
O1 - Hosts: 208.117.236.71 m.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 209.85.165.102 gdata.youtube.com
O1 - Hosts: 208.117.236.71 ru.youtube.com
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 88.255.41.21 fr.youtube.com
O1 - Hosts: 88.255.41.21www.fr.youtube.com
O1 - Hosts: 74.125.95.138 de.youtube.com
O1 - Hosts: 209.85.129.104 help.youtube.com
O1 - Hosts: 209.85.129.104www.help.youtube.com
O1 - Hosts: 74.125.13.80 v1.lscache1.c.youtube.com
O1 - Hosts: 74.125.0.147 v2.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.86 v3.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.89 v4.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.92 v5.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.95 v6.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.98 v7.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.101 v8.lscache1.c.youtube.com
O1 - Hosts: 74.125.97.17 v9.lscache1.c.youtube.com
O1 - Hosts: 74.125.97.84 v10.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.87 v11.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.90 v12.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.93 v13.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.96 v14.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.99 v15.lscache1.c.youtube.com
O1 - Hosts: 74.125.97.38 v16.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.82 v17.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.85 v18.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.88 v19.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.91 v20.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.94 v21.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.97 v22.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.100 v23.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.103 v24.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.80 v1.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.83 v2.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.86 v3.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.89 v4.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.92 v5.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.95 v6.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.98 v7.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.101 v8.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.81 v9.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.84 v10.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.87 v11.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.90 v12.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.93 v13.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.96 v14.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.99 v15.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.102 v16.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.82 v17.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.85 v18.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.88 v19.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.91 v20.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.94 v21.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.97 v22.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.100 v23.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.103 v24.lscache2.c.youtube.com
O1 - Hosts: 74.125.99.80 v1.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.83 v2.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.86 v3.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.89 v4.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.92 v5.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.95 v6.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.98 v7.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.101 v8.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.81 v9.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.84 v10.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.87 v11.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.90 v12.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.93 v13.lscache3.c.youtube.com
O1 - Hosts: 74.125.97.32 v14.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.99 v15.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.102 v16.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.82 v17.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.85 v18.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.88 v19.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.91 v20.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.94 v21.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.97 v22.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.100 v23.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.103 v24.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.80 v1.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.83 v2.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.86 v3.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.89 v4.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.92 v5.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.95 v6.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.98 v7.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.101 v8.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.81 v9.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.84 v10.lscache4.c.youtube.com
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [IE Accelerator] C:\Program Files\IE Accelerator\IEAccelerator.exe /Auto
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [Copy handler] C:\Program Files\Copy Handler\Copy Handler.exe
O4 - HKLM\..\Run: [Test Programi] C:\Program Files\Pikatel KKP AirMax-104\KolayKurulumProgrami.exe\KolayKurulumProgrami.exe
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Ey DSL! 3.lnk = C:\Program Files\Shenturk\Ey DSL! 3\EyDSL.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -http://www.yayinizle.com/live/ampx2.6.1.11_en_dl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C6813A1-BF86-459E-9D5B-CEF933CD1DDF}: NameServer = 4.2.2.1,4.2.2.2
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
--
End of file - 16149 bytes
-
Dostum gene seni yoracağım,
Baya bir temizlik yaptım ama :/
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:39, on 25.10.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Users\No62NoExit\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\No62NoExit\Desktop\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.kralliklar.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
O1 - Hosts: 208.65.153.251 uk.youtube.com
O1 - Hosts: 208.65.153.253 de.youtube.com
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70 www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com
O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com
O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com
O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com
O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com
O1 - Hosts: 64.15.125.33 sjc-v94.sjc.youtube.com
O1 - Hosts: 64.15.125.34 sjc-v95.sjc.youtube.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [iKeyWorks] C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Ovt Wia] C:\Windows\OV530EM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\No62NoExit\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Banner Ad Blocker’a ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web trafiği koruması istatistikleri - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{444B7FE3-9D29-4330-9E28-BD608E4F4CE9}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 11078 bytes
Bu temizlikten sonra ufak bir sorunum çıktı.
Bazı dosyalarımın şekli şemali değişti Resimde göreceksin hocam
Üsteki gibi dosyalar alttaki gibi reg dosyası halinde gösteriyordu nasıl düzelte bilirim :) Olmasada olur ama göz aşinalığı olmayınca kötü oluyor insan bir çırpıda bulamıyor
-
Dostum gene seni yoracağım,
Baya bir temizlik yaptım ama :/
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:39, on 25.10.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Users\No62NoExit\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\No62NoExit\Desktop\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.kralliklar.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
O1 - Hosts: 208.65.153.251 uk.youtube.com
O1 - Hosts: 208.65.153.253 de.youtube.com
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70 www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com
O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com
O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com
O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com
O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com
O1 - Hosts: 64.15.125.33 sjc-v94.sjc.youtube.com
O1 - Hosts: 64.15.125.34 sjc-v95.sjc.youtube.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [iKeyWorks] C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Ovt Wia] C:\Windows\OV530EM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\No62NoExit\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Banner Ad Blocker’a ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web trafiği koruması istatistikleri - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{444B7FE3-9D29-4330-9E28-BD608E4F4CE9}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 11078 bytes
Bu temizlikten sonra ufak bir sorunum çıktı.
Bazı dosyalarımın şekli şemali değişti Resimde göreceksin hocam
Üsteki gibi dosyalar alttaki gibi reg dosyası halinde gösteriyordu nasıl düzelte bilirim :) Olmasada olur ama göz aşinalığı olmayınca kötü oluyor insan bir çırpıda bulamıyor
-
quote:
ComboFix 09-10-24.03 - yakamoz 25.10.2009 16:30.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1254.90.1055.18.1022.541 [GMT 2:00]
Running from: c:\documents and settings\yakamoz\Belgelerim\İndirilenler\software\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\FlashGet Network
c:\windows\system32\scrrntr.dll
.
---- Previous Run -------
.
c:\documents and settings\yakamoz\Application Data\BITS
c:\documents and settings\yakamoz\Application Data\BITS\BITS.ini
c:\documents and settings\yakamoz\Application Data\BITS\DHTTable.dat
c:\documents and settings\yakamoz\Application Data\BITS\pl.dat
c:\documents and settings\yakamoz\Application Data\BITS\ProxyList.ini
c:\documents and settings\yakamoz\Application Data\BITS\Torrent\20091020160659.torrent
c:\documents and settings\yakamoz\Application Data\BITS\Torrent\20091020160659.torrent.filelist
c:\documents and settings\yakamoz\Application Data\BITS\UPnP.ini
c:\documents and settings\yakamoz\Application Data\FlashGetBHO
c:\documents and settings\yakamoz\Application Data\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\yakamoz\Application Data\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\yakamoz\Application Data\FlashGetBHO\GetUrl.htm
c:\program files\FlashGet Network\FlashGet 3\adns.dll
c:\program files\FlashGet Network\FlashGet 3\btcoreu.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.exe
c:\program files\FlashGet Network\FlashGet 3\cd1.ico
c:\program files\FlashGet Network\FlashGet 3\ckcore.dll
c:\program files\FlashGet Network\FlashGet 3\commonlib.dll
c:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll
c:\program files\FlashGet Network\FlashGet 3\config\clients.met
c:\program files\FlashGet Network\FlashGet 3\config\clients.met.bak
c:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat
c:\program files\FlashGet Network\FlashGet 3\config\emfriends.met
c:\program files\FlashGet Network\FlashGet 3\config\key_index.dat
c:\program files\FlashGet Network\FlashGet 3\config\known.met
c:\program files\FlashGet Network\FlashGet 3\config\known2_64.met
c:\program files\FlashGet Network\FlashGet 3\config\load_index.dat
c:\program files\FlashGet Network\FlashGet 3\config\nodes.dat
c:\program files\FlashGet Network\FlashGet 3\config\preferences.dat
c:\program files\FlashGet Network\FlashGet 3\config\preferences.ini
c:\program files\FlashGet Network\FlashGet 3\config\preferencesKad.dat
c:\program files\FlashGet Network\FlashGet 3\config\server.met
c:\program files\FlashGet Network\FlashGet 3\config\server_met.old
c:\program files\FlashGet Network\FlashGet 3\config\src_index.dat
c:\program files\FlashGet Network\FlashGet 3\config\upload.met
c:\program files\FlashGet Network\FlashGet 3\corestat.dll
c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\1.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\2.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\3.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\btn1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\btn2.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\cig.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\cig1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_1_2.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_2_2.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_3.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_4.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_5.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_5_2.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon01.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon02.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon03.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon04.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_WuBiaoTi-3.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_WuBiaoTi-3_1.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\dian.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\directui_new_1256291569.zip
c:\program files\FlashGet Network\FlashGet 3\dat\directui\down.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\game.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\game.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\game1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gameall.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gametop.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\ico01.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\ico02.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\line.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\movie.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\movie1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\new_rescenter.txt
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newgame.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newmovie.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p2.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p3.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p4.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p5.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p6.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p7.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p8.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\pic_bg.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\preview.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\reom.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\reom.jpg1
c:\program files\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt
c:\program files\FlashGet Network\FlashGet 3\dat\directui\soft.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\soft_zhan.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\tab.gif
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\adconfig.ini
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini
c:\program files\FlashGet Network\FlashGet 3\dbghelp.dll
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\css\lightbox.css
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp_1.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp_2.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp_3.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image_1.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image_2.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image_3.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software_1.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software_2.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software_3.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod_1.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod_2.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod_3.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\js\builder.js
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\js\effects.js
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\js\lightbox.js
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\js\prototype.js
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\js\scriptaculous.js
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml
c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
c:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi
c:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll
c:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll
c:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll
c:\program files\FlashGet Network\FlashGet 3\fnsLanguage_en.dll
c:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll
c:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll
c:\program files\FlashGet Network\FlashGet 3\game.ico
c:\program files\FlashGet Network\FlashGet 3\gdiplus.dll
c:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe
c:\program files\FlashGet Network\FlashGet 3\id3lib.dll
c:\program files\FlashGet Network\FlashGet 3\libem.dll
c:\program files\FlashGet Network\FlashGet 3\license.txt
c:\program files\FlashGet Network\FlashGet 3\lst_tz.bin
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\P2PCore.dll
c:\program files\FlashGet Network\FlashGet 3\P2SCore.dll
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pncrt.dll
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll
c:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax
c:\program files\FlashGet Network\FlashGet 3\SamplerCli.dll
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\statusbar_ad_bk.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\statusbar_ad_bk_long.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\preview.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\skin.xml
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginfailed.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginsucc.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\msgnotify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\topmain.png
c:\program files\FlashGet Network\FlashGet 3\SnapShot.dll
c:\program files\FlashGet Network\FlashGet 3\storage.dll
c:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe
c:\program files\FlashGet Network\FlashGet 3\uninst.exe
c:\program files\FlashGet Network\FlashGet 3\unrar.dll
c:\program files\FlashGet Network\FlashGet 3\VodCore.dll
c:\program files\FlashGet Network\FlashGet 3\zlib.dll
c:\windows\system32\ieuinit.inf
c:\windows\system32\scrrntr.dll
c:\windows\system32\secustat.dat
.
((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.
2009-10-25 13:40 . 2009-10-25 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-25 13:40 . 2009-10-25 13:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-25 13:14 . 2009-10-25 13:14 -------- d-----w- c:\documents and settings\yakamoz\Local Settings\Application Data\Adobe
2009-10-23 18:40 . 2009-10-23 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Software
2009-10-23 13:23 . 2009-10-23 13:23 -------- d-----w- c:\documents and settings\yakamoz\Application Data\Apple Computer
2009-10-23 13:22 . 2009-10-23 13:22 -------- d-----w- c:\documents and settings\yakamoz\Local Settings\Application Data\Apple Computer
2009-10-23 04:18 . 2009-10-23 04:18 -------- d-----w- C:\Panda Software
2009-10-23 02:01 . 2009-10-23 02:01 -------- d-----w- c:\documents and settings\yakamoz\Local Settings\Application Data\Identities
2009-10-23 01:47 . 2009-10-23 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-10-23 01:20 . 2009-10-23 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-10-23 01:20 . 2009-10-23 01:20 -------- d-----w- c:\program files\IObit
2009-10-23 01:05 . 2009-10-23 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Backup
2009-10-23 01:05 . 2009-10-23 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2009-10-23 00:45 . 2009-10-23 00:45 12912 ----a-w- c:\documents and settings\yakamoz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-22 21:56 . 2009-10-22 21:56 -------- d-----w- c:\documents and settings\yakamoz\Local Settings\Application Data\Winamp Toolbar
2009-10-22 18:45 . 2009-10-22 18:45 -------- d-----w- c:\documents and settings\yakamoz\Local Settings\Application Data\AirTies
2009-10-22 18:43 . 2009-10-22 18:43 -------- d-----w- c:\documents and settings\yakamoz\Local Settings\Application Data\Mozilla
2009-10-21 14:49 . 2009-10-21 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-10-20 11:04 . 2005-01-02 21:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2009-10-20 11:02 . 2009-10-20 11:02 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-10-19 10:34 . 2009-10-19 10:34 -------- d-----w- c:\program files\Winamp Toolbar
2009-10-19 10:34 . 2009-10-19 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2009-10-19 10:33 . 2009-10-24 17:52 -------- d-----w- c:\documents and settings\yakamoz\Application Data\Winamp
2009-10-18 16:00 . 2009-10-18 16:00 -------- d-----w- c:\program files\QuickTime
2009-10-18 16:00 . 2009-10-18 16:00 -------- d-----w- c:\program files\Apple Software Update
2009-10-18 15:59 . 2009-10-18 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-18 15:56 . 2009-10-18 15:56 -------- d-----w- c:\program files\Webteh
2009-10-18 15:47 . 2009-10-18 15:47 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-18 15:47 . 2009-10-18 15:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-18 15:47 . 2009-10-18 15:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-18 15:47 . 2009-10-18 15:47 -------- d-----w- c:\program files\Common Files\Real
2009-10-18 15:47 . 2009-10-18 15:47 -------- d-----w- c:\program files\Real
2009-10-18 15:39 . 2008-02-21 02:05 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-10-18 15:39 . 2008-02-21 02:05 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-10-18 15:39 . 2009-10-23 13:23 -------- d-----w- c:\program files\DivX
2009-10-17 15:25 . 2009-10-25 14:10 7630 ----a-w- c:\windows\system32\secushr.dat
2009-10-14 16:32 . 2009-10-16 14:09 -------- d-----w- c:\program files\2Near
2009-10-13 11:12 . 2009-10-13 11:12 -------- d-----w- c:\program files\DVDVideoSoft
2009-10-07 16:25 . 2001-08-18 02:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-10-07 16:25 . 2001-08-18 02:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-10-07 16:25 . 2001-08-18 02:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-10-07 16:25 . 2001-08-18 02:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-10-07 16:25 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-10-07 16:25 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-10-07 16:25 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-10-07 16:25 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-10-07 16:25 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-10-07 16:25 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-10-07 16:25 . 2001-08-17 18:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-10-07 16:25 . 2001-08-17 18:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-10-06 23:11 . 2009-10-08 10:37 -------- d-----w- c:\documents and settings\yakamoz\Application Data\MessengerDiscovery 2
2009-10-06 23:11 . 2009-10-13 07:29 -------- d-----w- c:\program files\MessengerDiscovery 2
2009-10-06 18:25 . 2009-10-13 07:28 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-06 18:24 . 2009-10-06 18:24 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-06 18:24 . 2009-10-06 18:24 -------- d-----w- c:\windows\system32\LogFiles
2009-10-06 11:11 . 2009-10-06 11:11 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-10-02 09:16 . 2005-07-01 13:56 2969600 ------w- c:\windows\UNNMP.exe
2009-10-02 09:15 . 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-10-02 09:14 . 2009-10-02 09:14 -------- d-----w- c:\program files\Common Files\Nero
2009-10-02 09:13 . 2005-07-01 13:56 2969600 ------w- c:\windows\UNNeroVision.exe
2009-10-02 09:13 . 2001-03-08 16:30 24064 ------w- c:\windows\system32\msxml3a.dll
2009-10-02 09:12 . 2009-10-02 09:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-10-02 09:12 . 2004-07-26 14:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-10-02 09:12 . 2004-07-26 14:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-10-02 09:12 . 2004-07-26 14:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-10-02 09:12 . 2004-07-26 14:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2009-10-02 09:12 . 2004-07-09 06:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2009-10-02 09:12 . 2001-06-26 05:15 38912 ------w- c:\windows\system32\picn20.dll
2009-10-02 09:12 . 2000-06-26 08:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-10-02 09:12 . 2009-10-02 09:12 -------- d-----w- c:\program files\Common Files\Ahead
2009-10-02 09:11 . 2009-10-02 09:16 -------- d-----w- c:\program files\Ahead
2009-10-01 13:21 . 2009-10-01 13:30 -------- d-----w- c:\documents and settings\yakamoz\Application Data\FastStone
2009-09-27 02:13 . 2009-09-27 02:13 -------- d-----w- c:\windows\Sun
2009-09-26 04:37 . 2009-10-16 11:59 -------- d-----w- c:\program files\Common Files\Akamai
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 14:21 . 2001-11-22 12:00 67968 ----a-w- c:\windows\system32\perfc01F.dat
2009-10-25 14:21 . 2001-11-22 12:00 381334 ----a-w- c:\windows\system32\perfh01F.dat
2009-10-25 13:26 . 2009-09-15 20:34 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-23 19:55 . 2009-09-15 20:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-23 14:21 . 2009-09-16 13:44 -------- d-----w- c:\program files\Eset
2009-10-19 10:35 . 2009-09-15 20:28 -------- d-----w- c:\program files\Winamp
2009-10-13 11:12 . 2009-09-15 20:31 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-09-23 23:36 . 2009-09-23 23:36 -------- d-----w- c:\program files\Common Files\snp2std
2009-09-23 23:12 . 2009-09-23 23:12 -------- d-----w- c:\program files\Vimicro
2009-09-23 23:12 . 2009-09-15 20:25 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-16 14:36 . 2009-09-16 14:36 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-16 14:36 . 2009-09-16 14:30 -------- d-----w- c:\program files\Windows Live
2009-09-16 14:33 . 2009-09-16 14:33 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-16 14:32 . 2009-09-16 14:32 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-16 14:31 . 2009-09-16 14:31 -------- d-----w- c:\program files\Microsoft
2009-09-16 14:30 . 2009-09-16 14:30 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-16 14:00 . 2009-09-16 14:00 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-16 13:23 . 2009-09-16 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-09-16 01:35 . 2009-09-15 21:41 -------- d-----w- c:\program files\AirTies
2009-09-15 21:02 . 2009-09-15 21:02 0 ----a-w- c:\windows\nsreg.dat
2009-09-15 20:35 . 2009-09-15 20:34 -------- d-----w- c:\program files\Java
2009-09-15 20:34 . 2009-09-15 20:34 -------- d-----w- c:\program files\Common Files\Java
2009-09-15 20:31 . 2009-09-15 20:31 -------- d-----w- c:\program files\CCleaner
2009-09-15 20:26 . 2009-09-15 20:26 -------- d-----w- c:\documents and settings\yakamoz\Application Data\InstallShield
2009-09-15 20:25 . 2009-09-15 20:25 -------- d-----w- c:\program files\Realtek
2009-09-15 20:25 . 2009-09-15 20:25 315392 ----a-w- c:\windows\HideWin.exe
2009-09-15 20:23 . 2009-09-15 20:23 -------- d-----w- c:\program files\Intel
2009-09-15 20:22 . 2009-09-15 20:22 16608 ----a-w- c:\windows\gdrv.sys
2009-09-15 20:22 . 2009-09-15 20:18 -------- d-----w- c:\program files\Vtune
2009-09-15 20:13 . 2009-09-15 20:13 -------- d-----w- c:\program files\microsoft frontpage
2009-09-15 20:11 . 2009-09-15 20:11 21736 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-05 19:48 . 2009-09-16 14:36 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
.
------- Sigcheck -------
[-] 2006-10-18 18:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 18:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[7] 2004-08-03 21:45 . F94DE505F15DB220B139A1E60BE113C7 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2008-07-10 2154496]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-10-06 3883856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_08\bin\jusched.exe" [2005-03-04 32881]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-29 258048]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-18 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-09-28 1241872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-06-25 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
AirTies ADSL Hizmet Program.lnk - c:\program files\AirTies\ADSL Hizmet Program\AirTies_util3.exe [2009-9-16 2853376]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AirTies\\ADSL Hizmet Programı\\AirTies_util3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [16.09.2009 16:36 54752]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [23.10.2009 03:20 309008]
R3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [16.09.2009 03:34 450944]
S3 fsssvc;Windows Live Aile Koruması Hizmeti;c:\program files\Windows Live\Family Safety\fsssvc.exe [05.08.2009 21:48 704864]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SOACS;SOACS Driver;\??\c:\windows\system32\drivers\soacs.sys --> c:\windows\system32\drivers\soacs.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 11:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Download All by FlashGet3 - c:\documents and settings\yakamoz\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\yakamoz\Application Data\FlashGetBHO\GetUrl.htm
TCP: {3439E7C7-C8C0-4C2D-945A-053405ED003D} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\yakamoz\Application Data\Mozilla\Firefox\Profiles\67tv36yc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tr/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\yakamoz\Application Data\Mozilla\Firefox\Profiles\67tv36yc.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\yakamoz\Application Data\Mozilla\Firefox\Profiles\67tv36yc.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Java\j2re1.4.2_08\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_08\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_08\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_08\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_08\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_08\bin\NPJPI142_08.dll
FF - plugin: c:\program files\Java\j2re1.4.2_08\bin\NPOJI610.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-AirTiesWUS-300 - c:\program files\AirTies\AirTiesWUS-300\WUS300.exe
HKLM-Run-FixCamera - c:\windows\FixCamera.exe
AddRemove-FlashGet 3.0 Beta - c:\program files\FlashGet Network\FlashGet 3\uninst.exe
AddRemove-{BF231D4A-EFB4-14D5-92D4-8992D9158D5D}_is1 - c:\sobee_mynet\Istanbul Kiyamet Vakti\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-10-25 16:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(740)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\combofix\CF14804.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-25 16:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-25 14:35
Pre-Run: 38.652.854.272 bayt boş
Post-Run: 38.624.243.712 bayt boş
- - End Of File - - 0D9B008D00C35FF3AFEA2DDEE318C7D4
quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:10, on 25.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\WINDOWS\tsnp2std.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vtune\TBPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe
C:\Documents and Settings\yakamoz\Belgelerim\İndirilenler\software\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll (file missing)
O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
O1 - Hosts: 208.65.153.251 uk.youtube.com
O1 - Hosts: 208.65.153.253 de.youtube.com
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com
O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com
O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com
O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com
O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com
O1 - Hosts: 64.15.125.33 sjc-v94.sjc.youtube.com
O1 - Hosts: 64.15.125.34 sjc-v95.sjc.youtube.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\yakamoz\Application Data\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [AirTiesWUS-300] C:\Program Files\AirTies\AirTiesWUS-300\WUS300.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download All by FlashGet3 - C:\Documents and Settings\yakamoz\Application Data\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\yakamoz\Application Data\FlashGetBHO\GetUrl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3439E7C7-C8C0-4C2D-945A-053405ED003D}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{3439E7C7-C8C0-4C2D-945A-053405ED003D}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{3439E7C7-C8C0-4C2D-945A-053405ED003D}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 13703 bytes
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:46, on 25.10.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program files\P4G\BatteryLife.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\avira\antivir desktop\avscan.exe
C:\Users\user\Searches\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.5.88.73 wwwstatic.megaupload.com
O1 - Hosts: 174.140.128.5 www01.megaupload.com
O1 - Hosts: 69.5.88.75 static.megaupload.com
O1 - Hosts: 216.155.128.58 redtube.com
O1 - Hosts: 66.55.141.21www.redtube.com
O1 - Hosts: 66.55.141.250 thumbs.redtube.com
O1 - Hosts: 216.155.128.62 ads.redtube.com
O1 - Hosts: 66.55.141.35 dl.redtube.com
O1 - Hosts: 216.155.147.23 dlembed.redtube.com
O1 - Hosts: 66.55.141.20 embed.redtube.com
O1 - Hosts: 74.208.27.228 redtube.com.br
O1 - Hosts: 74.208.27.228www.redtube.com.br
O1 - Hosts: 94.75.218.37 xv122.xvideos.com
O1 - Hosts: 94.75.218.38 xv123.xvideos.com
O1 - Hosts: 94.75.218.39 xv124.xvideos.com
O1 - Hosts: 76.9.6.230 xvideos.com
O1 - Hosts: 76.9.6.238www.xvideos.com
O1 - Hosts: 94.75.218.53 img.xvideos.com
O1 - Hosts: 94.75.218.1 xv100.xvideos.com
O1 - Hosts: 94.75.218.2 xv101.xvideos.com
O1 - Hosts: 94.75.218.3 xv102.xvideos.com
O1 - Hosts: 94.75.218.4 xv103.xvideos.com
O1 - Hosts: 94.75.218.5 xv104.xvideos.com
O1 - Hosts: 94.75.218.6 xv105.xvideos.com
O1 - Hosts: 94.75.218.7 xv106.xvideos.com
O1 - Hosts: 94.75.218.8 xv107.xvideos.com
O1 - Hosts: 94.75.218.9 xv108.xvideos.com
O1 - Hosts: 94.75.218.10 xv109.xvideos.com
O1 - Hosts: 94.75.218.11 xv110.xvideos.com
O1 - Hosts: 94.75.218.12 xv111.xvideos.com
O1 - Hosts: 94.75.218.13 xv112.xvideos.com
O1 - Hosts: 94.75.218.14 xv113.xvideos.com
O1 - Hosts: 94.75.218.15 xv114.xvideos.com
O1 - Hosts: 94.75.218.16 xv115.xvideos.com
O1 - Hosts: 94.75.218.22 xv117.xvideos.com
O1 - Hosts: 94.75.218.33 xv118.xvideos.com
O1 - Hosts: 94.75.218.34 xv119.xvideos.com
O1 - Hosts: 94.75.218.35 xv120.xvideos.com
O1 - Hosts: 94.75.218.36 xv121.xvideos.com
O1 - Hosts: 94.75.218.40 xv125.xvideos.com
O1 - Hosts: 94.75.218.41 xv126.xvideos.com
O1 - Hosts: 94.75.218.42 xv127.xvideos.com
O1 - Hosts: 94.75.218.43 xv128.xvideos.com
O1 - Hosts: 94.75.218.44 xv129.xvideos.com
O1 - Hosts: 94.75.218.45 xv130.xvideos.com
O1 - Hosts: 94.75.218.71 xv140.xvideos.com
O1 - Hosts: 94.75.218.72 xv141.xvideos.com
O1 - Hosts: 94.75.218.73 xv142.xvideos.com
O1 - Hosts: 94.75.218.74 xv143.xvideos.com
O1 - Hosts: 94.75.218.75 xv144.xvideos.com
O1 - Hosts: 94.75.218.76 xv145.xvideos.com
O1 - Hosts: 94.75.218.77 xv146.xvideos.com
O1 - Hosts: 94.75.218.78 xv147.xvideos.com
O1 - Hosts: 94.75.218.79 xv148.xvideos.com
O1 - Hosts: 94.75.218.80 xv149.xvideos.com
O1 - Hosts: 94.75.218.81 xv150.xvideos.com
O1 - Hosts: 94.75.218.88 xv152.xvideos.com
O1 - Hosts: 94.75.218.129 xv153.xvideos.com
O1 - Hosts: 94.75.218.130 xv154.xvideos.com
O1 - Hosts: 94.75.218.131 xv155.xvideos.com
O1 - Hosts: 94.75.218.133 xv156.xvideos.com
O1 - Hosts: 94.75.218.134 xv157.xvideos.com
O1 - Hosts: 94.75.218.137 xv158.xvideos.com
O1 - Hosts: 94.75.218.138 xv159.xvideos.com
O1 - Hosts: 94.75.218.144 xv160.xvideos.com
O1 - Hosts: 94.75.218.145 xv161.xvideos.com
O1 - Hosts: 94.75.218.146 xv162.xvideos.com
O1 - Hosts: 94.75.218.147 xv163.xvideos.com
O1 - Hosts: 94.75.218.148 xv164.xvideos.com
O1 - Hosts: 94.75.218.149 xv165.xvideos.com
O1 - Hosts: 94.75.218.151 xv166.xvideos.com
O1 - Hosts: 94.75.218.152 xv167.xvideos.com
O1 - Hosts: 94.75.218.140 xv168.xvideos.com
O1 - Hosts: 94.75.218.141 xv169.xvideos.com
O1 - Hosts: 94.75.218.142 xv170.xvideos.com
O1 - Hosts: 94.75.218.143 xv171.xvideos.com
O1 - Hosts: 76.9.6.230 s.xvideos.com
O1 - Hosts: 74.86.111.11 youporn.com
O1 - Hosts: 74.86.111.8www.youporn.com
O1 - Hosts: 74.86.111.9 static.youporn.com
O1 - Hosts: 74.86.111.13 download.youporn.com
O1 - Hosts: 67.218.194.35 chat.youporn.com
O1 - Hosts: 87.248.217.165 css.youporn.com
O1 - Hosts: 87.248.217.112 files.youporn.com
O1 - Hosts: 87.248.217.143 ss-1.youporn.com
O1 - Hosts: 87.248.218.171 ss-2.youporn.com
O1 - Hosts: 87.248.217.125 ss-3.youporn.com
O1 - Hosts: 84.16.242.65 server1.files.youporn.com
O1 - Hosts: 85.17.19.37 server6.files.youporn.com
O1 - Hosts: 89.149.209.42 server23.files.youporn.com
O1 - Hosts: 89.149.209.43 server24.files.youporn.com
O1 - Hosts: 89.149.209.44 server25.files.youporn.com
O1 - Hosts: 89.149.209.45 server26.files.youporn.com
O1 - Hosts: 89.149.209.46 server27.files.youporn.com
O1 - Hosts: 89.149.209.48 server28.files.youporn.com
O1 - Hosts: 89.149.209.49 server29.files.youporn.com
O1 - Hosts: 89.149.209.50 server30.files.youporn.com
O1 - Hosts: 89.149.209.51 server31.files.youporn.com
O1 - Hosts: 89.149.208.240 server32.files.youporn.com
O1 - Hosts: 38.103.4.236 server33.files.youporn.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [ZTEEasyAssistant] C:\Program Files\Test Programı\EasyAssistant.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: Justin.tv Publisher -http://www.justin.tv/plugins/justintv_publisher.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC081F50-B94D-469B-BF1C-E7DF448124C3}: NameServer = 84.103.237.144
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 13719 bytes
-
kolay gelsin hocam banada
yardımcı olursan sevinirm..
laptop kullanıyorum son günlerde iyice yavaşladı..bir şey daha soracaktım,,netten bir dosya indirdim,açtıktan sonra kendiliginden kayboldu sanırım virüstü,pc im rundll32 ana bilgisayar kapama gibi bir şeyler yazıyor arada bu sorunu nasıl halledebilirim bir fikrin varmı..tşk ederm şimdididen kolay gelsn
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29:45, on 26.10.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\önder\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Users\NDER~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\K-Lite Codec Pack\Media player Classic\mplayerc.exe
C:\Program Files\K-Lite Codec Pack\Media player Classic\mplayerc.exe
C:\Program Files\K-Lite Codec Pack\Media player Classic\mplayerc.exe
C:\Program Files\K-Lite Codec Pack\Media player Classic\mplayerc.exe
C:\Program Files\K-Lite Codec Pack\Media player Classic\mplayerc.exe
C:\Program Files\K-Lite Codec Pack\Media player Classic\mplayerc.exe
C:\Users\önder\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\önder\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\önder\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\önder\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://tr.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://tr.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [scvhost] mirc.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-2EJ24.exe" /REG
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Yahoo Messengger] C:\Windows\system32\SCVVHSOT.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\önder\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PopRock] C:\Users\NDER~1\AppData\Local\Temp\b.exe
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) -http://download.sopcast.cn/download/SOPCORE.CAB
O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} (JaguarEditControl-ISBANK) -https://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv27.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
-
quote:
Orijinalden alıntı: tcebeci
Bilgisayarda messenger bazan açılıyor bazen açılırken kitlenip kalıyor.
Burada bir problem gozukmuyor .MBAM ile taratin bi eger olmazsa WLM kaldirip application data klasorundeki kalintilari da silip tekrar kurun. -
quote:
Orijinalden alıntı: satore
combo fix raporu
şimdi ne yapmalıyım
Malwarebytes Antimalware adlı programı indirin.
http://www.buraksonmez.com/dosyalar/mbam-setup.exe
* Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
* Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
* Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
* Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
* Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
* Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
* Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
* Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (bilgisayarınızı yeniden başlatmanız gerekebilir.)
* Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.
NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.
quote:
Orijinalden alıntı: Onur Batın
Bunada bakabilir misiniz??
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O1 - Hosts: s127.0.0.1 localhost
O1 - Hosts: Youtube Jacker 4 :)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-
quote:
Orijinalden alıntı: No62
Dostum gene seni yoracağım,
Baya bir temizlik yaptım ama :/
Bu temizlikten sonra ufak bir sorunum çıktı.
Bazı dosyalarımın şekli şemali değişti Resimde göreceksin hocam
Üsteki gibi dosyalar alttaki gibi reg dosyası halinde gösteriyordu nasıl düzelte bilirim :) Olmasada olur ama göz aşinalığı olmayınca kötü oluyor insan bir çırpıda bulamıyor
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.kralliklar.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Ovt Wia] C:\Windows\OV530EM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
Icon Packager adli programi deneyebilirsin. Repair/Restore icons adinda bir buton olmasi gerekiyor yanilmiyorsam, o hepsini geri alir.
-
quote:
Orijinalden alıntı: 51cent
kolay gelsin hocam banada
yardımcı olursan sevinirm..
laptop kullanıyorum son günlerde iyice yavaşladı..bir şey daha soracaktım,,netten bir dosya indirdim,açtıktan sonra kendiliginden kayboldu sanırım virüstü,pc im rundll32 ana bilgisayar kapama gibi bir şeyler yazıyor arada bu sorunu nasıl halledebilirim bir fikrin varmı..tşk ederm şimdididen kolay gelsn
* HijackThis adlı programı açın.
* Do a system scan only seçeneğine tıklayın.
* Aşağıdaki satırları işaretleyin.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://tr.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://tr.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [scvhost] mirc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-2EJ24.exe" /REG
O4 - HKCU\..\Run: [Yahoo Messengger] C:\Windows\system32\SCVVHSOT.exe
O4 - HKCU\..\Run: [PopRock] C:\Users\NDER~1\AppData\Local\Temp\b.exe
* CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. (Yalnızca kullanıcı adınızın karşısındaki işlemleri sonlandırın. Local Service, network, system olanlara dokunmayın). HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.
ComboFix adlı programı masaüstünüze indirin.
http://www.buraksonmez.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
-
Malwarebytes Antimalware adlı programı indirdim ve tarattım ve onunda raporu ilk yazdığımda görev yöneticisi açılmıo diye yazmıştım şimdi açılıyor ama şimdide bilgisayarım kendi kendine kapanmaya başladı durup dururken resetliyo kendini ve hala hiç bir antivirüsü yükleyemiyorum kur dediğim anda kapatıyor
(aradan bir gün geçti ve mesaja eklenti yapmak zorunda kaldım kayıt defteri tekrar kilitledi ve yeni çıkan sorunlarda devam ediyor)
Malwarebytes' Anti-Malware 1.41
Veritabanı sürümü: 3037
Windows 5.1.2600 Service Pack 3
26.10.2009 23:49:22
mbam-log-2009-10-26 (23-49-22).txt
Tarama biçimi: Gelişmiş Tarama (C:\|)
Taranan öğeler: 150691
Geçen süre: 41 minute(s), 44 second(s)
Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 12
Etkilenmiş Kayıt Değerleri: 2
Etkilenmiş Kayıt Verisi Öğeleri: 5
Etkilenmiş Klasörler: 17
Etkilenmiş Dosyalar: 47
Etkilenmiş Hafıza İşlemleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Hafıza Modülleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Anahtarları:
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
Etkilenmiş Kayıt Değerleri:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.
Etkilenmiş Kayıt Verisi Öğeleri:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Etkilenmiş Klasörler:
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.0.21210 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.0.21210\bin (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Files: 853 -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Files: 2091 -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF (Adware.DoubleD) -> Quarantined and deleted successfully.
Etkilenmiş Dosyalar:
C:\Documents and Settings\savaş\Application Data\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll.vir (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP199\A0458799.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP199\A0460000.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP199\A0460989.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP199\A0461991.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP199\A0462996.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP200\A0463050.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP200\A0464410.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP200\A0464515.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP203\A0464763.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP203\A0464856.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP203\A0464937.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP203\A0465068.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP203\A0465199.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP203\A0466176.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP204\A0466285.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP204\A0467459.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP204\A0467813.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP204\A0467955.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP204\A0468082.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP204\A0468474.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP205\A0469858.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP205\A0470128.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP205\A0470547.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP205\A0470746.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP205\A0471743.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP205\A0472125.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP205\A0472502.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP205\A0472557.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76FBBE0-9F4E-4F2B-9284-B73B4ABD8631}\RP205\A0473552.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\uhlo.exe (Worm.Spambot) -> Delete on reboot.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.0.21210\bin\stbup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\savaş\Local Settings\Temporary Internet Files\ISOSetup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
< Bu mesaj bu kişi tarafından değiştirildi satore -- 28 Ekim 2009; 12:12:00 >
-
quote:
Orijinalden alıntı: serji
quote:
Orijinalden alıntı: tcebeci
Bilgisayarda messenger bazan açılıyor bazen açılırken kitlenip kalıyor.
Burada bir problem gozukmuyor .MBAM ile taratin bi eger olmazsa WLM kaldirip application data klasorundeki kalintilari da silip tekrar kurun.
çok teşekkürler -
Slm, Yardımcı olursanız sevinirim
Ben kullanıcı bazımda profosyone zannediyordum kendimi fakat 1 hafta önce bi virüs girdi
klasik kayıt defterini kapatıyor Görev yöneticisini kapatıyor. Kaspersky ile taratmama izin vermiyor Kendiliğinden kapanıyor işin aslı hayran kaldım bu virüse
Yaparım dedim daha önce başka PC lerde yaptım. Kendi PC m de yapamadım. Kimsye yapamadığımı çaktırmadan format atayım dedim.
Sistem de C ve D olarak iki ayrı sürücü var. Formattan sonra driverları kurdum bi baktım aynı virüs yani D sürücüsünden bulaşmış. D de arşivim var silemem.
Hi Jack ile yapabilir miyiz ?
quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:59, on 27.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MK Free Techs\Asistan\Process Viewer.exe
D:\Program Files\FirefoxPortable 3.52 TR\FirefoxPortable.exe
D:\Program Files\FirefoxPortable 3.52 TR\App\firefox\firefox.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\DOCUME~1\Mkrts\LOCALS~1\Temp\pkkica.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Java\jre6\bin\javaw.exe
D:\Harman\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O1 - Hosts: 84.44.114.44 sozluk.sourtimes.org
O1 - Hosts: 84.44.114.44www.sozluk.sourtimes.org
O1 - Hosts: 208.101.43.202 divxplanet.com
O1 - Hosts: 208.101.43.202www.divxplanet.com
O1 - Hosts: 208.101.43.202 forum.divxplanet.com
O1 - Hosts: 83.149.99.113 foreverdivx.net
O1 - Hosts: 83.149.99.113www.foreverdivx.net
O1 - Hosts: 69.5.88.72 megaupload.com
O1 - Hosts: 69.5.88.72www.megaupload.com
O1 - Hosts: 89.149.232.87 sharebus.com
O1 - Hosts: 89.149.232.87www.sharebus.com
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70www.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Reklam Engelleyici'ye ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 8865 bytes
Ip işlemleri
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
